Figure 5 - uploaded by Xiaolu Zhang
Content may be subject to copyright.
Source publication
The Internet of Things (IoT) connects all emerging devices and services while creating interactions between people and things. Allowing users to match devices and services by causal relationship, Trigger-Action Programming (TAP) is a common user-programming paradigm in IoT smart home platforms. Thus, the security issues of TAP need to be addressed...
Context in source publication
Context 1
... the Samsung SmartThings platform and discovered a privilege management issue that causes 55% of applications (so-called SmartApps) on the SmartThings platform to be overprivileged. From a high-level perspective, the SmartThings ecosystem consists of a cloud backend, a physical IoT hub -SmartThings Hub (per user), and a mobile app (per user) (see Fig. 5). To govern IoT devices, SmartApps are not allowed to access the physical devices directly but must request the access from the software wrapper of the IoT device on the cloud backend. The SmartThings platform implements a built-in security architecture, which is referred to as a SmartThings Capability, for validating if a SmartApp is ...
Citations
... However, according to [23,24], the oversimplification of existing TAP systems limits the expressivity of the programs that can be created, leading to inconsistencies in interpreting the behavior of TAP and errors in creating programs with a desired behavior. Another limitation is the lack of standard open protocols; each vendor allows its own product in a closed environment and requires the user to use several applets to manage a fully integrated environment [25]. ...
... In particular, the highest average score was obtained on the easy adjective. Considering that the experimental task was executed by participants who were not experts in the specific environmental sustainability field and generating good and reliable home automation represents a quite trivial task [23,24], we can argue that the approach presented in this paper of using an LLM to create home automation tasks can enable more people (even non-experts) to set up routines to make their home consumption more optimized and sustainable. Still, such results are aligned with the instructions in the LLM prompt, in particular, You are a helpful assistant and should answer me clearly and it must be humanlike, friendly, in a way that I see you as my best friend (Appendix A, line 1 and 13). ...
Without any more delay, individuals are urged to adopt more sustainable behaviors to fight climate change. New digital systems mixed with engaging and gamification mechanisms could play an important role in achieving such an objective. In particular, Conversational Agents, like Smart Home Assistants, are a promising tool that encourage sustainable behaviors within household settings. In recent years, large language models (LLMs) have shown great potential in enhancing the capabilities of such assistants, making them more effective in interacting with users. We present the design and implementation of GreenIFTTT, an application empowered by GPT4 to create and control home automation routines. The agent helps users understand which energy consumption optimization routines could be created and applied to make their home appliances more environmentally sustainable. We performed an exploratory study (Italy, December 2023) with N = 13 participants to test our application's usability and UX. The results suggest that GreenIFTTT is a usable, engaging, easy, and supportive tool, providing insight into new perspectives and usage of LLMs to create more environmentally sustainable home automation.
... Their analysis highlighted that loops and inconsistencies are considered by potential users more dangerous than redundancies, which in some cases can be acceptable. A recent analysis by Chen and colleagues (Chen et al. 2022) classifies problems into rule preventions (one rule unintentionally blocks the triggering of another), rule collisions (comparable to the inconsistencies described before), and unexpected rule chains (when the effects of an action can activate another rule). These logical loopholes can lead to unexpected behaviours of the environment but also expose the users to serious threats, for instance, the inadvertent disclosure of private information or the exposure of their smart environment to attackers (Breve et al. 2022). ...
