research-article

Controlling Fine-Grain Sharing in Natural Language with a Virtual Assistant

Authors:

Giovanni Campagna,

Michael Fischer, and

Monica S. LamAuthors Info & Claims

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies, Volume 2, Issue 3

Article No.: 95, Pages 1 - 28

https://doi.org/10.1145/3264905

Published: 18 September 2018 Publication History

Abstract

This paper proposes a novel approach to let consumers share data from their existing web accounts and devices easily, securely, and with fine granularity of control. Our proposal is to have our personal virtual assistant be responsible for sharing our digital assets. The owner can specify fine-grain access control in natural language; the virtual assistant executes access requests on behalf of the requesters and returns the results, if the requests conform to the owner's access control policies.

Specifically, we allow a virtual assistant to share any ThingTalk command--an event-driven task composed of skills drawn from Thingpedia, a crowdsourced repository with over 200 functions currently. Access control in natural language is translated into TACL, a formal language we introduce to let users express for whom, what, when, where, and how ThingTalk commands can be executed. TACL policies are in turn translated into SMT (Satisfiability Modulo Theories) formulas and enforced using a provably correct algorithm. Our Distributed ThingTalk Protocol lets users access their own and others' data through their own virtual assistant, while enabling sharing without disclosing information to a third party.

The proposed ideas have been incorporated and released in the open-source Almond virtual assistant. 18 of the 20 users in a study say that they like the concept proposed, and 14 like the prototype. We show that users are more willing to share their data given the ability to impose TACL constraints, that 90% of enforceable use cases suggested by 60 users are supported by TACL, and that static and dynamic conformance of policies can be enforced efficiently.

References

[1]

Amazon. 2017. Amazon Alexa. https://developer.amazon.com/alexa.

[2]

Konstantine Arkoudas, Ritu Chadha, and C Jason Chiang. 2011. An Application of Formal Methods to Cognitive Radios. In First International Workshop on Design and Implementation of Formal Tools and Systems (DIFTS@FMCAD 2011).

[3]

Konstantine Arkoudas, Ritu Chadha, and Jason Chiang. 2014. Sophisticated Access Control via SMT and Logical Frameworks. ACM Trans. Inf. Syst. Secur. 16, 4, Article 17 (April 2014), 31 pages.

Digital Library

[4]

Alessandro Armando and Silvio Ranise. 2011. Automated Symbolic Analysis of ARBAC-Policies. In Security and Trust Management. Springer Berlin Heidelberg, 17--34.

Digital Library

[5]

Thomas H. Austin, Jean Yang, Cormac Flanagan, and Armando Solar-Lezama. 2013. Faceted Execution of Policy-agnostic Programs. In Proceedings of the Eighth ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '13). ACM, New York, NY, USA, 15--26.

Digital Library

[6]

Various Authors. 2017. Thingpedia - knowledge for your virtual assistant. https://thingpedia.stanford.edu

[7]

Clark Barrett, Christopher L. Conway, Morgan Deters, Liana Hadarean, Dejan Jovanović, Tim King, Andrew Reynolds, and Cesare Tinelli. 2011. CVC4. In Proceedings of the 23rd International Conference on Computer Aided Verification (CAV'11). Springer-Verlag, Berlin, Heidelberg, 171--177. http://dl.acm.org/citation.cfm?id=2032305.2032319

Digital Library

[8]

Clark Barrett, Pascal Fontaine, and Cesare Tinelli. 2016. The Satisfiability Modulo Theories Library (SMT-LIB). http://www.smt-lib.org.

[9]

Clark W Barrett, Roberto Sebastiani, Sanjit A Seshia, and Cesare Tinelli. 2009. Satisfiability Modulo Theories. Handbook of satisfiability 185 (2009), 825--885.

[10]

Lujo Bauer, Lorrie Faith Cranor, Robert W. Reeder, Michael K. Reiter, and Kami Vaniea. 2008. A User Study of Policy Creation in a Flexible Access-control System. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 543--552.

