{"id":"https://openalex.org/W3182238712","doi":"https://doi.org/10.1145/3460319.3464838","title":"Identifying privacy weaknesses from multi-party trigger-action integration platforms","display_name":"Identifying privacy weaknesses from multi-party trigger-action integration platforms","publication_year":2021,"publication_date":"2021-07-08","ids":{"openalex":"https://openalex.org/W3182238712","doi":"https://doi.org/10.1145/3460319.3464838","mag":"3182238712"},"language":"en","primary_location":{"id":"doi:10.1145/3460319.3464838","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460319.3464838","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://figshare.com/articles/conference_contribution/Identifying_Privacy_Weaknesses_from_Multi-party_Trigger-Action_Integration_Platforms/20581653","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5002467231","display_name":"Kulani Mahadewa","orcid":"https://orcid.org/0000-0002-2388-1790"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":true,"raw_author_name":"Kulani Mahadewa","raw_affiliation_strings":["National University of Singapore, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5011143142","display_name":"Yanjun Zhang","orcid":null},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Yanjun Zhang","raw_affiliation_strings":["University of Queensland, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Queensland, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5015858067","display_name":"Guangdong Bai","orcid":"https://orcid.org/0000-0002-6390-9890"},"institutions":[{"id":"https://openalex.org/I165143802","display_name":"The University of Queensland","ror":"https://ror.org/00rqy9422","country_code":"AU","type":"education","lineage":["https://openalex.org/I165143802"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Guangdong Bai","raw_affiliation_strings":["University of Queensland, Australia"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"University of Queensland, Australia","institution_ids":["https://openalex.org/I165143802"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5029676029","display_name":"Lei Bu","orcid":"https://orcid.org/0000-0003-0517-7801"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Lei Bu","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5037713727","display_name":"Zhiqiang Zuo","orcid":"https://orcid.org/0000-0002-4566-7488"},"institutions":[{"id":"https://openalex.org/I881766915","display_name":"Nanjing University","ror":"https://ror.org/01rxvg760","country_code":"CN","type":"education","lineage":["https://openalex.org/I881766915"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhiqiang Zuo","raw_affiliation_strings":["Nanjing University, China"],"raw_orcid":"https://orcid.org/0000-0002-4566-7488","affiliations":[{"raw_affiliation_string":"Nanjing University, China","institution_ids":["https://openalex.org/I881766915"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5088564385","display_name":"D. L. P. T. Fernando","orcid":null},"institutions":[{"id":"https://openalex.org/I192365124","display_name":"Sri Lanka Institute of Information Technology","ror":"https://ror.org/00fhk4582","country_code":"LK","type":"education","lineage":["https://openalex.org/I192365124"]},{"id":"https://openalex.org/I4387152933","display_name":"Sri Lanka Technological Campus","ror":"https://ror.org/02d4te065","country_code":null,"type":"education","lineage":["https://openalex.org/I4387152933"]}],"countries":["LK"],"is_corresponding":false,"raw_author_name":"Dileepa Fernando","raw_affiliation_strings":["Sri Lanka Technological Campus, Sri Lanka"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Sri Lanka Technological Campus, Sri Lanka","institution_ids":["https://openalex.org/I192365124","https://openalex.org/I4387152933"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5084611756","display_name":"Zhenkai Liang","orcid":"https://orcid.org/0000-0001-7138-5030"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Zhenkai Liang","raw_affiliation_strings":["National University of Singapore, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5085067496","display_name":"Jin Song Dong","orcid":"https://orcid.org/0000-0002-6512-8326"},"institutions":[{"id":"https://openalex.org/I165932596","display_name":"National University of Singapore","ror":"https://ror.org/01tgyzw49","country_code":"SG","type":"education","lineage":["https://openalex.org/I165932596"]}],"countries":["SG"],"is_corresponding":false,"raw_author_name":"Jin Song Dong","raw_affiliation_strings":["National University of Singapore, Singapore"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"National University of