Architecting Trigger-Action Platforms for Security, Performance and Functionality

Deepak Sirone Jegan

Network and Distributed System Security (NDSS) Symposium 2024 · Day 2 · Platform Security

Trigger-Action Platforms (TAPs) like IFTTT, Zapier, and Microsoft Power Automate have become indispensable tools for end-users, enabling seamless automation of interactions between diverse web services and devices. These platforms, which can range from simple applets like "add a new spreadsheet row, compute data, send to Slack" to complex workflows, act as centralized hubs managing privileged access to vast amounts of sensitive user data and devices. Despite their widespread adoption and utility, current TAP architectures inherently demand complete and unconditional trust from users regarding their secure operation.