Digital Library

[11]

Lujo Bauer, Jay Ligatti, and David Walker. 2005. Composing Security Policies with Polymer. In Proceedings of the 2005 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI '05). ACM, New York, NY, USA, 305--314.

Digital Library

[12]

Giovanni Campagna, Rakesh Ramesh, Silei Xu, Michael Fischer, and Monica S. Lam. 2017. Almond: The Architecture of an Open, Crowdsourced, Privacy-Preserving, Programmable Virtual Assistant. In Proceedings of the 26th International Conference on World Wide Web - WWW '17. ACM Press, New York, New York, USA, 341--350.

Digital Library

[13]

Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke Garratt, and Douglas Stebila. 2017. A Formal Security Analysis of the Signal Messaging Protocol. In 2017 IEEE European Symposium on Security and Privacy (EuroS8P). IEEE, 451--466.

[14]

Michael Fischer, Giovanni Campagna, Silei Xu, and Monica S. Lam. 2018. Brassau: Automatically Generating Graphical User Interfaces for Virtual Assistants. In Proceedings of the 20th International Conference on Human-Computer Interaction with Mobile Devices and Services (MobileHCI 2018).

Digital Library

[15]

Roxana Geambasu, Magdalena Balazinska, Steven D. Gribble, and Henry M. Levy. 2007. Homeviews: peer-to-peer middleware for personal data sharing applications. In SIGMOD '07: Proceedings of the 2007 ACM SIGMOD international conference on Management of data. ACM, New York, NY, USA, 235--246.

Digital Library

[16]

Google. 2018. Google Assistant - Just Say "Hey Google" and Make Google Do It. https://assistant.google.com/.

[17]

Dick Hardt. 2012. The OAuth 2.0 authorization framework. Technical Report. https://tools.ietf.org/html/rfc6749

[18]

Jingwei Huang, David M. Nicol, Rakesh Bobba, and Jun Ho Huh. 2012. A Framework Integrating Attribute-based Policies into Role-based Access Control. In Proceedings of the 17th ACM Symposium on Access Control Models and Technologies (SACMAT '12). ACM, New York, NY, USA, 187--196.

Digital Library

[19]

Sun Kaiwen and Yin Lihua. 2014. Attribute-Role-Based Hybrid Access Control in the Internet of Things. In Web Technologies and Applications. Springer International Publishing, 333--343.

[20]

D. Richard Kuhn, Edward J. Coyne, and Timothy R. Weil. 2010. Adding Attributes to Role-Based Access Control. Computer 43, 6 (jun 2010), 79--81.

Digital Library

[21]

Anjishnu Kumar, Arpit Gupta, Julian Chan, Sam Tucker, Björn Hoffmeister, and Markus Dreyer. 2017. Just ASK: Building an Architecture for Extensible Self-Service Spoken Language Understanding. CoRR abs/1711.00549 (2017). arXiv:1711.00549 http://arxiv.org/abs/1711.00549

[22]

Tianyi Liang, Nestan Tsiskaridze, Andrew Reynolds, Cesare Tinelli, and Clark Barrett. 2015. A decision procedure for regular membership and length constraints over unbounded strings. In International Symposium on Frontiers of Combining Systems. Springer, 135--150.

Digital Library

[23]

Matrix.org Foundation. 2017. Matrix -- An open network for secure, decentralized communication. https://matrix.org.

[24]

Roy A. Maxion and Robert W. Reeder. 2005. Improving user-interface dependability through mitigation of human error. International Journal of Human-Computer Studies 63, 1-2 (jul 2005), 25--50.

Digital Library

[25]

Tim Moses et al. 2005. Extensible access control markup language (xacml) version 2.0. Oasis Standard 200502 (2005).

[26]

Robert W. Reeder, Lujo Bauer, Lorrie Faith Cranor, Michael K. Reiter, Kelli Bacon, Keisha How, and Heather Strong. 2008. Expandable Grids for Visualizing and Authoring Computer Security Policies. In Proceedings of the SIGCHI Conference on Human Factors in Computing Systems (CHI '08). ACM, New York, NY, USA, 1473--1482.

Digital Library

[27]

Ravi S. Sandhu. 1998. Role-based Access Control. (1998), 237--286.

