Household smart devices – internet-connected thermostats, lights, door locks, and more – have increased greatly in popularity. These devices provide convenience, yet can introduce issues related to safety, security, and usability. To better understand device owners’ recent negative experiences with widely deployed smart devices and how those experiences impact the ability to provide a safe environment for users, we conducted an online, survey-based study of 72 participants who have smart devices in their own home. Participants reported struggling to diagnose and recover from power outages and network failures, misattributing some events to hacking. For devices featuring built-in learning, participants reported difficulty avoiding false alarms, communicating complex schedules, and resolving conflicting preferences. Finally, while many smart devices support end-user programming, participants reported fears of breaking the system by writing their own programs. To address these negative experiences, we propose a research agenda for improving the transparency of smart devices.
more »
« less
This content will become publicly available on August 6, 2024
Towards Usable Security Analysis Tools for Trigger-Action Programming
Research has shown that trigger-action programming (TAP)
is an intuitive way to automate smart home IoT devices, but
can also lead to undesirable behaviors. For instance, if two
TAP rules have the same trigger condition, but one locks
a door while the other unlocks it, the user may believe the
door is locked when it is not. Researchers have developed
tools to identify buggy or undesirable TAP programs, but little
work investigates the usability of the different user-interaction
approaches implemented by the various tools.
This paper describes an exploratory study of the usability
and utility of techniques proposed by TAP security analysis
tools. We surveyed 447 Prolific users to evaluate their ability
to write declarative policies, identify undesirable patterns in
TAP rules (anti-patterns), and correct TAP program errors, as
well as to understand whether proposed tools align with users’
needs. We find considerable variation in participants’ success
rates writing policies and identifying anti-patterns. For some
scenarios over 90% of participants wrote an appropriate policy,
while for others nobody was successful. We also find that
participants did not necessarily perceive the TAP anti-patterns
flagged by tools as undesirable. Our work provides insight into
real smart-home users’ goals, highlights the importance of
more rigorous evaluation of users’ needs and usability issues
when designing TAP security tools, and provides guidance to
future tool development and TAP research.
more »
« less
- Award ID(s):
- 2114148
- NSF-PAR ID:
- 10466592
- Publisher / Repository:
- USENIX Association
- Date Published:
- Format(s):
- Medium: X
- Location:
- Anaheim CA
- Sponsoring Org:
- National Science Foundation
More Like this
-
-
Trigger-action programming (TAP) empowers a wide array of users to automate Internet of Things (IoT) devices. However, it can be challenging for users to create completely correct trigger-action programs (TAPs) on the first try, necessitating debugging. While TAP has received substantial research attention, TAP debugging has not. In this paper, we present the first empirical study of users’ end-to-end TAP debugging process, focusing on obstacles users face in debugging TAPs and how well users ultimately fix incorrect automations. To enable this study, we added TAP capabilities to an existing 3-D smart home simulator. Thirty remote participants spent a total of 84 hours debugging TAPs using this simulator. Without additional support, participants were often unable to fix buggy TAPs due to a series of obstacles we document. However, we also found that two novel tools we developed helped participants overcome many of these obstacles and more successfully debug TAPs. These tools collect either implicit or explicit feedback from users about automations that should or should not have happened in the past, using a SAT-solving-based algorithm we developed to automatically modify the TAPs to account for this feedback.more » « less
-
This paper focuses on developing a security mechanism geared towards appified smart-home platforms. Such platforms often expose programming interfaces for developing automation apps that mechanize different tasks among smart sensors and actuators (e.g., automatically turning on the AC when the room temperature is above 80 F). Due to the lack of effective access control mechanisms, these automation apps can not only have unrestricted access to the user's sensitive information (e.g., the user is not at home) but also violate user expectations by performing undesired actions. As users often obtain these apps from unvetted sources, a malicious app can wreak havoc on a smart-home system by either violating the user's security and privacy, or creating safety hazards (e.g., turning on the oven when no one is at home). To mitigate such threats, we propose Expat which ensures that user expectations are never violated by the installed automation apps at runtime. To achieve this goal, Expat provides a platform-agnostic, formal specification language UEI for capturing user expectations of the installed automation apps' behavior. For effective authoring of these expectations (as policies) in UEI, Expat also allows a user to check the desired properties (e.g., consistency, entailment) of them; which due to their formal semantics can be easily discharged by an SMT solver. Expat then enforces UEI policies in situ with an inline reference monitor which can be realized using the same app programming interface exposed by the underlying platform. We instantiate Expat for one of the representative platforms, OpenHAB, and demonstrate it can effectively mitigate a wide array of threats by enforcing user expectations while incurring only modest performance overhead.more » « less
-
End-user programming, particularly trigger-action programming (TAP), is a popular method of letting users express their intent for how smart devices and cloud services interact. Unfortunately, sometimes it can be challenging for users to correctly express their desires through TAP. This paper presents AutoTap, a system that lets novice users easily specify desired properties for devices and services. AutoTap translates these properties to linear temporal logic (LTL) and both automatically synthesizes property-satisfying TAP rules from scratch and repairs existing TAP rules. We designed AutoTap based on a user study about properties users wish to express. Through a second user study, we show that novice users made significantly fewer mistakes when expressing desired behaviors using AutoTap than using TAP rules. Our experiments show that AutoTap is a simple and effective option for expressive end-user programming.more » « less
-
Trigger-action programming (TAP) is a programming model enabling users to connect services and devices by writing if-then rules. As such systems are deployed in increasingly complex scenarios, users must be able to identify programming bugs and reason about how to fix them. We first systematize the temporal paradigms through which TAP systems could express rules. We then identify ten classes of TAP programming bugs related to control flow, timing, and inaccurate user expectations. We report on a 153-participant online study where participants were assigned to a temporal paradigm and shown a series of pre-written TAP rules. Half of the rules exhibited bugs from our ten bug classes. For most of the bug classes, we found that the presence of a bug made it harder for participants to correctly predict the behavior of the rule. Our findings suggest directions for better supporting end-user programmers.more » « less
