Poster: Data Minimization by Construction for Trigger-Action Applications
2023 (English)In: CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security, Association for Computing Machinery, Inc , 2023, p. 3522-3524Conference paper, Published paper (Other academic)
Abstract [en]
Trigger-Action Platforms (TAPs) enable applications to integrate various devices and services otherwise unconnected. Recent features of TAPs introduce additional sources of data such as queries in IFTTT. The current TAPs, like IFTTT, demand that trigger and query services transmit excessive amounts of user data to the TAP. To limit the data to what is actually necessary for the execution to comply with the principle of data minimization, input services should send no more than the necessary data. LazyTAP proposes a new paradigm of data minimization by construction in TAPs, introducing a novel perspective for data collection from input services. While the existing push-all approach of TAPs entails coarse-grained data over-approximation, LazyTAP pulls input data on-demand at the level of attributes, once accessed by the app execution. Thanks to the fine granularity provided by LazyTAP, multiple trigger and query services can be naturally minimized while the behavior of app executions is preserved. In addition, a great benefit of LazyTAP is being seamless for third-party app developers. By leveraging laziness, LazyTAP defers computation and proxies objects to load necessary remote data behind the scenes. Our evaluation study on app benchmarks shows that on average LazyTAP improves minimization by 95% over IFTTT and by 38% over minTAP, with a tolerable performance overhead. This poster goes into further details about LazyTAP and elaborates on its prototype implementation.
Place, publisher, year, edition, pages
Association for Computing Machinery, Inc , 2023. p. 3522-3524
Keywords [en]
Data Minimization, Lazy Computation, Trigger-Action Platforms, 'current, Coarse-grained, Data collection, Data minimizations, Input datas, On demands, Query service, Trigger-action platform, User data, Benchmarking
National Category
Computer Sciences
Identifiers
URN: urn:nbn:se:mdh:diva-65249DOI: 10.1145/3576915.3624376ISI: 001124987203035Scopus ID: 2-s2.0-85179843739ISBN: 9798400700507 (print)OAI: oai:DiVA.org:mdh-65249DiVA, id: diva2:1823977
Conference
30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023, Copenhagen, 26 November 2023 through 30 November 2023
2024-01-032024-01-032024-02-26Bibliographically approved