Safeguarding academic accounts and resources with the University Credential Abuse Auditing System

Authors:
Jing Zhang;Robin Berthier;Will Rhee;Michael Bailey;Partha Pal;Farnam Jahanian;William H. Sanders
Affiliations:
Dept. of Electrical Engineering and Computer Science, University of Michigan, USA;Information Trust Institute and Dept. of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign, USA;Office of Information and Infrastructure Assurance, University of Michigan, USA;Dept. of Electrical Engineering and Computer Science, University of Michigan, USA;BBN Technologies, Cambridge, MA, USA;Dept. of Electrical Engineering and Computer Science, University of Michigan, USA;Information Trust Institute and Dept. of Electrical and Computer Engineering, University of Illinois at Urbana-Champaign, USA
Venue:
DSN '12 Proceedings of the 2012 42nd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
Year:
2012

Citing 0
Cited 1

Learning from early attempts to measure information security performance

CSET'12 Proceedings of the 5th USENIX conference on Cyber Security Experimentation and Test

Quantified Score

Hi-index	0.00

Visualization

Abstract

Whether it happens through malware or through phishing, loss of one's online identity is a real and present danger. While many attackers seek credentials to realize financial gain, an analysis of the compromised accounts at our own institutions reveals that perpetrators often steal university credentials to gain free and unfettered access to information. This nontraditional motivation for credential theft puts a special burden on the academic institutions that provide these accounts. In this paper, we describe the design, implementation, and evaluation of a system for safeguarding academic accounts and resources called the University Credential Abuse Auditing System (UCAAS). We evaluate UCAAS at two major research universities with tens of thousands of user accounts and millions of login events during a two-week period. We show the UCAAS to be useful in reducing this burden, having helped the university security teams identify a total of 125 compromised accounts with zero false positives during the trail.