Singapore, Singapore","institution_ids":["https://openalex.org/I165932596"]}]}],"institutions":[],"countries_distinct_count":4,"institutions_distinct_count":8,"corresponding_author_ids":["https://openalex.org/A5002467231"],"corresponding_institution_ids":["https://openalex.org/I165932596"],"apc_list":null,"apc_paid":null,"fwci":3.5469,"has_fulltext":false,"cited_by_count":25,"citation_normalized_percentile":{"value":0.93678084,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":89,"max":99},"biblio":{"volume":null,"issue":null,"first_page":"2","last_page":"15"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9975000023841858,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9973999857902527,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9970999956130981,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.741544246673584},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6535688042640686},{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.5131352543830872},{"id":"https://openalex.org/keywords/privilege","display_name":"Privilege (computing)","score":0.4768858253955841},{"id":"https://openalex.org/keywords/internet-privacy","display_name":"Internet privacy","score":0.46817702054977417},{"id":"https://openalex.org/keywords/revocation","display_name":"Revocation","score":0.4599780738353729},{"id":"https://openalex.org/keywords/surprise","display_name":"Surprise","score":0.436332106590271},{"id":"https://openalex.org/keywords/action","display_name":"Action (physics)","score":0.41388657689094543},{"id":"https://openalex.org/keywords/overhead","display_name":"Overhead (engineering)","score":0.28089505434036255}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.741544246673584},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6535688042640686},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.5131352543830872},{"id":"https://openalex.org/C2780138299","wikidata":"https://www.wikidata.org/wiki/Q3404265","display_name":"Privilege (computing)","level":2,"score":0.4768858253955841},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.46817702054977417},{"id":"https://openalex.org/C2775892892","wikidata":"https://www.wikidata.org/wiki/Q6509517","display_name":"Revocation","level":3,"score":0.4599780738353729},{"id":"https://openalex.org/C2780343955","wikidata":"https://www.wikidata.org/wiki/Q333173","display_name":"Surprise","level":2,"score":0.436332106590271},{"id":"https://openalex.org/C2780791683","wikidata":"https://www.wikidata.org/wiki/Q846785","display_name":"Action (physics)","level":2,"score":0.41388657689094543},{"id":"https://openalex.org/C2779960059","wikidata":"https://www.wikidata.org/wiki/Q7113681","display_name":"Overhead (engineering)","level":2,"score":0.28089505434036255},{"id":"https://openalex.org/C15744967","wikidata":"https://www.wikidata.org/wiki/Q9418","display_name":"Psychology","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.0},{"id":"https://openalex.org/C77805123","wikidata":"https://www.wikidata.org/wiki/Q161272","display_name":"Social psychology","level":1,"score":0.0},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3460319.3464838","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3460319.3464838","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis","raw_type":"proceedings-article"},{"id":"pmh:oai:figshare.com:article/20581653","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Identifying_Privacy_Weaknesses_from_Multi-party_Trigger-Action_Integration_Platforms/20581653","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},{"id":"pmh:oai:research-repository.griffith.edu.au:10072/406945","is_oa":true,"landing_page_url":"http://hdl.handle.net/10072/406945","pdf_url":null,"source":{"id":"https://openalex.org/S4306402548","display_name":"Griffith Research Online (Griffith University, Queensland, Australia)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I11701301","host_organization_name":"Griffith University","host_organization_lineage":["https://openalex.org/I11701301"],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Conference output"}],"best_oa_location":{"id":"pmh:oai:figshare.com:article/20581653","is_oa":true,"landing_page_url":"https://figshare.com/articles/conference_contribution/Identifying_Privacy_Weaknesses_from_Multi-party_Trigger-Action_Integration_Platforms/20581653","pdf_url":null,"source":{"id":"https://openalex.org/S4377196282","display_name":"Figshare","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I4210132348","host_organization_name":"Figshare (United