
(iot). In 27th USENIX Security Symposium (USENIX
Security 18), pages 255–272.
He, W., Zhao, V., Morkved, O., Siddiqui, S., Fernandes, E.,
Hester, J., and Ur, B. (2021). Sok: Context sensing
for access control in the adversarial home iot. In 2021
IEEE European Symposium on Security and Privacy
(EuroS&P), pages 37–53. IEEE.
Hsu, K.-H., Chiang, Y.-H., and Hsiao, H.-C. (2019).
Safechain: Securing trigger-action programming from
attack chains. IEEE Transactions on Information
Forensics and Security, 14(10):2607–2622.
IFTTT (2019). If this, then that (ifttt). https://www.ifttt.co
m/. Accessed: 2025-04-28.
Jin, H., Liu, G., Hwang, D., Kumar, S., Agarwal, Y., and
Hong, J. I. (2022). Peekaboo: A hub-based approach
to enable transparency in data processing within smart
homes. In 2022 IEEE Symposium on Security and Pri-
vacy (SP), pages 303–320. IEEE.
Karimi, L., Aldairi, M., Joshi, J., and Abdelhakim, M.
(2021). An automatic attribute based access control
policy extraction from access logs. IEEE Transactions
on Dependable and Secure Computing.
Kulesza, T., Burnett, M., Wong, W.-K., and Stumpf, S.
(2015). Principles of explanatory debugging to per-
sonalize interactive machine learning. In Proceedings
of the 20th international conference on intelligent user
interfaces, pages 126–137.
Lee, H. and Kobsa, A. (2016). Understanding user privacy
in internet of things environments. In 2016 IEEE 3rd
World Forum on Internet of Things (WF-IoT), pages
407–412. IEEE.
Lee, H. and Kobsa, A. (2017). Privacy preference model-
ing and prediction in a simulated campuswide iot en-
vironment. In 2017 IEEE International Conference
on Pervasive Computing and Communications (Per-
Com), pages 276–285. IEEE.
Mazurek, M. L., Arsenault, J., Bresee, J., Gupta, N., Ion, I.,
Johns, C., Lee, D., Liang, Y., Olsen, J., Salmon, B.,
et al. (2010). Access control for home data sharing:
Attitudes, needs and practices. In Proceedings of the
SIGCHI Conference on Human Factors in Computing
Systems, pages 645–654.
McLaughlin, S. (2021). Ifttt pro offers advanced features for
a monthly subscription. https://techxplore.com/news/
2020-09-ifttt-pro-advanced-features-monthly.html.
Accessed: 2025-04-28.
Microsoft Corporation (2019). Microsoft flow: Automate
processes and tasks. https://flow.microsoft.com/.
Accessed: 2025-04-28.
Miller, T. (2019). Explanation in artificial intelligence: In-
sights from the social sciences. Artificial intelligence,
267:1–38.
Molloy, I., Chen, H., Li, T., Wang, Q., Li, N., Bertino, E.,
Calo, S., and Lobo, J. (2010). Mining roles with multi-
ple objectives. ACM Transactions on Information and
System Security (TISSEC), 13(4):1–35.
Naeini, P. E., Bhagavatula, S., Habib, H., Degeling, M.,
Bauer, L., Cranor, L. F., and Sadeh, N. (2017). Pri-
vacy expectations and preferences in an iot world. In
Thirteenth Symposium on Usable Privacy and Secu-
rity (SOUPS 2017), pages 399–412.
Saeidi, M., Calvert, M., Au, A. W., Sarma, A., and Bobba,
R. B. (2020). If this context then that concern: Explor-
ing users’ concerns with ifttt applets. arXiv preprint
arXiv:2012.12518.
Sarker, I. H., Kayes, A., and Watters, P. (2019). Effective-
ness analysis of machine learning classification mod-
els for predicting personalized context-aware smart-
phone usage. Journal of Big Data, 6(1):1–28.
Sikder, A. K., Babun, L., Aksu, H., and Uluagac, A. S.
(2019). Aegis: A context-aware security framework
for smart home systems. In Proceedings of the 35th
Annual Computer Security Applications Conference,
pages 28–41.
Sikder, A. K., Babun, L., Celik, Z. B., Acar, A., Aksu, H.,
McDaniel, P., Kirda, E., and Uluagac, A. S. (2020).
Kratos: Multi-user multi-device-aware access control
system for the smart home. In Proceedings of the 13th
ACM Conference on Security and Privacy in Wireless
and Mobile Networks, pages 1–12.
Smetters, D. K. and Good, N. (2009). How users use ac-
cess control. In Proceedings of the 5th Symposium on
Usable Privacy and Security, pages 1–12.
Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., and Jia,
L. (2017). Some recipes can do more than spoil your
appetite: Analyzing the security and privacy risks of
ifttt recipes. In Proceedings of the 26th International
Conference on World Wide Web, pages 1501–1510.
International World Wide Web Conferences Steering
Committee.
Van Rijsbergen, C. J. (1979). Information retrieval. 2nd.
newton, ma.
Wang, Q., Datta, P., Yang, W., Liu, S., Bates, A., and
Gunter, C. A. (2019). Charting the attack surface
of trigger-action iot platforms. In Proceedings of the
2019 ACM SIGSAC conference on computer and com-
munications security, pages 1439–1453.
Washington State University (2019). Wsc datasets. http:
//casas.wsu.edu/datasets/. Accessed: 2025-04-28.
Xu, Z. and Stoller, S. D. (2014). Mining attribute-based ac-
cess control policies. IEEE Transactions on Depend-
able and Secure Computing, 12(5):533–545.
Yahyazadeh, M., Podder, P., Hoque, E., and Chowdhury, O.
(2019). Expat: Expectation-based policy analysis and
enforcement for appified smart-home platforms. In
Proceedings of the 24th ACM Symposium on Access
Control Models and Technologies, pages 61–72.
Zapier Inc. (2019). Zapier: Automate workflows. https:
//zapier.com/. Accessed: 2025-04-28.
SECRYPT 2025 - 22nd International Conference on Security and Cryptography
442