User account access graphs

Sven Hammann, Saša Radomirović, Ralf Sasse, David Basin

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Citations (Scopus)


The primary authentication method for a user account is rarely the only way to access that account. Accounts can often be accessed through other accounts, using recovery methods, password managers, or single sign-on. This increases each account's attack surface, giving rise to subtle security problems. These problems cannot be detected by considering each account in isolation, but require analyzing the links between a user's accounts. Furthermore, to accurately assess the security of accounts, the physical world must also be considered. For example, an attacker with access to a physical mailbox could obtain credentials sent by post. Despite the manifest importance of understanding these interrelationships and the security problems they entail, no prior methods exist to perform an analysis thereof in a precise way. To address this need, we introduce account access graphs, the first formalism that enables a comprehensive modeling and analysis of a user's entire setup, incorporating all connections between the user's accounts, devices, credentials, keys, and documents. Account access graphs support systematically identifying both security vulnerabilities and lockout risks in a user's accounts. We give analysis algorithms and illustrate their effectiveness in a case study, where we automatically detect significant weaknesses in a user's setup and suggest improvement options.

Original languageEnglish
Title of host publicationCCS 2019: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Number of pages18
ISBN (Electronic)9781450367479
Publication statusPublished - 6 Nov 2019
Event26th ACM Conference on Computer and Communications Security 2019 - London, United Kingdom
Duration: 11 Nov 201915 Nov 2019


Conference26th ACM Conference on Computer and Communications Security 2019
Abbreviated titleACM CCS 2019
Country/TerritoryUnited Kingdom

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications


Dive into the research topics of 'User account access graphs'. Together they form a unique fingerprint.

Cite this