Presentation is loading. Please wait.

Presentation is loading. Please wait.

Techniques for Visual Feedback of Security State Tara Whalen and Kori Inkpen Faculty of Computer Science Dalhousie University whalen at cs dot dal dot.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Techniques for Visual Feedback of Security State Tara Whalen and Kori Inkpen Faculty of Computer Science Dalhousie University whalen at cs dot dal dot."— Presentation transcript:

1 Techniques for Visual Feedback of Security State Tara Whalen and Kori Inkpen Faculty of Computer Science Dalhousie University whalen at cs dot dal dot ca DIMACS Workshop on Usable Privacy and Security Software July 8, 2004

2 Introduction Trying to define an area for doctoral research Trying to define an area for doctoral research ideas very much in development: feedback welcome and encouraged! ideas very much in development: feedback welcome and encouraged! General focus: visualization of security information General focus: visualization of security information Goal: to give users appropriate feedback about security Goal: to give users appropriate feedback about security aid in assessment and carrying out appropriate actions aid in assessment and carrying out appropriate actions Dalhousie EDGE Lab focuses on collaboration and visualization Dalhousie EDGE Lab focuses on collaboration and visualization initial ideas focused on secure collaboration initial ideas focused on secure collaboration

3 Security Lens We looked at how to reveal security information for distributed collaboration We looked at how to reveal security information for distributed collaboration e.g., using a CSCW tool, or text messaging e.g., using a CSCW tool, or text messaging how to quickly communicate that security configuration was done correctly how to quickly communicate that security configuration was done correctly Led to the idea of a “security lens”: a representation of peering into a channel Led to the idea of a “security lens”: a representation of peering into a channel Consider relevant parties along the path of communication Consider relevant parties along the path of communication Use lens to show what security (secrecy) looks like from multiple perspectives: self, partner, world (eavesdroppers) Use lens to show what security (secrecy) looks like from multiple perspectives: self, partner, world (eavesdroppers) Currently a visualization technique, not a real tool Currently a visualization technique, not a real tool

4 Simple example: text message Include a lens in messaging application; user selects this when they want to run a check (preview) Include a lens in messaging application; user selects this when they want to run a check (preview) Shown below is communication between two parties Shown below is communication between two parties Set view to self, Bob or world to see what is revealed to each Set view to self, Bob or world to see what is revealed to each Could represent secrecy as unreadable text. Plaintext should be revealed only for self and partner Could represent secrecy as unreadable text. Plaintext should be revealed only for self and partner

5 Advantages At-a-glance view provides snapshot of useful security information At-a-glance view provides snapshot of useful security information Provides a sort of sanity check for configuration Provides a sort of sanity check for configuration Can provide information on demand – not intrusive, gives feedback at appropriate time Can provide information on demand – not intrusive, gives feedback at appropriate time Application-level data can provide context unavailable at lower level Application-level data can provide context unavailable at lower level e.g., can provide tailored feedback for specific actions, include info about private versus public keys, info about parties in communication e.g., can provide tailored feedback for specific actions, include info about private versus public keys, info about parties in communication

6 Challenges and Concerns Pragmatically difficult: application-level view requires integration of lens into different programs Pragmatically difficult: application-level view requires integration of lens into different programs Simple example is simplistic: does not take into account the complexity of many situations Simple example is simplistic: does not take into account the complexity of many situations Lens perspective might be only useful for transactions, not long-duration activities (monitoring) Lens perspective might be only useful for transactions, not long-duration activities (monitoring) How to use the lens perspective for one user across multiple programs; potentially many different tasks, data, and roles to incorporate How to use the lens perspective for one user across multiple programs; potentially many different tasks, data, and roles to incorporate How much approximation is appropriate? How much approximation is appropriate? Don’t want abstraction to cloud the facts Don’t want abstraction to cloud the facts Correct configuration may not guarantee actual secrecy, and incorrect configuration may succeed if encryption exists at lower level Correct configuration may not guarantee actual secrecy, and incorrect configuration may succeed if encryption exists at lower level Would users bother to adjust perspective? Would users bother to adjust perspective?

7 Future Directions The direction is likely to be set through discussions at this workshop The direction is likely to be set through discussions at this workshop Need to look at viability of perspective view as useful visualization technique Need to look at viability of perspective view as useful visualization technique Can it be applied effectively across a range of applications and situations? Can it be applied effectively across a range of applications and situations? If it seems to be a helpful approach, then we can consider how this visualization might be done in practice If it seems to be a helpful approach, then we can consider how this visualization might be done in practice We are (in parallel) considering other visualization problems We are (in parallel) considering other visualization problems how to present snapshots of host security information (e.g., personal firewall, virus scanner) how to present snapshots of host security information (e.g., personal firewall, virus scanner) starting a small stud y on how people use visual security cues in web browsers starting a small stud y on how people use visual security cues in web browsers

