DIVINA: Discovering Vulnerabilities of Internet Accounts

Abstract : Internet users typically have several online accounts – such as mail accounts, cloud storage accounts, or social media accounts. The security of these accounts is often intricately linked: The password of one account can be reset by sending an email to another account; the data of one account can be backed up on another account; one account can only be accessed by two-factor authentication through a second account ; and so forth. This poses three challenges: First, if a user loses one or several of his passwords, can he still access his data? Second, how many passwords does an attacker need in order to access the data? And finally, how many passwords does an attacker need in order to irreversibly delete the user's data? In this paper, we model the dependencies of online accounts in order to help the user discover security weaknesses. We have implemented our system and invite users to try it out on their real accounts.
Document type :
Conference papers
Complete list of metadatas

Cited literature [5 references]  Display  Hide  Download

https://hal-imt.archives-ouvertes.fr/hal-01699871
Contributor : Fabian Suchanek <>
Submitted on : Friday, February 2, 2018 - 6:05:48 PM
Last modification on : Wednesday, July 3, 2019 - 3:02:02 PM
Long-term archiving on : Thursday, May 3, 2018 - 12:49:32 AM

File

www2015demo.pdf
Files produced by the author(s)

Identifiers

Citation

Ziad Ismail, Danai Symeonidou, Fabian M. Suchanek. DIVINA: Discovering Vulnerabilities of Internet Accounts. 24th International Conference on World Wide Web Conference, May 2015, Florence, Italy. ⟨10.1145/2740908.2742836⟩. ⟨hal-01699871⟩

Share

Metrics

Record views

415

Files downloads

33