Enforcing access control in trigger-action programming using taint analysis

US 10,609,044 B2
Filed: 06/12/2017
Issued: 03/31/2020
Est. Priority Date: 06/12/2017
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

marking, by one or more hardware processors, a set of data fields associated with a first trigger in a first trigger-action pair with a taint, wherein a trigger event triggers an action event in a trigger-action pair, and wherein the taint is a tag indicating that the first trigger has been identified as being susceptible to an illicit attack by a third party and that the first trigger is capable of influencing a second trigger-action pair;

marking, by one or more hardware processors, a first action associated with the first trigger-action pair with the taint, wherein the first action is capable of triggering a second trigger associated with the second trigger-action pair;

detecting, by one or more hardware processors, the second trigger associated with the second trigger-action pair;

propagating, by one or more hardware processors, the taint from the first trigger-action pair to the second trigger;

preventing, by one or more hardware processors, a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger;

checking, by one or more hardware processors, whether the first trigger-action pair is located in a taint map by searching for a first trigger ID and associated data fields in the taint map; and

in response to the first trigger-action pair being located in the taint map, decrementing, by one or more hardware processors, a freshness counter, wherein the freshness counter denotes how trigger-action pairs are expected to be invoked when an action occurs due to a chaining effect from linkage between trigger-action pairs, and wherein decrementing the freshness counter indicates a decrease in a possibility of the first action triggering the second trigger.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

One or more processors mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, where a trigger event triggers an action event in a trigger-action pair. One or more processors mark a first action associated with the first trigger-action pair with the taint, and detect a second trigger associated with a second trigger-action pair. One or more processors then propagate the taint from the first trigger-action pair to the second trigger, and prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger.

20 Citations

View as Search Results

17 Claims

1. A computer-implemented method comprising:
- marking, by one or more hardware processors, a set of data fields associated with a first trigger in a first trigger-action pair with a taint, wherein a trigger event triggers an action event in a trigger-action pair, and wherein the taint is a tag indicating that the first trigger has been identified as being susceptible to an illicit attack by a third party and that the first trigger is capable of influencing a second trigger-action pair;
  
  marking, by one or more hardware processors, a first action associated with the first trigger-action pair with the taint, wherein the first action is capable of triggering a second trigger associated with the second trigger-action pair;
  
  detecting, by one or more hardware processors, the second trigger associated with the second trigger-action pair;
  
  propagating, by one or more hardware processors, the taint from the first trigger-action pair to the second trigger;
  
  preventing, by one or more hardware processors, a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger;
  
  checking, by one or more hardware processors, whether the first trigger-action pair is located in a taint map by searching for a first trigger ID and associated data fields in the taint map; and
  
  in response to the first trigger-action pair being located in the taint map, decrementing, by one or more hardware processors, a freshness counter, wherein the freshness counter denotes how trigger-action pairs are expected to be invoked when an action occurs due to a chaining effect from linkage between trigger-action pairs, and wherein decrementing the freshness counter indicates a decrease in a possibility of the first action triggering the second trigger.
- View Dependent Claims (2, 3, 4, 5, 14, 15, 16)
- - 2. The computer-implemented method of claim 1, wherein a recipe is a trigger-action pair, and wherein the computer-implemented method further comprises:
    - detecting, by one or more hardware processors, a user input of a new recipe to a set of recipes;
      
      in response to detecting the user input of the new recipe to the set of recipes, identifying, by one or more hardware processors, a privilege escalation, wherein the privilege escalation occurs when a low risk task triggers a high risk task; and
      
      in response to detecting the privilege escalation, preventing, by one of more hardware processors, an addition of the new recipe to a system.
  - 3. The computer-implemented method of claim 1, wherein a recipe is a trigger-action pair, and wherein the computer-implemented method further comprises:
    - detecting, by one or more hardware processors, a user input of a new recipe to a set of recipes;
      
      in response to detecting the user input of the new recipe to the set of recipes, identifying, by one or more hardware processors, a denial of service problem in the set of recipes; and
      
