Towards Usable Security Analysis Tools for Trigger-Action Programming

McKenna McCall, Eric Zeng, Faysal Hossain Shezan, Mitchell Yang, Lujo Bauer, Abhishek Bichhawat, Camille Cobb, Limin Jia, Yuan Tian

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Research has shown that trigger-action programming (TAP) is an intuitive way to automate smart home IoT devices, but can also lead to undesirable behaviors. For instance, if two TAP rules have the same trigger condition, but one locks a door while the other unlocks it, the user may believe the door is locked when it is not. Researchers have developed tools to identify buggy or undesirable TAP programs, but little work investigates the usability of the different user-interaction approaches implemented by the various tools. This paper describes an exploratory study of the usability and utility of techniques proposed by TAP security analysis tools. We surveyed 447 Prolific users to evaluate their ability to write declarative policies, identify undesirable patterns in TAP rules (anti-patterns), and correct TAP program errors, as well as to understand whether proposed tools align with users’ needs. We find considerable variation in participants’ success rates writing policies and identifying anti-patterns. For some scenarios over 90% of participants wrote an appropriate policy, while for others nobody was successful. We also find that participants did not necessarily perceive the TAP anti-patterns flagged by tools as undesirable. Our work provides insight into real smart-home users’ goals, highlights the importance of more rigorous evaluation of users’ needs and usability issues when designing TAP security tools, and provides guidance to future tool development and TAP research.

Original languageEnglish (US)
Title of host publicationProceedings of the 19th Symposium on Usable Privacy and Security, SOUPS 2023
PublisherUSENIX Association
Pages301-320
Number of pages20
ISBN (Electronic)9781939133366
StatePublished - 2023
Event19th Symposium on Usable Privacy and Security, SOUPS 2023 - Anaheim, United States
Duration: Aug 7 2023Aug 8 2023

Publication series

NameProceedings of the 19th Symposium on Usable Privacy and Security, SOUPS 2023

Conference

Conference19th Symposium on Usable Privacy and Security, SOUPS 2023
Country/TerritoryUnited States
CityAnaheim
Period8/7/238/8/23

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Towards Usable Security Analysis Tools for Trigger-Action Programming'. Together they form a unique fingerprint.

Cite this