Skip to main content
SpringerLink
Log in

Using IFTTT to Express and Enforce UCON Obligations

  • Conference paper
  • First Online:
Information Security Practice and Experience (ISPEC 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11879))

Abstract

If This Then That (IFTTT) is a free and widely used web-based platform where it is possible to create applet chains (Applets) of simple conditional statements that combine different web and smart services. In this paper we propose a methodology to express Usage Control (UCON) obligations in such a way that they can contain valid data in order to trigger such applet chains. The obligations that follow the response of access requests coming from UCON, become a trigger to the IFTTT platform and this enables a more abstract and non application specific mixture of them without each one losing their abstract structure. We will present the architecture and workflow of our approach, also together with a couple of use cases and the evaluation of an implementation of UCON together with a real IFTTT Applet.

This work has been partially funded by EU Funded projects H2020 NeCS, GA #675320, H2020 C3ISP, GA #700294 and EIT Digital HC&IoT.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.oasis-open.org/committees/xacml/.

  2. 2.

    https://www.ifttt.com/.

  3. 3.

    https://www.ifttt.com/maker_webhooks.

  4. 4.

    https://ifttt.com/greeniq.

  5. 5.

    http://bit.ly/2MlxI4i.

References

  1. Carniani, E., D’Arenzo, D., Lazouski, A., Martinelli, F., Mori, P.: Usage control on cloud systems. Future Gen. Comput. Syst. 63(C), 37–55 (2016). https://doi.org/10.1016/j.future.2016.04.010

    Article  Google Scholar 

  2. Chadwick, D., Lischka, M.: Obligation standardization. In: W3C Workshop on Access Control Application Scenarios, pp. 1–5 (2009). https://www.w3.org/2009/policy-ws/papers/Chadwick.pdf

  3. Collina, M., Corazza, G.E., Vanelli-Coralli, A.: Introducing the QEST broker: scaling the IoT by bridging MQTT and REST. In: 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications - (PIMRC), pp. 36–41, September 2012. https://doi.org/10.1109/PIMRC.2012.6362813

  4. Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids. P2P and Services Computing, pp. 133–146. Springer, Heidelberg (2010). https://doi.org/10.1007/978-1-4419-6794-7_11

    Chapter  Google Scholar 

  5. Demchenko, Y., Koeroo, O., de Laat, C., Sagehaug, H.: Extending XACML authorisation model to support policy obligations handling in distributed application. In: Proceedings of the 6th International Workshop on Middleware for Grid Computing, MGC 2008, pp. 5:1–5:6. ACM, New York (2008). https://doi.org/10.1145/1462704.1462709

  6. Faiella, M., Martinelli, F., Mori, P., Saracino, A., Sheikhalishahi, M.: Collaborative attribute retrieval in environment with faulty attribute managers. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 296–303, August 2016. https://doi.org/10.1109/ARES.2016.51

  7. La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Improving MQTT by inclusion of usage control. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 545–560. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-72389-1_43

    Chapter  Google Scholar 

  8. La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Introducing usage control in MQTT. In: Katsikas, S.K., et al. (eds.) SECPRE 2017, CyberICPS 2017. LNCS, vol. 10683, pp. 35–43. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72817-9_3

    Chapter  Google Scholar 

  9. Lazouski, A., Martinelli, F., Mori, P.: Survey: usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010). https://doi.org/10.1016/j.cosrev.2010.02.002

    Article  Google Scholar 

  10. Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful data usage control for Android mobile devices. Int. J. Inf. Secur. 1–25 (2016). https://doi.org/10.1007/s10207-016-0336-y

    Article  Google Scholar 

  11. Marra, A.L., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063, August 2017. https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.352

  12. Martinelli, F., Mori, P.: On usage control for GRID systems. Future Gen. Comput. Syst. 26(7), 1032–1042 (2010). https://doi.org/10.1016/j.future.2009.12.005

    Article  Google Scholar 

  13. Nadkarni, A., Enck, W., Jha, S., Staddon, J.: Policy by Example: An Approach for Security Policy Specification. arXiv preprint arXiv:1707.03967 (2017)

  14. OASIS Standard: eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html

  15. Ovadia, S.: Automate the Internet with “If This Then That” (IFTTT). Behav. Soc. Sci. Libr. 33(4), 208–211 (2014). https://doi.org/10.1080/01639269.2014.964593

    Article  Google Scholar 

  16. Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 57–64. ACM, New York (2002). https://doi.org/10.1145/507711.507722

  17. Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-45608-2_3

    Chapter  MATH  Google Scholar 

  18. Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., Jia, L.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, WWW 2017, pp. 1501–1510. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2017). https://doi.org/10.1145/3038912.3052709

  19. Vorapojpisut, S.: A lightweight framework of home automation systems based on the IFTTT model. JSW 10(12), 1343–1350 (2015)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Istituto di Informatica e Telematica, Consiglio Nazionale delle Ricerche, Pisa, Italy

    Antonio La Marra, Fabio Martinelli, Paolo Mori, Athanasios Rizos & Andrea Saracino

  2. Department of Computer Science, University of Pisa, Pisa, Italy

    Athanasios Rizos

Authors
  1. Antonio La Marra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Fabio Martinelli
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Paolo Mori
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Athanasios Rizos
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Andrea Saracino
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Athanasios Rizos .

Editor information

Editors and Affiliations

  1. Multimedia University, Malacca, Malaysia

    Swee-Huay Heng

  2. University of Malaga, Malaga, Spain

    Javier Lopez

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A. (2019). Using IFTTT to Express and Enforce UCON Obligations. In: Heng, SH., Lopez, J. (eds) Information Security Practice and Experience. ISPEC 2019. Lecture Notes in Computer Science(), vol 11879. Springer, Cham. https://doi.org/10.1007/978-3-030-34339-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-34339-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-34338-5

  • Online ISBN: 978-3-030-34339-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation