Learning Personalized and Context-Aware Violation Detection Rules in Trigger-Action Apps

Trigger-action apps are being increasingly used by end users to connect smart devices and online services to create new functionality. However, these apps can cause undesirable implicit information flows (secrecy violation) or lead to unintended accesses (integrity violation) depending on the usage context. Existing solutions designed to address such risks rely on predefined rules to control and mitigate such implicit information flows or unintended accesses. However, defining such rules is difficult for end users. In this work, we propose a learning-based approach to learn rules that flag violating situations based on the usage context. We also propose a set of reduction steps to reduce the complexity of the learned rules. We are able to achieve a good F1-measure in predicting both secrecy (0.91) and integrity (0.75) violations and achieve 77% and 74% complexity reduction while maintaining 88% and 97% of the original performance of the secrecy and integrity violation prediction, respectively.