Techniques for Visual Feedback of Security State - PowerPoint PPT Presentation

About This Presentation
Title:

Techniques for Visual Feedback of Security State

Description:

Dalhousie EDGE Lab focuses on collaboration and visualization ... We looked at how to reveal security information for distributed collaboration ... – PowerPoint PPT presentation

Number of Views:21
Avg rating:3.0/5.0
Slides: 10
Provided by: taraw7
Category:

less

Transcript and Presenter's Notes

Title: Techniques for Visual Feedback of Security State


1
Techniques for Visual Feedback of Security State
  • Tara Whalen and Kori Inkpen
  • Faculty of Computer Science
  • Dalhousie University
  • whalen at cs dot dal dot ca
  • DIMACS Workshop on Usable Privacy and Security
    Software
  • July 8, 2004

2
Introduction
  • Trying to define an area for doctoral research
  • ideas very much in development feedback welcome
    and encouraged!
  • General focus visualization of security
    information
  • Goal to give users appropriate feedback about
    security
  • aid in assessment and carrying out appropriate
    actions
  • Dalhousie EDGE Lab focuses on collaboration and
    visualization
  • initial ideas focused on secure collaboration

3
Security Lens
  • We looked at how to reveal security information
    for distributed collaboration
  • e.g., using a CSCW tool, or text messaging
  • how to quickly communicate that security
    configuration was done correctly
  • Led to the idea of a security lens a
    representation of peering into a channel
  • Consider relevant parties along the path of
    communication
  • Use lens to show what security (secrecy) looks
    like from multiple perspectives self, partner,
    world (eavesdroppers)
  • Currently a visualization technique, not a real
    tool

4
Simple example text message
  • Include a lens in messaging application user
    selects this when they want to run a check
    (preview)
  • Shown below is communication between two parties
  • Set view to self, Bob or world to see what is
    revealed to each
  • Could represent secrecy as unreadable text.
    Plaintext should be revealed only for self and
    partner

5
Advantages
  • At-a-glance view provides snapshot of useful
    security information
  • Provides a sort of sanity check for configuration
  • Can provide information on demand not
    intrusive, gives feedback at appropriate time
  • Application-level data can provide context
    unavailable at lower level
  • e.g., can provide tailored feedback for specific
    actions, include info about private versus public
    keys, info about parties in communication

6
Challenges and Concerns
  • Pragmatically difficult application-level view
    requires integration of lens into different
    programs
  • Simple example is simplistic does not take into
    account the complexity of many situations
  • Lens perspective might be only useful for
    transactions, not long-duration activities
    (monitoring)
  • How to use the lens perspective for one user
    across multiple programs potentially many
    different tasks, data, and roles to incorporate
  • How much approximation is appropriate?
  • Dont want abstraction to cloud the facts
  • Correct configuration may not guarantee actual
    secrecy, and incorrect configuration may succeed
    if encryption exists at lower level
  • Would users bother to adjust perspective?

7
Future Directions
  • The direction is likely to be set through
    discussions at this workshop
  • Need to look at viability of perspective view as
    useful visualization technique
  • Can it be applied effectively across a range of
    applications and situations?
  • If it seems to be a helpful approach, then we can
    consider how this visualization might be done in
    practice
  • We are (in parallel) considering other
    visualization problems
  • how to present snapshots of host security
    information (e.g., personal firewall, virus
    scanner)
  • starting a small stud y on how people use visual
    security cues in web browsers

8
Conclusions
  • We feel that it is important to provide support
    for at-a-glance visualization of security
    information
  • This is not an easy problem complex area, need
    to integrate variety of data types and tasks,
    dont want to overwhelm user
  • Work is at very early stages we hope to work
    with the researchers at this workshop to further
    refine our approach

9
Thanks!
  • Thanks for your kind attention
  • Thanks to Diana Smetters (PARC) and Paul Dourish
    (UC Irvine) for feedback on these early ideas
  • Please forward comments, suggestions, flames,
    etc., to whalen at cs dot dal dot ca
Write a Comment
User Comments (0)
About PowerShow.com