      in response to identifying the denial of service problem in the set of recipes, preventing, by one or more hardware processors, the addition of a new recipe to the set of recipes.
  - 4. The computer-implemented method of claim 1, further comprising:
    - preventing, by one or more hardware processors, the taint marked first action associated with the first trigger-action pair in response to detecting the taint marked first action within the first trigger-action pair such that cyclic trigger actions are prevented.
  - 5. The computer-implemented method of claim 1, wherein a recipe is a trigger-action pair, and wherein the computer-implemented method further comprises:
    - modeling, by one or more hardware processors, a set of recipes composed of multiple trigger-action pairs as a Boolean Satisfiability problem, wherein each recipe is modeled as a logic deduction predicate;
      
      setting, by one or more hardware processors, a first trigger and a final action in each recipe as true for the Boolean Satisfiability problem, wherein the first trigger and the final action are from different trigger-action pairs; and
      
      identifying, by one or more hardware processors, a privilege escalation in the set of recipes based on the Boolean Satisfiability problem.
  - 14. The computer-implemented method of claim 1, wherein the second trigger is receiving an email with a subject in a subject line of the email describing an unlocking of a physical device, wherein the second action is unlocking the physical device in response to receiving the email, and wherein the computer-implemented method further comprises:
    - propagating, by one or more hardware processors, the taint from the first trigger to the second trigger; and
      
      in response to the taint from the first trigger being propagated to the second trigger, blocking, by one or more hardware processors, receipt of the email, wherein blocking the receipt of the email prevents the unlocking of the physical device.
  - 15. The computer-implemented method of claim 1, wherein the first trigger contains a first parameter and a first set of fields that describes details of the first parameter, wherein the first action contains a second parameter and a second set of fields that describes details of the second parameter, wherein the second trigger contains a third parameter and a third set of fields that describes details of the third parameter, wherein the second action contains a fourth parameter and a fourth set of fields that describes details of the fourth parameter, and wherein the computer-implemented method further comprises:
    - linking, by one or more hardware processors, the second parameter and the second set of fields of the first action to the third set of fields that describes the third parameter of the second trigger;
      
      predicting, by one or more hardware processors, that the second trigger will be executed based on the linking of the second parameter and the second set of fields of the first action to the third set of fields that describes the third parameter of the second trigger;
      
      mapping, by one or more hardware processors, the taint from the first action to the second trigger;
      
      executing, by one or more hardware processors, the second trigger; and
      
      updating, by one or more hardware processors, taint tagging of the second trigger in response to the second trigger executing.
  - 16. The computer-implemented method of claim 1, further comprising:
    - firing, by one or more hardware processors, the first trigger;
      
      in response to the first trigger being fired, marking the first trigger with the taint;
      
      in response to the first trigger being fired, invoking the first action; and
      
      in response to invoking the first action, marking the first action with the taint.

6. A computer program product for enforcing access control in trigger-action programming using taint analysis, the computer program product comprising a computer readable storage device having program instructions embodied therewith, the program instructions readable and executable by a computer to cause the computer to:
- mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, wherein a trigger event triggers an action event in a trigger-action pair, and wherein the taint is a tag indicating that the first trigger has been identified as being susceptible to an illicit attack by a third party and that the first trigger is capable of influencing a second trigger-action pair;
  
  mark a first action associated with the first trigger-action pair with the taint, wherein the first action is capable of triggering a second trigger associated with the second trigger-action pair;
  
  detect the second trigger associated with the second trigger-action pair;
  
  propagate the taint from the first trigger-action pair to the second trigger;
  
  prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger;
  
  check whether the first trigger-action pair is located in a taint map by searching for a first trigger ID and associated data fields in the taint map; and
  
  in response to the first trigger-action pair being located in the taint map, decrement a freshness counter, wherein the freshness counter denotes how trigger-action pairs are expected to be invoked when an action occurs due to a chaining effect from linkage between trigger-action pairs.
- View Dependent Claims (7, 8, 9, 10, 11)
- - 7. The computer program product of claim 6, wherein a recipe is a trigger-action pair, and wherein the program instructions are further readable and executable by the computer to cause the computer to further:
    - detect a user input of a new recipe to a set of recipes;
      
      in response to detecting the user input of the new recipe to the set of recipes, identify a privilege escalation, wherein the privilege escalation occurs when a low risk task triggers a high risk task; and
      
