Advertisement

Using IFTTT to Express and Enforce UCON Obligations

  • Antonio La Marra
  • Fabio Martinelli
  • Paolo Mori
  • Athanasios RizosEmail author
  • Andrea Saracino
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11879)

Abstract

If This Then That (IFTTT) is a free and widely used web-based platform where it is possible to create applet chains (Applets) of simple conditional statements that combine different web and smart services. In this paper we propose a methodology to express Usage Control (UCON) obligations in such a way that they can contain valid data in order to trigger such applet chains. The obligations that follow the response of access requests coming from UCON, become a trigger to the IFTTT platform and this enables a more abstract and non application specific mixture of them without each one losing their abstract structure. We will present the architecture and workflow of our approach, also together with a couple of use cases and the evaluation of an implementation of UCON together with a real IFTTT Applet.

Keywords

Access Control IFTTT Internet of Things Obligations Usage Control XACML 

References

  1. 1.
    Carniani, E., D’Arenzo, D., Lazouski, A., Martinelli, F., Mori, P.: Usage control on cloud systems. Future Gen. Comput. Syst. 63(C), 37–55 (2016).  https://doi.org/10.1016/j.future.2016.04.010CrossRefGoogle Scholar
  2. 2.
    Chadwick, D., Lischka, M.: Obligation standardization. In: W3C Workshop on Access Control Application Scenarios, pp. 1–5 (2009). https://www.w3.org/2009/policy-ws/papers/Chadwick.pdf
  3. 3.
    Collina, M., Corazza, G.E., Vanelli-Coralli, A.: Introducing the QEST broker: scaling the IoT by bridging MQTT and REST. In: 2012 IEEE 23rd International Symposium on Personal, Indoor and Mobile Radio Communications - (PIMRC), pp. 36–41, September 2012.  https://doi.org/10.1109/PIMRC.2012.6362813
  4. 4.
    Colombo, M., Lazouski, A., Martinelli, F., Mori, P.: A proposal on enhancing XACML with continuous usage control features. In: Desprez, F., Getov, V., Priol, T., Yahyapour, R. (eds.) Grids. P2P and Services Computing, pp. 133–146. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-1-4419-6794-7_11CrossRefGoogle Scholar
  5. 5.
    Demchenko, Y., Koeroo, O., de Laat, C., Sagehaug, H.: Extending XACML authorisation model to support policy obligations handling in distributed application. In: Proceedings of the 6th International Workshop on Middleware for Grid Computing, MGC 2008, pp. 5:1–5:6. ACM, New York (2008).  https://doi.org/10.1145/1462704.1462709
  6. 6.
    Faiella, M., Martinelli, F., Mori, P., Saracino, A., Sheikhalishahi, M.: Collaborative attribute retrieval in environment with faulty attribute managers. In: 2016 11th International Conference on Availability, Reliability and Security (ARES), pp. 296–303, August 2016.  https://doi.org/10.1109/ARES.2016.51
  7. 7.
    La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Improving MQTT by inclusion of usage control. In: Wang, G., Atiquzzaman, M., Yan, Z., Choo, K.K.R. (eds.) SpaCCS 2017. LNCS, vol. 10656, pp. 545–560. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-72389-1_43CrossRefGoogle Scholar
  8. 8.
    La Marra, A., Martinelli, F., Mori, P., Rizos, A., Saracino, A.: Introducing usage control in MQTT. In: Katsikas, S.K., et al. (eds.) SECPRE 2017, CyberICPS 2017. LNCS, vol. 10683, pp. 35–43. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-72817-9_3CrossRefGoogle Scholar
  9. 9.
    Lazouski, A., Martinelli, F., Mori, P.: Survey: usage control in computer security: a survey. Comput. Sci. Rev. 4(2), 81–99 (2010).  https://doi.org/10.1016/j.cosrev.2010.02.002CrossRefGoogle Scholar
  10. 10.
    Lazouski, A., Martinelli, F., Mori, P., Saracino, A.: Stateful data usage control for Android mobile devices. Int. J. Inf. Secur. 1–25 (2016).  https://doi.org/10.1007/s10207-016-0336-yCrossRefGoogle Scholar
  11. 11.
    Marra, A.L., Martinelli, F., Mori, P., Saracino, A.: Implementing usage control in internet of things: a smart home use case. In: 2017 IEEE Trustcom/BigDataSE/ICESS, pp. 1056–1063, August 2017.  https://doi.org/10.1109/Trustcom/BigDataSE/ICESS.2017.352
  12. 12.
    Martinelli, F., Mori, P.: On usage control for GRID systems. Future Gen. Comput. Syst. 26(7), 1032–1042 (2010).  https://doi.org/10.1016/j.future.2009.12.005CrossRefGoogle Scholar
  13. 13.
    Nadkarni, A., Enck, W., Jha, S., Staddon, J.: Policy by Example: An Approach for Security Policy Specification. arXiv preprint arXiv:1707.03967 (2017)
  14. 14.
    OASIS Standard: eXtensible Access Control Markup Language (XACML) Version 3.0, January 2013. http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html
  15. 15.
    Ovadia, S.: Automate the Internet with “If This Then That” (IFTTT). Behav. Soc. Sci. Libr. 33(4), 208–211 (2014).  https://doi.org/10.1080/01639269.2014.964593CrossRefGoogle Scholar
  16. 16.
    Park, J., Sandhu, R.: Towards usage control models: beyond traditional access control. In: Proceedings of the Seventh ACM Symposium on Access Control Models and Technologies, SACMAT 2002, pp. 57–64. ACM, New York (2002).  https://doi.org/10.1145/507711.507722
  17. 17.
    Samarati, P., de Vimercati, S.C.: Access control: policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, pp. 137–196. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-45608-2_3CrossRefzbMATHGoogle Scholar
  18. 18.
    Surbatovich, M., Aljuraidan, J., Bauer, L., Das, A., Jia, L.: Some recipes can do more than spoil your appetite: analyzing the security and privacy risks of IFTTT recipes. In: Proceedings of the 26th International Conference on World Wide Web, WWW 2017, pp. 1501–1510. International World Wide Web Conferences Steering Committee, Republic and Canton of Geneva, Switzerland (2017).  https://doi.org/10.1145/3038912.3052709
  19. 19.
    Vorapojpisut, S.: A lightweight framework of home automation systems based on the IFTTT model. JSW 10(12), 1343–1350 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Antonio La Marra
    • 1
  • Fabio Martinelli
    • 1
  • Paolo Mori
    • 1
  • Athanasios Rizos
    • 1
    • 2
    Email author
  • Andrea Saracino
    • 1
  1. 1.Istituto di Informatica e TelematicaConsiglio Nazionale delle RicerchePisaItaly
  2. 2.Department of Computer ScienceUniversity of PisaPisaItaly

Personalised recommendations