Account Access Graphs

The primary authentication method for a user account is rarely the only way to access that account. Accounts can often be accessed through other accounts, using recovery methods, password managers, or single sign-on. This increases each account's attack surface, giving rise to subtle security problems. These problems cannot be detected by considering each account in isolation, but require analyzing the links between a user's accounts. Furthermore, to accurately assess the security of accounts, the physical world must also be considered. For example, an attacker with access to a physical mailbox could obtain credentials sent by post.

Account access graphs are a formalism that enables a comprehensive modeling and analysis of a user's entire setup, incorporating all connections between the user's accounts, devices, credentials, keys, and documents. Account access graphs support systematically identifying both security vulnerabilities and lockout risks in a user's accounts.

The paper DownloadUser Account Access Graphs (PDF, 774 KB) has been presented at the ACM Conference on Computer and Communications Security (CCS), 2019.

A Java front-end for entering and visualizing user data as well as an accompanying Haskell back-end, implementing the functions and algorithms in the paper, are available external pagehere.