      in response to detecting the privilege escalation, prevent an addition of the new recipe to a system.
  - 8. The computer program product of claim 6, wherein a recipe is a trigger-action pair, and wherein the program instructions are further readable and executable by the computer to cause the computer to further:
    - detect a user input of a new recipe to a set of recipes;
      
      in response to detecting the user input of the new recipe to the set of recipes, identify a denial of service problem in the set of recipes; and
      
      responsive to identifying the denial of service problem in the set of recipes, prevent the addition of the new recipe to the set of recipes.
  - 9. The computer program product of claim 6, wherein the program instructions are further readable and executable by the computer to cause the computer to further:
    - prevent the taint marked first action associated with the first trigger-action pair in response to detecting the taint marked first action within the first trigger-action pair such that cyclic trigger actions are prevented.
  - 10. The computer program product of claim 6, wherein a recipe is a trigger-action pair, and wherein the program instructions are further readable and executable by the computer to cause the computer to further:
    - model a set of recipes composed of multiple trigger-action pairs as a Boolean Satisfiability problem, wherein each recipe is modeled as a logic deduction predicate;
      
      set a first trigger and a final action in each recipe as true for the Boolean Satisfiability problem, wherein the first trigger and the final action are from different trigger-action pairs; and
      
      identify a privilege escalation in the set of recipes based on the Boolean Satisfiability problem.
  - 11. The computer program product of claim 6, wherein the program instructions are executed as a service in a cloud environment.

12. A computer system comprising:
- one or more hardware processors;
  
  one or more computer readable memories, operably coupled to the one or more hardware processors, wherein the one or more computer readable memories store program instructions for execution by at least one of the one or more hardware processors, the stored program instructions comprising;
  
  program instructions to mark a set of data fields associated with a first trigger in a first trigger-action pair with a taint, wherein a trigger event triggers an action event in a trigger-action pair, and wherein the taint is a tag indicating that the first trigger has been identified as being susceptible to an illicit attack by a third party and that the first trigger is capable of influencing a second trigger-action pair;
  
  program instructions to mark a first action associated with the first trigger-action pair with the taint, wherein the first action is capable of triggering a second trigger associated with the second trigger-action pair;
  
  program instructions to detect the second trigger associated with the second trigger-action pair;
  
  program instructions to propagate the taint from the first trigger-action pair to the second trigger;
  
  program instructions to prevent a second action associated with the second trigger-action pair in response to detecting the taint in the second trigger;
  
  program instructions to check whether the first trigger-action pair is located in a taint map by searching for a first trigger ID and associated data fields in the taint map; and
  
  program instructions to, in response to the first trigger-action pair being located in the taint map, decrement a freshness counter, wherein the freshness counter denotes how trigger-action pairs are expected to be invoked when an action occurs due to a chaining effect from linkage between trigger-action pairs.
- View Dependent Claims (13, 17)
- - 13. The computer system of claim 12, wherein a recipe is a trigger-action pair, and wherein the program system further comprises:
    - program instructions to detect a user input of a new recipe to a set of recipes;
      
      program instructions to, in response to detecting the user input of the new recipe to the set of recipes, identify a privilege escalation, wherein the privilege escalation occurs when a low risk task triggers a high risk task; and
      
      program instructions to, in response to detecting the privilege escalation, prevent an addition of the new recipe to a system.
  - 17. The computer system of claim 12, wherein the program instructions are executed as a service in a cloud environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Andow, Benjamin E., Chari, Suresh N., Huang, Heqing, Singh, Kapil K.
Primary Examiner(s)
Le, Khoi V

Application Number

US15/619,593
Publication Number

US 20180359266A1
Time in Patent Office

1,023 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3072   where the reporting involve...

G06F 21/16   Program or content traceabi...

G06F 21/62   Protecting access to data v...

G06F 21/6245   Protecting personal data, e...

H04L 63/101   Access control lists [ACL]

H04L 63/1408   by monitoring network traff...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1458   Denial of Service

Enforcing access control in trigger-action programming using taint analysis

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

20 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Enforcing access control in trigger-action programming using taint analysis

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

20 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links