{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,1]],"date-time":"2026-02-01T03:30:18Z","timestamp":1769916618442,"version":"3.49.0"},"publisher-location":"New York, NY, USA","reference-count":49,"publisher":"ACM","license":[{"start":{"date-parts":[[2021,7,11]],"date-time":"2021-07-11T00:00:00Z","timestamp":1625961600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"University of Queensland","award":["4018264-617225"],"award-info":[{"award-number":["4018264-617225"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2021,7,11]]},"DOI":"10.1145\/3460319.3464838","type":"proceedings-article","created":{"date-parts":[[2021,7,8]],"date-time":"2021-07-08T22:18:43Z","timestamp":1625782723000},"page":"2-15","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":22,"title":["Identifying privacy weaknesses from multi-party trigger-action integration platforms"],"prefix":"10.1145","author":[{"given":"Kulani","family":"Mahadewa","sequence":"first","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yanjun","family":"Zhang","sequence":"additional","affiliation":[{"name":"University of Queensland, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guangdong","family":"Bai","sequence":"additional","affiliation":[{"name":"University of Queensland, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lei","family":"Bu","sequence":"additional","affiliation":[{"name":"Nanjing University, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4566-7488","authenticated-orcid":false,"given":"Zhiqiang","family":"Zuo","sequence":"additional","affiliation":[{"name":"Nanjing University, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dileepa","family":"Fernando","sequence":"additional","affiliation":[{"name":"Sri Lanka Technological Campus, Sri Lanka"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhenkai","family":"Liang","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jin Song","family":"Dong","sequence":"additional","affiliation":[{"name":"National University of Singapore, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2021,7,11]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"David Arthur and Sergei Vassilvitskii. 2006. k-means++: The advantages of careful seeding. Stanford.  David Arthur and Sergei Vassilvitskii. 2006. k-means++: The advantages of careful seeding. Stanford."},{"key":"e_1_3_2_1_2_1","volume-title":"Network and Distributed System Security Symposium (NDSS).","author":"Bai Guangdong","year":"2013","unstructured":"Guangdong Bai , Jike Lei , Guozhu Meng , Sai Sathyanarayan Venkatraman , Prateek Saxena , Jun Sun , Yang Liu , and Jin Song Dong . 2013 . AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations . In Network and Distributed System Security Symposium (NDSS). Guangdong Bai, Jike Lei, Guozhu Meng, Sai Sathyanarayan Venkatraman, Prateek Saxena, Jun Sun, Yang Liu, and Jin Song Dong. 2013. AuthScan: Automatic Extraction of Web Authentication Protocols from Implementations. In Network and Distributed System Security Symposium (NDSS)."},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1109\/msec.2019.2914190"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243841"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/3185501"},{"key":"e_1_3_2_1_6_1","volume-title":"27th USENIX Security Symposium. 1687\u20131704","author":"Celik Z Berkay","year":"2018","unstructured":"Z Berkay Celik , Leonardo Babun , Amit Kumar Sikder , Hidayet Aksu , Gang Tan , Patrick McDaniel , and A Selcuk Uluagac . 2018 . Sensitive information tracking in commodity IoT . In 27th USENIX Security Symposium. 1687\u20131704 . Z Berkay Celik, Leonardo Babun, Amit Kumar Sikder, Hidayet Aksu, Gang Tan, Patrick McDaniel, and A Selcuk Uluagac. 2018. Sensitive information tracking in commodity IoT. In 27th USENIX Security Symposium. 1687\u20131704."},{"key":"e_1_3_2_1_7_1","volume-title":"2018 USENIX Annual Technical Conference (USENIX ATC). 147\u2013158","author":"Celik Z Berkay","year":"2018","unstructured":"Z Berkay Celik , Patrick McDaniel , and Gang Tan . 2018 . SOTERIA: Automated IoT safety and security analysis . In 2018 USENIX Annual Technical Conference (USENIX ATC). 147\u2013158 . Z Berkay Celik, Patrick McDaniel, and Gang Tan. 2018. SOTERIA: Automated IoT safety and security analysis. In 2018 USENIX Annual Technical Conference (USENIX ATC). 147\u2013158."