Kingdom)","host_organization_lineage":["https://openalex.org/I4210132348"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"","raw_type":"Text"},"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.699999988079071}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":41,"referenced_works":["https://openalex.org/W1939882552","https://openalex.org/W1997199359","https://openalex.org/W2003797911","https://openalex.org/W2073459066","https://openalex.org/W2089745089","https://openalex.org/W2290364824","https://openalex.org/W2401617229","https://openalex.org/W2474516640","https://openalex.org/W2508433864","https://openalex.org/W2519460064","https://openalex.org/W2575029217","https://openalex.org/W2605367183","https://openalex.org/W2613352518","https://openalex.org/W2619405973","https://openalex.org/W2734941459","https://openalex.org/W2751531621","https://openalex.org/W2752929869","https://openalex.org/W2766106797","https://openalex.org/W2791018263","https://openalex.org/W2791710451","https://openalex.org/W2801040906","https://openalex.org/W2889033824","https://openalex.org/W2889851986","https://openalex.org/W2890188242","https://openalex.org/W2890559797","https://openalex.org/W2890591751","https://openalex.org/W2892737606","https://openalex.org/W2896143299","https://openalex.org/W2908004760","https://openalex.org/W2947175569","https://openalex.org/W2952730772","https://openalex.org/W2953940064","https://openalex.org/W2963846158","https://openalex.org/W2965747649","https://openalex.org/W2971365996","https://openalex.org/W2971879009","https://openalex.org/W2973466028","https://openalex.org/W2983277367","https://openalex.org/W2995926045","https://openalex.org/W3024271340","https://openalex.org/W3098804373"],"related_works":["https://openalex.org/W4236382845","https://openalex.org/W2600062742","https://openalex.org/W2321709401","https://openalex.org/W2004104370","https://openalex.org/W4388712630","https://openalex.org/W2481168998","https://openalex.org/W2898075319","https://openalex.org/W2825206345","https://openalex.org/W2174969786","https://openalex.org/W2354571327"],"abstract_inverted_index":{"With":[0],"many":[1],"trigger-action":[2,81,132],"platforms":[3,83],"that":[4,90,125,160,173],"integrate":[5],"Internet":[6],"of":[7,63,96,122,144,151],"Things":[8],"(IoT)":[9],"systems":[10,98],"and":[11,19,45,50,61,65,99,210],"online":[12],"services,":[13],"rich":[14],"functionalities":[15],"transparently":[16],"connecting":[17],"digital":[18],"physical":[20],"worlds":[21],"become":[22],"easily":[23],"accessible":[24],"for":[25],"the":[26,30,57,76,94,117,126,131,142,145,149,158,164,181],"end":[27],"users.":[28],"On":[29],"other":[31],"hand,":[32],"such":[33],"facilities":[34],"incorporate":[35],"multiple":[36],"parties":[37],"whose":[38],"data":[39],"control":[40,201],"policies":[41],"may":[42,54,91],"radically":[43],"differ":[44],"even":[46],"contradict":[47],"each":[48,186],"other,":[49],"thus":[51],"privacy":[52,77,88,114,174],"violations":[53,89,175],"arise":[55,92],"throughout":[56],"lifecycle":[58],"(e.g.,":[59],"generation":[60],"transmission)":[62],"triggers":[64],"actions.":[66],"In":[67],"this":[68,103],"work,":[69],"we":[70,105,171],"conduct":[71],"an":[72],"in-depth":[73],"study":[74],"on":[75,102,157],"issues":[78],"in":[79],"multi-party":[80],"integration":[82,95],"(TAIPs).":[84],"We":[85,147],"first":[86],"characterize":[87],"with":[93,195],"heterogeneous":[97],"services.":[100],"Based":[101],"knowledge,":[104],"propose":[106],"Taifu,":[107],"a":[108,188],"dynamic":[109],"testing":[110],"approach":[111,153],"to":[112,140],"identify":[113],"weaknesses":[115],"from":[116,187],"TAIP.":[118,146],"The":[119],"key":[120],"insight":[121],"Taifu":[123,191],"is":[124],"applets":[127],"which":[128],"actually":[129],"program":[130],"rules":[133],"can":[134],"be":[135],"used":[136],"as":[137],"test":[138],"cases":[139,194],"explore":[141],"behavior":[143],"evaluate":[148],"effectiveness":[150],"our":[152,168],"by":[154],"applying":[155],"it":[156],"TAIPs":[159],"are":[161,176],"built":[162],"around":[163],"IFTTT":[165],"platform.":[166],"To":[167],"great":[169],"surprise,":[170],"find":[172],"prevalent":[177],"among":[178],"them.":[179],"Using":[180],"automatically":[182],"generated":[183],"407":[184],"applets,":[185],"different":[189],"TAIP,":[190],"detects":[192],"194":[193],"access":[196,200,204],"policy":[197],"breaches,":[198],"218":[199],"missing,":[202,206],"90":[203],"revocation":[205],"15":[207],"unintended":[208],"flows,":[209],"73":[211],"over-privilege":[212],"access.":[213]},"counts_by_year":[{"year":2025,"cited_by_count":2},{"year":2024,"cited_by_count":7},{"year":2023,"cited_by_count":7},{"year":2022,"cited_by_count":8},{"year":2021,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}