{"id":"https://openalex.org/W2983277367","doi":"https://doi.org/10.1145/3319535.3345662","title":"Charting the Attack Surface of Trigger-Action IoT Platforms","display_name":"Charting the Attack Surface of Trigger-Action IoT Platforms","publication_year":2019,"publication_date":"2019-11-06","ids":{"openalex":"https://openalex.org/W2983277367","doi":"https://doi.org/10.1145/3319535.3345662","mag":"2983277367"},"language":"en","primary_location":{"id":"doi:10.1145/3319535.3345662","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3345662","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3345662","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3345662","any_repository_has_fulltext":null},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100341326","display_name":"Qi Wang","orcid":"https://orcid.org/0000-0002-7517-8888"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Qi Wang","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101917630","display_name":"Pubali Datta","orcid":"https://orcid.org/0009-0005-2026-5465"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Pubali Datta","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100613524","display_name":"Wei Yang","orcid":"https://orcid.org/0000-0002-5338-7347"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wei Yang","raw_affiliation_strings":["University of Texas at Dallas, Dallas, TX, USA"],"affiliations":[{"raw_affiliation_string":"University of Texas at Dallas, Dallas, TX, USA","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100330142","display_name":"Si Liu","orcid":"https://orcid.org/0000-0003-3578-7432"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Si Liu","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5021649580","display_name":"Adam Bates","orcid":"https://orcid.org/0000-0003-1511-4951"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Adam Bates","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5031954035","display_name":"Carl A. Gunter","orcid":"https://orcid.org/0009-0006-6943-0684"},"institutions":[{"id":"https://openalex.org/I157725225","display_name":"University of Illinois Urbana-Champaign","ror":"https://ror.org/047426m28","country_code":"US","type":"education","lineage":["https://openalex.org/I157725225"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Carl A. Gunter","raw_affiliation_strings":["University of Illinois at Urbana-Champaign, Champaign, IL, USA"],"affiliations":[{"raw_affiliation_string":"University of Illinois at Urbana-Champaign, Champaign, IL, USA","institution_ids":["https://openalex.org/I157725225"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100341326"],"corresponding_institution_ids":["https://openalex.org/I157725225"],"apc_list":null,"apc_paid":null,"fwci":16.5267,"has_fulltext":false,"cited_by_count":153,"citation_normalized_percentile":{"value":0.99353061,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":90,"max":100},"biblio":{"volume":null,"issue":null,"first_page":"1439","last_page":"1453"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9993000030517578,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10772","display_name":"Distributed systems and fault tolerance","score":0.9986000061035156,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9966999888420105,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.828544020652771},{"id":"https://openalex.org/keywords/attack-surface","display_name":"Attack surface","score":0.723183274269104},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.6512482762336731},{"id":"https://openalex.org/keywords/software-deployment","display_name":"Software deployment","score":0.6116604208946228},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6036664843559265},{"id":"https://openalex.org/keywords/identification","display_name":"Identification (biology)","score":0.4679723381996155},{"id":"https://openalex.org/keywords/semantics","display_name":"Semantics (computer science)","score":0.44021427631378174},{"id":"https://openalex.org/keywords/software-engineering","display_name":"Software engineering","score":0.21218132972717285},{"id":"https://openalex.org/keywords/programming-language","display_name":"Programming language","score":0.13648724555969238}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.828544020652771},{"id":"https://openalex.org/C2776576444","wikidata":"https://www.wikidata.org/wiki/Q303569","display_name":"Attack surface","level":2,"score":0.723183274269104},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.6512482762336731},{"id":"https://openalex.org/C105339364","wikidata":"https://www.wikidata.org/wiki/Q2297740","display_name":"Software deployment","level":2,"score":0.6116604208946228},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6036664843559265},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.4679723381996155},{"id":"https://openalex.org/C184337299","wikidata":"https://www.wikidata.org/wiki/Q1437428","display_name":"Semantics (computer science)","level":2,"score":0.44021427631378174},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.21218132972717285},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.13648724555969238},{"id":"https://openalex.org/C59822182","wikidata":"https://www.wikidata.org/wiki/Q441","display_name":"Botany","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C86803240","wikidata":"https://www.wikidata.org/wiki/Q420","display_name":"Biology","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3319535.3345662","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3345662","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3345662","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"}],"best_oa_location":{"id":"doi:10.1145/3319535.3345662","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3319535.3345662","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3319535.3345662","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G2251419387","display_name":null,"funder_award_id":"CNS 13-30491,CNS 17-50024,CNS 