},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/msec.2019.2911511"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2019.23326"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23159"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/1273463.1273490"},{"key":"e_1_3_2_1_12_1","unstructured":"HTML Diff. 2020. html-diff 0.3.0. https:\/\/pypi.org\/project\/html-diff\/  HTML Diff. 2020. html-diff 0.3.0. https:\/\/pypi.org\/project\/html-diff\/"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243865"},{"key":"e_1_3_2_1_14_1","unstructured":"Facebook. 2020. Facebook Data Policy. https:\/\/www.facebook.com\/policy.php  Facebook. 2020. Facebook Data Policy. https:\/\/www.facebook.com\/policy.php"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"publisher","DOI":"10.1109\/sp.2016.44"},{"key":"e_1_3_2_1_16_1","volume-title":"25th USENIX Security Symposium. 531\u2013548","author":"Fernandes Earlence","year":"2016","unstructured":"Earlence Fernandes , Justin Paupore , Amir Rahmati , Daniel Simionato , Mauro Conti , and Atul Prakash . 2016 . Flowfence: Practical data protection for emerging iot application frameworks . In 25th USENIX Security Symposium. 531\u2013548 . Earlence Fernandes, Justin Paupore, Amir Rahmati, Daniel Simionato, Mauro Conti, and Atul Prakash. 2016. Flowfence: Practical data protection for emerging iot application frameworks. In 25th USENIX Security Symposium. 531\u2013548."},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2018.23119"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2019.2939526"},{"key":"e_1_3_2_1_19_1","volume-title":"Proceedings of the 23rd international conference on computational linguistics (Coling","author":"Ganesan Kavita","year":"2010","unstructured":"Kavita Ganesan , ChengXiang Zhai , and Jiawei Han . 2010 . Opinosis: a graph-based approach to abstractive summarization of highly redundant opinions . In Proceedings of the 23rd international conference on computational linguistics (Coling 2010). 340\u2013348. Kavita Ganesan, ChengXiang Zhai, and Jiawei Han. 2010. Opinosis: a graph-based approach to abstractive summarization of highly redundant opinions. In Proceedings of the 23rd international conference on computational linguistics (Coling 2010). 340\u2013348."},{"key":"e_1_3_2_1_20_1","unstructured":"GDPR. 2016. Art.5 GDPR. https:\/\/gdpr-info.eu\/art-5-gdpr  GDPR. 2016. Art.5 GDPR. https:\/\/gdpr-info.eu\/art-5-gdpr"},{"key":"e_1_3_2_1_21_1","unstructured":"GDPR. 2016. General Data Protection Regulation. https:\/\/gdpr-info.eu\/  GDPR. 2016. General Data Protection Regulation. https:\/\/gdpr-info.eu\/"},{"key":"e_1_3_2_1_22_1","unstructured":"Google. 2020. Google Play Policy Center. https:\/\/support.google.com\/googleplay\/android-developer\/answer\/10144311?visit_id=637523214929913988-659406915&rd=1  Google. 2020. Google Play Policy Center. https:\/\/support.google.com\/googleplay\/android-developer\/answer\/10144311?visit_id=637523214929913988-659406915&rd=1"},{"key":"e_1_3_2_1_23_1","volume-title":"27th USENIX Security Symposium. 255\u2013272","author":"He Weijia","year":"2018","unstructured":"Weijia He , Maximilian Golla , Roshni Padhi , Jordan Ofek , Markus D\u00fcrmuth , Earlence Fernandes , and Blase Ur . 2018 . Rethinking access control and authentication for the home internet of things (iot) . In 27th USENIX Security Symposium. 255\u2013272 . Weijia He, Maximilian Golla, Roshni Padhi, Jordan Ofek, Markus D\u00fcrmuth, Earlence Fernandes, and Blase Ur. 2018. Rethinking access control and authentication for the home internet of things (iot). In 27th USENIX Security Symposium. 255\u2013272."},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/spw.2019.00036"},{"key":"e_1_3_2_1_25_1","unstructured":"IETF. 2020. OAuth 2.0 Token Revocation. https:\/\/tools.ietf.org\/html\/rfc7009  IETF. 2020. OAuth 2.0 Token Revocation. https:\/\/tools.ietf.org\/html\/rfc7009"},{"key":"e_1_3_2_1_26_1","unstructured":"IFTTT. 2020. Creating Applets. https:\/\/platform.ifttt.com\/docs\/applets  IFTTT. 2020. Creating Applets. https:\/\/platform.ifttt.com\/docs\/applets"},{"key":"e_1_3_2_1_27_1","unstructured":"IFTTT. 2020. IFTTT Website. https:\/\/ifttt.com\/  IFTTT. 2020. IFTTT Website. https:\/\/ifttt.com\/"},{"key":"e_1_3_2_1_28_1","unstructured":"IFTTT. 2020. The statistics of IFTTT.. https:\/\/platform.ifttt.com\/blog\/implementing-the-right-connectivity-solution  IFTTT. 