Poster: Data Minimization by Construction for Trigger-Action Applications
Paper i proceeding, 2023

Trigger-Action Platforms (TAPs) enable applications to integrate various devices and services otherwise unconnected. Recent features of TAPs introduce additional sources of data such as queries in IFTTT. The current TAPs, like IFTTT, demand that trigger and query services transmit excessive amounts of user data to the TAP. To limit the data to what is actually necessary for the execution to comply with the principle of data minimization, input services should send no more than the necessary data. LazyTAP proposes a new paradigm of data minimization by construction in TAPs, introducing a novel perspective for data collection from input services. While the existing push-all approach of TAPs entails coarse-grained data over-approximation, LazyTAP pulls input data on-demand at the level of attributes, once accessed by the app execution. Thanks to the fine granularity provided by LazyTAP, multiple trigger and query services can be naturally minimized while the behavior of app executions is preserved. In addition, a great benefit of LazyTAP is being seamless for third-party app developers. By leveraging laziness, LazyTAP defers computation and proxies objects to load necessary remote data behind the scenes. Our evaluation study on app benchmarks shows that on average LazyTAP improves minimization by 95% over IFTTT and by 38% over minTAP, with a tolerable performance overhead. This poster goes into further details about LazyTAP and elaborates on its prototype implementation.

Data Minimization

Trigger-Action Platforms

Lazy Computation

Författare

Seyed Mohammad Mehdi Ahmadpanah

Chalmers, Data- och informationsteknik, Informationssäkerhet

Daniel Hedin

Chalmers, Data- och informationsteknik, Informationssäkerhet

Mälardalens högskola

Andrei Sabelfeld

Mälardalens högskola

CCS 2023 - Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

3522-3524
9798400700507 (ISBN)

30th ACM SIGSAC Conference on Computer and Communications Security, CCS 2023
Copenhagen, Denmark,

Ämneskategorier

Datavetenskap (datalogi)

Datorsystem

DOI

10.1145/3576915.3624376

Mer information

Senast uppdaterat

2024-01-10