16-57534","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"grobid_xml":true,"pdf":true},"content_urls":{"pdf":"https://content.openalex.org/works/W2983277367.pdf","grobid_xml":"https://content.openalex.org/works/W2983277367.grobid-xml"},"referenced_works_count":65,"referenced_works":["https://openalex.org/W79696261","https://openalex.org/W1494192115","https://openalex.org/W1579200056","https://openalex.org/W1583869287","https://openalex.org/W1584744886","https://openalex.org/W1787074469","https://openalex.org/W1966590372","https://openalex.org/W1975812213","https://openalex.org/W2007731429","https://openalex.org/W2028970698","https://openalex.org/W2043475427","https://openalex.org/W2044736683","https://openalex.org/W2081840025","https://openalex.org/W2086239403","https://openalex.org/W2120699290","https://openalex.org/W2158396456","https://openalex.org/W2182112800","https://openalex.org/W2232317411","https://openalex.org/W2293605433","https://openalex.org/W2354520588","https://openalex.org/W2399248522","https://openalex.org/W2408302068","https://openalex.org/W2441135008","https://openalex.org/W2460813369","https://openalex.org/W2461749621","https://openalex.org/W2474516640","https://openalex.org/W2508433864","https://openalex.org/W2519460064","https://openalex.org/W2520585910","https://openalex.org/W2531460317","https://openalex.org/W2533712304","https://openalex.org/W2553246593","https://openalex.org/W2605367183","https://openalex.org/W2613352518","https://openalex.org/W2619642597","https://openalex.org/W2751531621","https://openalex.org/W2770057444","https://openalex.org/W2785140982","https://openalex.org/W2785488818","https://openalex.org/W2789198628","https://openalex.org/W2791710451","https://openalex.org/W2793024489","https://openalex.org/W2799096556","https://openalex.org/W2803355841","https://openalex.org/W2885045113","https://openalex.org/W2888971993","https://openalex.org/W2889033824","https://openalex.org/W2889851986","https://openalex.org/W2890188242","https://openalex.org/W2890591751","https://openalex.org/W2896143299","https://openalex.org/W2898785612","https://openalex.org/W2899207158","https://openalex.org/W2899757839","https://openalex.org/W2901599465","https://openalex.org/W2901665206","https://openalex.org/W2913738314","https://openalex.org/W2929305171","https://openalex.org/W2947175569","https://openalex.org/W2950133940","https://openalex.org/W2952566282","https://openalex.org/W2953940064","https://openalex.org/W3098804373","https://openalex.org/W4247780151","https://openalex.org/W4249039926"],"related_works":["https://openalex.org/W2566006169","https://openalex.org/W2770234245","https://openalex.org/W2987774938","https://openalex.org/W632915154","https://openalex.org/W4229499248","https://openalex.org/W4378874356","https://openalex.org/W2369811061","https://openalex.org/W3089997100","https://openalex.org/W620798607","https://openalex.org/W206344523"],"abstract_inverted_index":{"Internet":[0],"of":[1,70,85,109,123,164,184,222,229,253],"Things":[2],"(IoT)":[3],"deployments":[4,73,216,232],"are":[5,40,48,61,74,176],"becoming":[6],"increasingly":[7],"automated":[8],"and":[9,32,141],"vastly":[10],"more":[11],"complex.":[12],"Facilitated":[13],"by":[14,28],"programming":[15],"abstractions":[16],"such":[17,59,174],"as":[18,100],"trigger-action":[19,71,89,115,197],"rules,":[20],"end-users":[21],"can":[22],"now":[23],"easily":[24],"create":[25],"new":[26],"functionalities":[27],"interconnecting":[29],"their":[30,95],"devices":[31],"other":[33],"online":[34],"services.":[35],"However,":[36],"when":[37],"multiple":[38],"rules":[39,90],"simultaneously":[41],"enabled,":[42],"complex":[43],"system":[44,133],"behaviors":[45],"arise":[46],"that":[47,58,112,134,159,173,193,227],"difficult":[49,177],"to":[50,93,129,144,178],"understand":[51],"or":[52],"diagnose.":[53],"While":[54],"history":[55],"tells":[56],"us":[57],"conditions":[60],"ripe":[62],"for":[63,211,240],"exploitation,":[64],"at":[65],"present":[66,130],"the":[67,86,107,121,161,181,219,230,234,238,247,250],"security":[68,96],"states":[69],"IoT":[72,149,166,185,215,254],"largely":[75],"unknown.":[76],"In":[77],"this":[78],"work,":[79],"we":[80,104,126,169,190],"conduct":[81],"a":[82,132,207],"comprehensive":[83],"analysis":[84],"interactions":[87],"between":[88],"in":[91,120,171,195,233],"order":[92],"identify":[94],"risks.":[97],"Using":[98],"IFTTT":[99,224,235],"an":[101,154,165],"exemplar":[102],"platform,":[103],"first":[105],"enumerate":[106],"space":[108],"inter-rule":[110,146,241],"vulnerabilities":[111,147],"exist":[113],"within":[114,148],"platforms.":[116,186],"To":[117,187],"aid":[118],"users":[119],"identification":[122],"these":[124,244],"dangers,":[125],"go":[127],"on":[128,201,218],"iRuler,":[131],"performs":[135],"Satisfiability":[136],"Modulo":[137],"Theories":[138],"(SMT)":[139],"solving":[140],"model":[142,158],"checking":[143],"discover":[145,170],"deployments.":[150],"iRuler":[151],"operates":[152],"over":[153],"abstracted":[155],"information":[156,198],"flow":[157],"represents":[160],"attack":[162],"surface":[163],"deployment,":[167],"but":[168],"practice":[172],"models":[175],"obtain":[179],"given":[180],"closed":[182],"nature":[183],"address":[188],"this,":[189],"develop":[191,206],"methods":[192],"assist":[194],"inferring":[196],"flows":[199],"based":[200,217],"Natural":[202],"Language":[203],"Processing.":[204],"We":[205],"novel":[208],"evaluative":[209],"methodology":[210],"approximating":[212],"plausible":[213],"real-world":[214,251],"installation":[220],"counts":[221],"315,393":[223],"applets,":[225],"determining":[226],"66%":[228],"synthetic":[231],"ecosystem":[236],"exhibit":[237],"potential":[239],"vulnerabilities.":[242],"Combined,":[243],"efforts":[245],"provide":[246],"insight":[248],"into":[249],"dangers":[252],"deployment":[255],"misconfigurations.":[256]},"counts_by_year":[{"year":2026,"cited_by_count":1},{"year":2025,"cited_by_count":12},{"year":2024,"cited_by_count":29},{"year":2023,"cited_by_count":22},{"year":2022,"cited_by_count":26},{"year":2021,"cited_by_count":42},{"year":2020,"cited_by_count":20},{"year":2019,"cited_by_count":1}],"updated_date":"2026-04-10T15:06:20.359241","created_date":"2025-10-10T00:00:00"}