ICSE 2024
Fri 12 - Sun 21 April 2024 Lisbon, Portugal
Wed 17 Apr 2024 15:00 - 15:15 at Glicínia Quartin - Human and Social 2 Chair(s): Ayushi Rastogi

Voice personal assistant (VPA) platforms (e.g., Amazon Alexa) allow developers to deploy their voice apps on third-party servers. However, this strategy introduces unexpected privacy risks to VPA customers. Malicious developers can dynamically change their app’s behaviors to circumvent the platform’s vetting process. This paper aims to systematically analyze Alexa’s voice app ecosystem (i.e., Alexa skills), focusing on behavior manipulation (also referred to as skill behavior change). We identify the root causes of malicious skills getting published and propose a defense solution to effectively protect users. First, we uncover Amazon’s skill vetting strategy and the privacy issues relevant to their vetting. We reveal that, in addition to the skill certification process before a skill gets published, Amazon also deploys a skill monitoring scheme after the skill is published. We further discover limitations of this monitoring scheme that have not been explored in previous research. Lastly, to address these issues, we propose a run-time skill monitoring approach to check the consistency of the skill behaviors when users interact with skills. Our findings suggest a call for action to improve the vetting process for VPA skills without placing a burden on skill developers and help developers adhere to policies.

Wed 17 Apr

Displayed time zone: Lisbon change

14:00 - 15:30
14:00
15m
Talk
Causal Relationships and Programming Outcomes: A Transcranial Magnetic Stimulation ExperimentACM SIGSOFT Distinguished Paper Award
Research Track
Hammad Ahmad University of Michigan, Madeline Endres University of Michgain, Kaia Newman Carnegie Mellon University, Priscila Santiesteban University of Michigan, Emma Shedden University of Michigan, Westley Weimer University of Michigan
14:15
15m
Talk
Training App Developers in a Software Studio: The Business Nano Challenge Experience
Software Engineering Education and Training
Tania Mara Dors Pontifícia Universidade Católica do Paraná, Ana Paula Schran de Almeida Pontifícia Universidade Católica do Paraná, Lohine Mussi Pontifícia Universidade Católica do Paraná, Fabio Vinicius Binder Pontifícia Universidade Católica do Paraná, Sheila Reinehr Pontifícia Universidade Católica do Paraná (PUCPR), Andreia Malucelli Pontifícia Universidade Católica do Paraná
14:30
15m
Talk
Breaking Barriers: Investigating the Sense of Belonging Among Women and Non-Binary Students in Software Engineering
Software Engineering Education and Training
Lina Boman University of Gothenburg, Jonatan Andersson University of Gothenburg, Francisco Gomes de Oliveira Neto Chalmers | University of Gothenburg
14:45
15m
Talk
Micro-inequities and immigration backgrounds in the software industry
Software Engineering in Society
Valentin Markulj , Kousar Aslam VU Amsterdam, Emitzá Guzmán Vrije Universiteit Amsterdam
15:00
15m
Talk
Alexa, is the skill always safe? Uncover Lenient Skill Vetting Process and Protect User Privacy at Run Time
Software Engineering in Society
Tu Le University of California, Irvine, Dongfang Zhao Indiana University Bloomington, Zihao Wang Indiana University Bloomington, XiaoFeng Wang Indiana University Bloomington, Yuan Tian
Media Attached
15:15
7m
Talk
CodeGRITS: A Research Toolkit for Developer Behavior and Eye Tracking in IDE
Demonstrations
Ningzhi Tang University of Notre Dame, Junwen An , Meng Chen , Aakash Bansal University of Notre Dame, Yu Huang Vanderbilt University, Collin McMillan University of Notre Dame, Toby Jia-Jun Li University of Notre Dame