2020. The statistics of IFTTT.. https:\/\/platform.ifttt.com\/blog\/implementing-the-right-connectivity-solution"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2017.23051"},{"key":"e_1_3_2_1_30_1","volume-title":"15th Network and Distributed Security Symposium (NDSS).","author":"Kang Min Gyung","year":"2011","unstructured":"Min Gyung Kang , Stephen McCamant , Pongsin Poosankam , and Dawn Song . 2011 . Dta++: dynamic taint analysis with targeted control-flow propagation .. In 15th Network and Distributed Security Symposium (NDSS). Min Gyung Kang, Stephen McCamant, Pongsin Poosankam, and Dawn Song. 2011. Dta++: dynamic taint analysis with targeted control-flow propagation.. In 15th Network and Distributed Security Symposium (NDSS)."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2993422.2993426"},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/jiot.2017.2707465"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1109\/tse.2019.2960690"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.1109\/iceccs2018.2018.00011"},{"key":"e_1_3_2_1_35_1","unstructured":"Microsoft. 2020. Microsoft Flow. https:\/\/flow.microsoft.com\/en-us\/  Microsoft. 2020. Microsoft Flow. https:\/\/flow.microsoft.com\/en-us\/"},{"key":"e_1_3_2_1_36_1","doi-asserted-by":"publisher","DOI":"10.1145\/3281411.3281440"},{"key":"e_1_3_2_1_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/cns.2014.6997469"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.312842"},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243817"},{"key":"e_1_3_2_1_40_1","doi-asserted-by":"publisher","DOI":"10.1145\/3038912.3052709"},{"key":"e_1_3_2_1_41_1","unstructured":"Taifu. 2020. Taifu Website. https:\/\/sites.google.com\/view\/taifu-demo  Taifu. 2020. Taifu Website. https:\/\/sites.google.com\/view\/taifu-demo"},{"key":"e_1_3_2_1_42_1","volume-title":"26th USENIX Security Symposium. 361\u2013378","author":"Tian Yuan","year":"2017","unstructured":"Yuan Tian , Nan Zhang , Yueh-Hsun Lin , XiaoFeng Wang , Blase Ur , Xianzheng Guo , and Patrick Tague . 2017 . Smartauth: User-centered authorization for the internet of things . In 26th USENIX Security Symposium. 361\u2013378 . Yuan Tian, Nan Zhang, Yueh-Hsun Lin, XiaoFeng Wang, Blase Ur, Xianzheng Guo, and Patrick Tague. 2017. Smartauth: User-centered authorization for the internet of things. In 26th USENIX Security Symposium. 361\u2013378."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1145\/3319535.3345662"},{"key":"e_1_3_2_1_44_1","unstructured":"Zapier. 2020. Zapier Website. https:\/\/zapier.com\/  Zapier. 2020. Zapier Website. https:\/\/zapier.com\/"},{"key":"e_1_3_2_1_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/icse.2019.00043"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1145\/3243734.3243820"},{"key":"e_1_3_2_1_47_1","volume-title":"28th USENIX Security Symposium. 1133\u20131150","author":"Zhou Wei","year":"2019","unstructured":"Wei Zhou , Yan Jia , Yao Yao , Lipeng Zhu , Le Guan , Yuhang Mao , Peng Liu , and Yuqing Zhang . 2019 . Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms . In 28th USENIX Security Symposium. 1133\u20131150 . Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and understanding the security hazards in the interactions between IoT devices, mobile apps, and clouds on smart home platforms. In 28th USENIX Security Symposium. 1133\u20131150."},{"key":"e_1_3_2_1_48_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23146"},{"key":"e_1_3_2_1_49_1","doi-asserted-by":"publisher","DOI":"10.1145\/3133956.3134089"}],"event":{"name":"ISSTA '21: 30th ACM SIGSOFT International Symposium on Software Testing and Analysis","location":"Virtual Denmark","acronym":"ISSTA '21","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering"]},"container-title":["Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and Analysis"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460319.3464838","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3460319.3464838","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T21:24:36Z","timestamp":1750195476000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3460319.3464838"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2021,7,11]]},"references-count":49,"alternative-id":["10.1145\/3460319.3464838","10.1145\/3460319"],"URL":"https:\/\/doi.org\/10.1145\/3460319.3464838","relation":{},"subject":[],"published":{"date-parts":[[2021,7,11]]},"assertion":[{"value":"2021-07-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}