[28]

Seok-Won Seong, Jiwon Seo, Matthew Nasielski, Debangsu Sengupta, Sudheendra Hangal, Seng Keat Teh, Ruven Chu, Ben Dodson, and Monica S. Lam. 2010. PrPl: A Decentralized Social Networking Infrastructure. In Proceedings of the 1st ACM Workshop on Mobile Cloud Computing 8 Services: Social Networks and Beyond (MCS '10). ACM, New York, NY, USA, Article 8, 8 pages.

Digital Library

[29]

D. K. Smetters and Nathan Good. 2009. How Users Use Access Control. In Proceedings of the 5th Symposium on Usable Privacy and Security (SOUPS '09). ACM, New York, NY, USA, Article 15, 12 pages.

Digital Library

[30]

Patrick Stuedi, Iqbal Mohomed, Mahesh Balakrishnan, Z. Morley Mao, Venugopalan Ramasubramanian, Doug Terry, and Ted Wobber. 2011. Contrail: Enabling Decentralized Social Networks on Smartphones. In Proceedings of the 12th International Middleware Conference (Middleware '11). International Federation for Information Processing, Laxenburg, Austria, Austria, 40--59. http://dl.acm.org/citation.cfm?id=2414338.2414343

Digital Library

[31]

Fatih Turkmen, Jerry den Hartog, Silvio Ranise, and Nicola Zannone. 2017. Formal analysis of XACML policies using SMT. Computers 8 Security 66, Supplement C (2017), 185--203.

Digital Library

[32]

Yushi Wang, Jonathan Berant, and Percy Liang. 2015. Building a Semantic Parser Overnight. In Proceedings of the 53rd Annual Meeting of the Association for Computational Linguistics and the 7th International Joint Conference on Natural Language Processing (Volume 1: Long Papers). Association for Computational Linguistics, 1332--1342.

[33]

Alexander Yip, Xi Wang, Nickolai Zeldovich, and M. Frans Kaashoek. 2009. Improving Application Security with Data Flow Assertions. In Proceedings of the ACM SIGOPS 22Nd Symposium on Operating Systems Principles (SOSP '09). ACM, New York, NY, USA, 291--304.

Digital Library

[34]

Eric Yuan and Jin Tong. 2005. Attributed based access control (ABAC) for Web services. In IEEE International Conference on Web Services (ICWS'05). 569.

Digital Library

Cited By

Paetz FSchultz C(2023)Nutzerpräferenzen für Markierungen digitaler Sprachassistenten – Eine wettbewerbsbasierte DiskussionEntrepreneurship der Zukunft10.1007/978-3-658-42060-4_14(345-370)Online publication date: 30-Dec-2023
https://doi.org/10.1007/978-3-658-42060-4_14
Liao SHsu CLin JWu YLeu F(2022)A Deep Learning-Based Chinese Semantic Parser for the Almond Virtual AssistantSensors10.3390/s2205189122:5(1891)Online publication date: 28-Feb-2022
https://doi.org/10.3390/s22051891
Suh ALi M(2022)How the use of mobile fitness technology influences older adults’ physical and psychological well-beingComputers in Human Behavior10.1016/j.chb.2022.107205131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.chb.2022.107205
Show More Cited By

Index Terms

Controlling Fine-Grain Sharing in Natural Language with a Virtual Assistant

Recommendations

Imposing Fine-grain Next Generation Access Control over Database Queries
ABAC '17: Proceedings of the 2nd ACM Workshop on Attribute-Based Access Control

In this paper, we describe a system that leverages ANSI/INCITS Next Generation Access Control (NGAC) standard called Next-generation Database Access Control (NDAC) for accessing data in tables, rows, and columns in existing RDBMS products. NDAC imposes ...
Read More
Evaluating assistance of natural language policy authoring
SOUPS '08: Proceedings of the 4th symposium on Usable privacy and security

The goal of the research study reported here was to investigate policy authors' ability to take descriptions of changes to policy situations and author high-quality, complete policy rules that would parse with high accuracy. As a part of this research, ...
Read More
Fine-Grain Access Control Using Shibboleth for the Storage Resource Broker
ISA '09: Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance

In this paper, we propose a fine-grain access control system for data resources in the Storage Resource Broker (SRB). The SRB is a Data Grid management system, which can integrate heterogeneous data resources of virtual organizations (VOs). The SRB ...
Read More

Comments

Information & Contributors

Information

Published In

cover image Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies

Proceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies Volume 2, Issue 3

September 2018

1536 pages

EISSN:2474-9567

DOI:10.1145/3279953

Issue’s Table of Contents

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 September 2018

Accepted: 01 September 2018

Revised: 01 May 2018

Received: 01 February 2018

Published in IMWUT Volume 2, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
384
Total Downloads

Downloads (Last 12 months)49
Downloads (Last 6 weeks)5

Other Metrics

View Author Metrics

Citations

Cited By

Paetz FSchultz C(2023)Nutzerpräferenzen für Markierungen digitaler Sprachassistenten – Eine wettbewerbsbasierte DiskussionEntrepreneurship der Zukunft10.1007/978-3-658-42060-4_14(345-370)Online publication date: 30-Dec-2023
https://doi.org/10.1007/978-3-658-42060-4_14
Liao SHsu CLin JWu YLeu F(2022)A Deep Learning-Based Chinese Semantic Parser for the Almond Virtual AssistantSensors10.3390/s2205189122:5(1891)Online publication date: 28-Feb-2022
https://doi.org/10.3390/s22051891
Suh ALi M(2022)How the use of mobile fitness technology influences older adults’ physical and psychological well-beingComputers in Human Behavior10.1016/j.chb.2022.107205131:COnline publication date: 1-Jun-2022
https://dl.acm.org/doi/10.1016/j.chb.2022.107205
Fu WLin YCampagna GLiu CTsai DMei CChang ELiao SLam M(2020)Soteria: A Provably Compliant User Right Manager Using a Novel Two-Layer Blockchain Technology2020 IEEE Infrastructure Conference10.1109/IEEECONF47748.2020.9377624(1-10)Online publication date: 7-Oct-2020
https://doi.org/10.1109/IEEECONF47748.2020.9377624
Lam MCampagna GXu SFischer MMoradshahi M(2019)Protecting privacy and open competition with Almond: An open-source virtual assistantXRDS: Crossroads, The ACM Magazine for Students10.1145/335575726:1(40-44)Online publication date: 17-Sep-2019
https://dl.acm.org/doi/10.1145/3355757
Pradhan SSun WBaig GQiu L(2019)Combating Replay Attacks Against Voice AssistantsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/33512583:3(1-26)Online publication date: 9-Sep-2019
https://dl.acm.org/doi/10.1145/3351258
Bagdasaryan EBerlstein GWaterman JBirrell EFoster NSchneider FEstrin DCavallaro LKinder JDomingo-Ferrer J(2019)AncileProceedings of the 18th ACM Workshop on Privacy in the Electronic Society10.1145/3338498.3358642(111-124)Online publication date: 11-Nov-2019
https://dl.acm.org/doi/10.1145/3338498.3358642
Greig JRehman SUl-Haq ADresser GBurmeister OTellioglu HTeli MNathan L(2019)Transforming Ageing in CommunityProceedings of the 9th International Conference on Communities & Technologies - Transforming Communities10.1145/3328320.3328380(228-238)Online publication date: 3-Jun-2019
https://dl.acm.org/doi/10.1145/3328320.3328380
Campagna GXu SMoradshahi MSocher RLam MMcKinley KFisher K(2019)Genie: a generator of natural language semantic parsers for virtual assistant commandsProceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation10.1145/3314221.3314594(394-410)Online publication date: 8-Jun-2019
https://dl.acm.org/doi/10.1145/3314221.3314594
Batra AYadav ASharma S(2019)Connecting People Through Virtual Assistant on Google AssistantProceedings of ICETIT 201910.1007/978-3-030-30577-2_35(407-417)Online publication date: 24-Sep-2019
https://doi.org/10.1007/978-3-030-30577-2_35
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents