Practical Data Access Minimization in Trigger-Action Platforms

Abstract:
Trigger-Action Platforms (TAPs) connect disparate online services and enable users to create automation rules in diverse domains such as smart homes and business productivity. Unfortunately, the current TAP
design is flawed from a privacy perspective, since it has unfettered access to sensitive user data. We point out that TAPs suffer from two types of overprivilege: (1) attribute-level, where it has access to more data attributes than it needs for running user-created rules; and (2) token-level, where it has access to more APIs than it needs. To mitigate overprivilege and subsequent privacy concerns we design and implement minTAP, a practical approach to data access minimization in TAPs. Our key insight is that the semantics of a user-created automation rule implicitly specifies the minimal amount of data it needs. This allows minTAP to leverage language-based data minimization to apply the principle of least-privilege by releasing only the necessary attributes of user data to the TAP. Using real user-created rules on the popular IFTTT TAP, we demonstrate that minTAP on average sanitizes a median of 4 sensitive data attributes per rule, with modest performance overhead and without modifying IFTTT.Joint work with Yunang Chen, Mohannad Alhanahnah, Rahul Chatterjee, and Earlence Fernandes, to appear in USENIX Security 2022.

Bio:
Andrei Sabelfeld is Professor at Chalmers University of Technology. Before joining Chalmers as faculty, he was a Research Associate at Cornell University in Ithaca, NY, USA. Andrei Sabelfeld's research ranges from foundations to practice in a range of topics in computer security and privacy. He is a recipient of a number of prestigious prizes and awards from ERC, SSF, VR, Chalmers, Google, and Facebook. Today, he leads a group of researchers at Chalmers engaged in a number of internationally visible projects on software security, web security, IoT security, and applied cryptography.