Learning Personalized and Context-Aware Violation Detection Rules in Trigger-Action Apps

Mahsa Saeidi; Sai Sree Laya Chukkapalli; Anita Sarma; Rakesh  B. Bobba

doi:10.5220/0013528800003979

Learning Personalized and Context-Aware Violation Detection Rules in Trigger-Action Apps

Mahsa Saeidi, Sai Sree Laya Chukkapalli, Anita Sarma, Rakesh B. Bobba

2025

Abstract

Trigger-action apps are being increasingly used by end users to connect smart devices and online services to create new functionality. However, these apps can cause undesirable implicit information flows (secrecy violation) or lead to unintended accesses (integrity violation) depending on the usage context. Existing solutions designed to address such risks rely on predefined rules to control and mitigate such implicit information flows or unintended accesses. However, defining such rules is difficult for end users. In this work, we propose a learning-based approach to learn rules that flag violating situations based on the usage context. We also propose a set of reduction steps to reduce the complexity of the learned rules. We are able to achieve a good F1-measure in predicting both secrecy (0.80) and integrity (0.73) violations and achieve 77% and 74% complexity reduction while maintaining 88% and 97% of the original performance of the secrecy and integrity violation prediction, respectively.

Download

Paper Citation

in Harvard Style

Saeidi M., Chukkapalli S., Sarma A. and Bobba R. (2025). Learning Personalized and Context-Aware Violation Detection Rules in Trigger-Action Apps. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 429-442. DOI: 10.5220/0013528800003979

in Bibtex Style

@conference{secrypt25,
author={Mahsa Saeidi and Sai Sree Laya Chukkapalli and Anita Sarma and Rakesh Bobba},
title={Learning Personalized and Context-Aware Violation Detection Rules in Trigger-Action Apps},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={429-442},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013528800003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Learning Personalized and Context-Aware Violation Detection Rules in Trigger-Action Apps
SN - 978-989-758-760-3
AU - Saeidi M.
AU - Chukkapalli S.
AU - Sarma A.
AU - Bobba R.
PY - 2025
SP - 429
EP - 442
DO - 10.5220/0013528800003979
PB - SciTePress