Trigger-Action platforms are web-based systems
that enable users to create automation rules by stitching together
online services representing digital and physical resources using
OAuth tokens. Unfortunately, these platforms introduce a longrange
large-scale security risk: If they are compromised, an
attacker can misuse the OAuth tokens belonging to a large
number of users to arbitrarily manipulate their devices and data.
We introduce Decentralized Action Integrity, a security principle
that prevents an untrusted trigger-action platform from misusing
compromised OAuth tokens in ways that are inconsistent with any
given user’s set of trigger-action rules. We present the design and
evaluation of Decentralized Trigger-Action Platform (DTAP), a
trigger-action platform that implements this principle by overcoming
practical challenges. DTAP splits currently monolithic
platform designs into an untrusted cloud service, and a set of user
clients (each user only trusts their client). Our design introduces
the concept of Transfer Tokens (XTokens) to practically use finegrained
rule-specific tokens without increasing the number of
OAuth permission prompts compared to current platforms. Our
evaluation indicates that DTAP poses negligible overhead: it adds
less than 15ms of latency to rule execution time, and reduces
throughput by 2.5%.
more »
« less
Action Completeness Modeling with Background Aware Networks for Weakly-Supervised Temporal Action Localization
More Like this
-
-
Academic institutions have always been seen as centers of education and knowledge production, but the information generated by each institution is usually siloed. To increase global competitiveness, especially in STEM, sharing knowledge across institutions is necessary. At inception, our central hypothesis was that an inter-institutional approach to educational transformation, one that was centered on democratizing the practice of innovation across institutional boundaries, would effectively prepare the next generation of innovators and engineers to address systemic and institutional racism and whiteness within STEM. One of the ways we wanted to tackle this was by community engagement. Community engagement in some phases of engineering projects is known worldwide. However, community engagement in all phases, including the grant writing process, is minimal.more » « less