The main current technological trends are the Internet of Things and Artificial Intelligence. Indeed, current forecasts indicate that while the number of general purpose devices (e.g. smartphones, laptops) is slightly increasing, the number of connected objects (objects of our everyday life) is increasing in an almost exponential way. Thus, such technologies together with AI algorithms based on large data sets and statistical predictions are able to generate automations that can take place in the various places where we live (e.g. stores, older adults residences, industrial sites, smart homes).Such technological trends open up great opportunities, new possibilities, but there are also risks and new problems. There can be intelligent services that eventually generate actions that do not match the real user needs. The introduced automations can generate unwanted effects. People may have difficulties in understanding how to drive the automatically generated automations. Thus, one fundamental challenge is how to provide tools that allow users to control and configure smart environments consisting of hundreds of interconnected devices, objects, and appliances ? Tools that allow people to obtain “humanations”, which are automations that users can understand and modify.Trigger-Action Programming (TAP) is a useful connection point between the wide variety of technologies and implementation languages considered and people without programming experience. It is based on sets of personalization rules in the format: when something happens (trigger) something must be done (action). They do not require particular algorithmic skills or knowledge of complex programming structures. However, this approach presents nuances that may become apparent and critical in complex and realistic cases generating undesired effects. It is important that users are aware of the temporal aspects associated with triggers (events vs conditions) and actions (instantaneous vs sustained) otherwise the automations may not execute as the users expect. In a smart environment usually there are multiple active automations, whose resulting behaviours can interfere among them. Users should be made aware of the possible security and privacy issues (for example if they create an automation that whenever a photo is taken the image is uploaded on facebook, they should be aware that in some cases it may make public private information).In the paper we present a design space to consider such issues and an approach to addressing them. In order to better manage the temporal dimension of trigger and actions it is important to represent explicitly such aspects. In addition, it is important to consider them also when triggers and actions are composed in a rule to avoid unlikely situations (such as when composing two events in a trigger) or ambiguous ones (such as when a trigger condition is associated with an instantaneous action, should it be performed once on as long as the condition is verified?).For the management of multiple automations we have identified four possible cases to address. One is rule conflict that occurs when different automations require an object to perform different actions at the same time. Another case is rule prevention, which means that the performance of an automation does not allow the triggering of another one. A different case is “unexpected rule chain” in which the performance of an automation has the effect of triggering another one, which is not relevant for the user. The last case is rule loop in which the performance of an automation triggers one or more automations, which in the end trigger again the first one.In general, explaining automations for allowing users to manage such situations requires to decide what information to provide, when showing it, and in which modality. For deciding what explanation to provide it is important to consider the typical questions that users ask in such contexts and their actual goals. Such questions address various types of explanations. The most common is explaining why or why not a given automation can be triggered in a context of use. A typical follow up question is what if some aspects of the trigger are modified (to understand whether the automation can be actually triggered with such changes). A further follow-up question would be what is the scope of change permitted to get the same effect.In our experience we have noticed that in general the relevance of an automation depends on what the current user goal is. For example, in an Ambient Assisted Living project relevant user goals were safety, comfort, wellbeing, health, and socialization. Thus, it is important to introduce a user goal-oriented automatic adviser able to indicate what should be modified in the current automations in order to better achieve the desired goals.In the paper we will detail this design space for explainable automations, discuss how to support it, and show example applications.
... When several automations are active various issues can occur, and there is a need to detect and explain them to users. Figure 10 shows three possible types of issues (Chen et al, 2022). One common issue is rule conflict, which occurs when different rules require performing conflicting actions at the same time. ...
... Furthermore, efforts have also been spent on the definition of specific solutions that can support end-users in the identification of security and privacy risks at design time [10,57]. Chen et al. [15] have proposed a threat model that indicates the various levels at which security issues can emerge in environments where TAP platforms are deployed: ...
... That is important because poor or conflicting rule settings can lead to unsatisfactory or potentially dangerous behaviour for the user. For example, Chen et al. [15] discuss three possible categories of logical errors in these cases, providing associated examples. Rule prevention occurs when the execution of one rule unintentionally prevents the trigger of another rule. ...
