Abstract
If This Then That (IFTTT) is a free and widely used web-based platform where it is possible to create applet chains (Applets) of simple conditional statements that combine different web and smart services. In this paper we propose a methodology to express Usage Control (UCON) obligations in such a way that they can contain valid data in order to trigger such applet chains. The obligations that follow the response of access requests coming from UCON, become a trigger to the IFTTT platform and this enables a more abstract and non application specific mixture of them without each one losing their abstract structure. We will present the architecture and workflow of our approach, also together with a couple of use cases and the evaluation of an implementation of UCON together with a real IFTTT Applet.
This work has been partially funded by EU Funded projects H2020 NeCS, GA #675320, H2020 C3ISP, GA #700294 and EIT Digital HC&IoT.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Carniani, E., D’Arenzo, D., Lazouski, A., Martinelli, F., Mori, P.: Usage control on cloud systems. Future Gen. Comput. Syst. 63(C), 37–55 (2016). https://doi.org/10.1016/j.future.2016.04.010
Chadwick, D., Lischka, M.: Obligation standardization. In: W3C Workshop on Access Control Application Scenarios, pp. 1–5 (2009). https://www.w3.org/2009/policy-ws/papers/Chadwick.pdf
Collina, M., Corazza, G.E., Vanelli-Coralli, A.: Introducing the QEST broker: scaling the IoT by bridging MQTT and REST. In: 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications - (PIMRC), pp. 36–41, September 2012. https://doi.org/10.1109/PIMRC.2012.6362813
Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids. P2P and Services Computing, pp. 133–146. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-4419-6794-7_11
Demchenko, Y., Koeroo, O., de Laat, C., Sagehaug, H.: Extending XACML authorisation model to support policy obligations handling in distributed application. In: Proceedings of the 6th International Workshop on Middleware for Grid Computing, MGC 2008, pp. 5:1–5:6. ACM, New York (2008). https://doi.org/10.1145/1462704.1462709
Faiella, M., Martinelli, F., Mori, P., Saracino, A., Sheikhalishahi, M.: Collaborative attribute retrieval in environment with faulty attribute managers. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 296–303, August 2016. https://doi.org/10.1109/ARES.2016.51
La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Improving MQTT by inclusion of usage control. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 545–560. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_43
La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Introducing usage control in MQTT. In: Katsikas, S.K., et al. (eds.) SECPRE 2017, CyberICPS 2017. LNCS, vol. 10683, pp. 35–43. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_3
Lazouski, A., Martinelli, F., Mori, P.: Survey: usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010). https://doi.org/10.1016/j.cosrev.2010.02.002
Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful data usage control for Android mobile devices. Int. J. Inf. Secur. 1–25 (2016). https://doi.org/10.1007/s10207-016-0336-y
Marra, A.L., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063, August 2017. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.352
Martinelli, F., Mori, P.: On usage control for GRID systems. Future Gen. Comput. Syst. 26(7), 1032–1042 (2010). https://doi.org/10.1016/j.future.2009.12.005
Nadkarni, A., Enck, W., Jha, S., Staddon, J.: Policy by Example: An Approach for Security Policy Specification. arXiv preprint arXiv:1707.03967 (2017)
OASIS Standard: eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
Ovadia, S.: Automate the Internet with “If This Then That” (IFTTT). Behav. Soc. Sci. Libr. 33(4), 208–211 (2014). https://doi.org/10.1080/01639269.2014.964593
Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 57–64. ACM, New York (2002). https://doi.org/10.1145/507711.507722
Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45608-2_3
Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., Jia, L.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, WWW 2017, pp. 1501–1510. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2017). https://doi.org/10.1145/3038912.3052709
Vorapojpisut, S.: A lightweight framework of home automation systems based on the IFTTT model. JSW 10(12), 1343–1350 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A. (2019). Using IFTTT to Express and Enforce UCON Obligations. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_12
Download citation
DOI: https://doi.org/10.1007/978-3-030-34339-2_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-34338-5
Online ISBN: 978-3-030-34339-2
eBook Packages: Computer ScienceComputer Science (R0)