8 Conclusions We feel that it is important to provide support for at-a-glance visualization of security information We feel that it is important to provide support for at-a-glance visualization of security information This is not an easy problem: complex area, need to integrate variety of data types and tasks, don’t want to overwhelm user This is not an easy problem: complex area, need to integrate variety of data types and tasks, don’t want to overwhelm user Work is at very early stages: we hope to work with the researchers at this workshop to further refine our approach Work is at very early stages: we hope to work with the researchers at this workshop to further refine our approach

9 Thanks! Thanks for your kind attention Thanks for your kind attention Thanks to Diana Smetters (PARC) and Paul Dourish (UC Irvine) for feedback on these early ideas Thanks to Diana Smetters (PARC) and Paul Dourish (UC Irvine) for feedback on these early ideas Please forward comments, suggestions, flames, etc., to whalen at cs dot dal dot ca Please forward comments, suggestions, flames, etc., to whalen at cs dot dal dot ca

Download ppt "Techniques for Visual Feedback of Security State Tara Whalen and Kori Inkpen Faculty of Computer Science Dalhousie University whalen at cs dot dal dot."

Similar presentations

E-Learning Models Desk Study Chris Fowler. www.chimera.uk.com Purpose To explain our current thinking and specification of the E-Learning Models Advisor.

E-Learning Models Desk Study Chris Fowler. Purpose To explain our current thinking and specification of the E-Learning Models Advisor.
Constructivist Learning versus Explicit Teaching: A personal discovery of balance Tara Tetzlaff Spring 2009.

Constructivist Learning versus Explicit Teaching: A personal discovery of balance Tara Tetzlaff Spring 2009.
Iñaki Merino Albaina MSc Program: Media & Knowledge Engineering Daily supervisors: drs. L.H.T.E. Yamane dr. ir. M.H. Vastenburg SCID group Faculty of Industrial.

Iñaki Merino Albaina MSc Program: Media & Knowledge Engineering Daily supervisors: drs. L.H.T.E. Yamane dr. ir. M.H. Vastenburg SCID group Faculty of Industrial.
User problems, scenarios and storyboards

User problems, scenarios and storyboards
Domain C4 Monitoring students’ understanding of content through a variety of means, providing feedback to students to assist learning, and adjusting learning.

Domain C4 Monitoring students’ understanding of content through a variety of means, providing feedback to students to assist learning, and adjusting learning.
“Our Village”: Project-based telecollaborative learning Maria Lurenda Suplido Westergaard UP Open University 6-7 September 2006.

“Our Village”: Project-based telecollaborative learning Maria Lurenda Suplido Westergaard UP Open University 6-7 September 2006.
User Interface Design Yonsei University 2 nd Semester, 2013 Sanghyun Park.

User Interface Design Yonsei University 2 nd Semester, 2013 Sanghyun Park.
Voyager Virtual Learning Environment (www.virtualmv.com/voyager) Overview of the Voyager Learner Suite (runs automatically)

Voyager Virtual Learning Environment ( Overview of the Voyager Learner Suite (runs automatically)
PERFORMANCE FOR ALL The Project & the System. A HE project co-ordinated by University of Bristol, open to HE internationally. Developing the requirements.

PERFORMANCE FOR ALL The Project & the System. A HE project co-ordinated by University of Bristol, open to HE internationally. Developing the requirements.
Lecture Nine Database Planning, Design, and Administration

Lecture Nine Database Planning, Design, and Administration
NOTES TO ANDERSON, CHAPTERS 10 & 11 PROFESSIONAL WRITING.

NOTES TO ANDERSON, CHAPTERS 10 & 11 PROFESSIONAL WRITING.
INTRODUCTION. Concepts HCI, CHI Usability User-centered Design (UCD) An approach to design (software, Web, other) that involves the user Interaction Design.

INTRODUCTION. Concepts HCI, CHI Usability User-centered Design (UCD) An approach to design (software, Web, other) that involves the user Interaction Design.
Domain Modeling (with Objects). Motivation Programming classes teach – What an object is – How to create objects What is missing – Finding/determining.

Domain Modeling (with Objects). Motivation Programming classes teach – What an object is – How to create objects What is missing – Finding/determining.
Big Ideas and Problem Solving in Junior Math Instruction

Big Ideas and Problem Solving in Junior Math Instruction
Video Conferencing and discussion boards as communication tools Pip Huyton – London Mathematics Challenge Coordinator London Mathematics Challenge.

Video Conferencing and discussion boards as communication tools Pip Huyton – London Mathematics Challenge Coordinator London Mathematics Challenge.
Technology and Motivation

Technology and Motivation
History–Social Science: Unit 2, Key Topic 4http://facultyinitiative.wested.org/1.

History–Social Science: Unit 2, Key Topic 4http://facultyinitiative.wested.org/1.
Sofia Carlander Kinoshita Laboratory 2004/2005

Sofia Carlander Kinoshita Laboratory 2004/2005
Platforms for Learning in Computer Science July 28, 2005.

Platforms for Learning in Computer Science July 28, 2005.
Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Similar presentations

Ads by Google