The continuously increasing number of connected objects and sensors is opening up the possibility of introducing automations in many domains to better support people in their activities. However, such automations to be effective should be under the user control. Unfortunately, people often report difficulties in understanding the surrounding automations and how to modify them. The goal of this paper is to provide a multi-perspective view of what has been done in terms of design, tools, and evaluation in the area of end-user control of automations in ecosystems of smart objects and services. For each aspect we introduce the main challenge, the current possible approaches to address it, and the issues that still need further investigation.KeywordsEnd-User DevelopmentInternet of ThingsUser Experience
... Although there is evidence that TAP is understandable by most end users, there are still problems with the EUD platforms for personalization [12]. In general, understanding how users interpret and use automations requires more research [5,9,28]. It is currently unclear, for example, how aware users are of the advantages and the hazards of these platforms. ...
Smart homes are becoming a widespread reality given the increasingly available number of connected objects and sensors. However, it is still unclear what people expect from automations that are made possible by this technological evolution. In addition, it is unclear whether current trigger-action programming (TAP) languages offer sufficient operators and constructs to specify the desired automations. In this paper, we report on a study aiming to provide useful elements to address such issues. It involved 34 users without experience in IoT programming who created 204 desired home automations. We discuss an analysis of such results in terms of the relationships found between smart-home components and of the requirements for novel operators in TAP languages.KeywordsSmart HomesEnd-User DevelopmentTrigger-action ProgrammingUser Requirements
As the Internet and Internet of Things (IoT) continue to develop, Heterogeneous Information Networks (HIN) have formed complex interaction relationships among data objects. These relationships are represented by various types of edges (meta-paths) that contain rich semantic information. In the context of IoT data applications, the widespread adoption of Trigger-Action Patterns makes the management and analysis of heterogeneous data particularly important. This study proposes a meta-path-based clustering method for heterogeneous IoT data called I-RankClus, which aims to improve the modeling and analysis efficiency of IoT data. By combining ranking with clustering algorithms, the PageRank algorithm was used to calculate the intraclass influence of objects in the network. The HITS algorithm then transfers the influence to the core objects, thereby optimizing the classification of objects during the clustering process. The I-RankClus algorithm does not process each meta-path individually, but instead integrates multiple meta-paths to enhance the interpretability and clustering performance of the model. The experimental results show that the I-RankClus algorithm can process complex IoT datasets more effectively than traditional clustering methods and provide more accurate clustering outcomes. Furthermore, through a detailed analysis of meta-paths, this study explored the influence and importance of different meta-paths, thereby validating the effectiveness of the algorithm. Overall, the research presented in this paper not only improves the application effects of HINs in IoT data analysis but also provides valuable methods and insights for future network data processing.
Trigger-Action Programming (TAP) is a new programming paradigm enabling end-users to customize their smart devices by defining simple trigger-action rules. While it offers appealing convenience to end-users, TAP renders devices vulnerable to operation chaos and security risk resulting from potential defects in the rules. Verifying TAP rules defined by end-users is thereby necessary to detect such vulnerabilities at the early stage. However, such rules are difficult to analyze because their executions are often device-specific and environment-driven. Existing approaches require modeling them with their host devices and running environments, which is labor-consuming and hard to be automated. Moreover, the composition of devices causes state explosion, rendering the conflict analysis time-consuming. In this paper, we first build a large corpus of TAP rules developed by end-users. Analyzing this corpus results in six types of conflicts and reveals that nearly 90% of end-users made conflicts in their customized rules, and on average, 3.7 rules contain a conflict, which concurs with the necessity of developing practical conflict analysis techniques. Empirical analysis motivates us to propose a lightweight SMT-based approach for conflict analysis from a programmatic perspective. Compared to the existing approaches, our approach does not require modeling devices; thus, it could be fully automatic and flexible in efficiently detecting various types of conflicts. We implement the approach in a tool TapChecker. We analyze 12,514 TAP rules collected from real-world TAP platforms (10,535) and laboratory experiments (1,979). Experimental results show that our approach outperforms the state-of-the-art tool regarding the number of detected conflicts and efficiency.
