Trigger-Action Platforms (TAPs) enable users to define rules that trigger device operations automatically. However, the execution of these rules can potentially create security risks for users. This paper presents a user study conducted to assess the validity of a classification model, which used Natural Language Processing (NLP) techniques to automatically classify Event-Condition-Action (ECA) rules according to security and privacy risks in TAPs, e.g., IFTTT. The study asked each user to evaluate 50 different IFTTT rules, named applets, classified as risky by the proposed model and provide answers to two specific questions designed to assess risk perception. The results confirmed that the proposed classification model offers an assessment of the risk associated with a rule in line with user opinion. Furthermore, highlighting the presence of security or privacy-related risk positively impacted users' willingness to avoid using risky applets.
User Perception of Risks Associated with IFTTT Applets: A Preliminary User Study / Breve, B.; Cimino, G.; Deufemia, V.; Elefante, A.. - 3488:(2023), pp. 1-13. ( 2023 Italian Conference on Cyber Security, ITASEC 2023 Bari 2-5 Maggio 2023).
User Perception of Risks Associated with IFTTT Applets: A Preliminary User Study
Breve B.;
2023
Abstract
Trigger-Action Platforms (TAPs) enable users to define rules that trigger device operations automatically. However, the execution of these rules can potentially create security risks for users. This paper presents a user study conducted to assess the validity of a classification model, which used Natural Language Processing (NLP) techniques to automatically classify Event-Condition-Action (ECA) rules according to security and privacy risks in TAPs, e.g., IFTTT. The study asked each user to evaluate 50 different IFTTT rules, named applets, classified as risky by the proposed model and provide answers to two specific questions designed to assess risk perception. The results confirmed that the proposed classification model offers an assessment of the risk associated with a rule in line with user opinion. Furthermore, highlighting the presence of security or privacy-related risk positively impacted users' willingness to avoid using risky applets.| File | Dimensione | Formato | |
|---|---|---|---|
|
ITASEC-2023.pdf
non disponibili
Licenza:
Non specificato
Dimensione
1.17 MB
Formato
Adobe PDF
|
1.17 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
