Techniques for Visual Feedback of Security State Tara Whalen and Kori Inkpen Faculty of Computer Science Dalhousie University whalen at cs dot dal dot.

Slides:

Advertisements

Similar presentations

E-Learning Models Desk Study Chris Fowler. Purpose To explain our current thinking and specification of the E-Learning Models Advisor.

Advertisements

Constructivist Learning versus Explicit Teaching: A personal discovery of balance Tara Tetzlaff Spring 2009.

Iñaki Merino Albaina MSc Program: Media & Knowledge Engineering Daily supervisors: drs. L.H.T.E. Yamane dr. ir. M.H. Vastenburg SCID group Faculty of Industrial.

User problems, scenarios and storyboards

Domain C4 Monitoring students’ understanding of content through a variety of means, providing feedback to students to assist learning, and adjusting learning.

“Our Village”: Project-based telecollaborative learning Maria Lurenda Suplido Westergaard UP Open University 6-7 September 2006.

User Interface Design Yonsei University 2 nd Semester, 2013 Sanghyun Park.

Voyager Virtual Learning Environment ( Overview of the Voyager Learner Suite (runs automatically)

PERFORMANCE FOR ALL The Project & the System. A HE project co-ordinated by University of Bristol, open to HE internationally. Developing the requirements.

Lecture Nine Database Planning, Design, and Administration

NOTES TO ANDERSON, CHAPTERS 10 & 11 PROFESSIONAL WRITING.

INTRODUCTION. Concepts HCI, CHI Usability User-centered Design (UCD) An approach to design (software, Web, other) that involves the user Interaction Design.

Domain Modeling (with Objects). Motivation Programming classes teach – What an object is – How to create objects What is missing – Finding/determining.

Big Ideas and Problem Solving in Junior Math Instruction

Video Conferencing and discussion boards as communication tools Pip Huyton – London Mathematics Challenge Coordinator London Mathematics Challenge.

Technology and Motivation

History–Social Science: Unit 2, Key Topic 4http://facultyinitiative.wested.org/1.

Sofia Carlander Kinoshita Laboratory 2004/2005

Platforms for Learning in Computer Science July 28, 2005.

Networks and Security. Types of Attacks/Security Issues  Malware  Viruses  Worms  Trojan Horse  Rootkit  Phishing  Spyware  Denial of Service.

Introduction to Primary Science APP. What do the AFs look like? AF1 – Thinking Scientifically AF2- Understanding the applications & implications of science.

Samuvel Johnson nd MCA B. Contents  Introduction to Real-time systems  Two main types of system  Testing real-time software  Difficulties.

Effective Teaching of Health Reporting: Lectures and More Barbara Gastel, MD, MPH Texas A&M University Train the Trainer Workshop: Health Reporting for.

William H. Bowers – Modeling Users: Personas and Goals Cooper 5.

Current Situation and CI Requirements OOI Cyberinfrastructure Integrated Observatory Management Workshop San Diego May 28-29, 2008.

Step 6: Implementing Change. Implementing Change Our Roadmap.

Chapter 8: Systems analysis and design

Welcome to our sales workshop Writing a Sales Plan

 Prototype for Course on Web Security ETEC 550.  Huge topic covering both system/network architecture and programming techniques.  Identified lack.

Standards-Based Science Instruction. Ohio’s Science Cognitive Demands Science is more than a body of knowledge. It must not be misperceived as lists of.

Where USERS Make the Difference! Peer to Peer | Greater Scale | More Voices | Faster How to Personalize the Role Tailored Client – What you.

Communications support for the Vodafone EMF community Pre-read for EMF Leader Workshop, 8 April 2008 Dianne Sullivan & Ros Young.

DNA Computing BY DIVYA TADESERA. Contents  Introduction  History and its origin  Relevancy of DNA computing in 1. Hamilton path problem(NP problem)

Human Computer Interaction

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

A semi autonomic infrastructure to manage non functional properties of a service Pierre de Leusse Panos Periorellis Paul Watson Theo Dimitrakos UK e-Science.

Hao Wang Computer Sciences Department University of Wisconsin-Madison Authentication and Authorization.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Current Situation and CI Requirements OOI CyberInfrastructure Science User Requirements Workshop: San Diego January 23-24, 2008.

CS2003 Usability Engineering Human-Centred Design Dr Steve Love.

Summary of Distributed Computing Security Yifeng Zou Georgia State University

Introduction to Software Engineering. Why SE? Software crisis manifested itself in several ways [1]: ◦ Project running over-time. ◦ Project running over-budget.

User Interface Design & Usability for the Web Card Sorting You should now have a basic idea as to content requirements, functional requirements and user.

1 J. Keller, R. Naues: A Collaborative Virtual Computer Security Lab Amsterdam,Dec 4, 2006 Amsterdam, DEC 4, 2006 Jörg Keller FernUniversität in Hagen,

Addressing the Challenges of Implementation of the Results of National Research Initiatives From an Implementing Agency Perspective and from a National.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Reading Strategies To Improve Comprehension Empowering Gifted Children.

Meeting the needs of diverse learners k-6. Carol Ann Tomilson  Its not a strategy but a total way of thinking about learners, teaching and learning.

1 Roles and Responsibilities of The Learning Evidence Team at CCRI Presented at CCRI Peggy Maki

Session Objectives Analyze the key components and process of PBL Evaluate the potential benefits and limitations of using PBL Prepare a draft plan for.

Introduction. Steve Semler The Session in a Nutshell Figure out the business purpose and learning intent. Determine what actions or decisions the learners.

@theEIFoundation | eif.org.uk Early Intervention to prevent gang and youth violence: ‘Maturity Matrix’ Early intervention (‘EI’) is about getting extra.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Collective Information Practice: Exploring Privacy and Security as Social and Cultural.

Writing to Teach - Tutorials Chapter 2. Writing to Teach - Tutorials The purpose of a tutorial is to accommodate information to the needs of the user.

Electronic Student Notebook Albert Huang, Thomas Doeppner, Larry Rudolph,

 Online student survey, facilitator interview, documentary evidence (community archives).

Taking a bite out of the Apple What’s it for?

Classical Studies Meeting the literacy and language demands of the curriculum level and NCEA.

Contract Management Friday 20 July Agenda 1.Welcome and introductions 2.Supplier Relationship Management – an overview 3.Group exercise and feedback.

Assessment and Learning in Practice Settings (ALPS) © Assessing Competency in Practice : a multi disciplinary seminar Assessment.

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Enterprise Security Management Franklin Tinsley COSC 481.

Open Innovation Co-creation of innovation

Managing the Privacy of Incidental Information During Collaboration

An assessment framework for Intrusion Prevention System (IPS)

Smart Learning concepts to enhance SMART Universities in Africa

ROLE OF «electronic virtual enhanced research-engaged student teams» WEB PORTAL IN SOLUTION OF PROBLEM OF COLLABORATION INTERNATIONAL TEAMS INSIDE ONE.

Virology: An Interactive Guide

SECURITY AS NON-FUNCTIONAL REQUIREMENT IN SOFTWARE ENGINEERING

Presentation transcript:

Techniques for Visual Feedback of Security State Tara Whalen and Kori Inkpen Faculty of Computer Science Dalhousie University whalen at cs dot dal dot ca DIMACS Workshop on Usable Privacy and Security Software July 8, 2004

Introduction Trying to define an area for doctoral research Trying to define an area for doctoral research ideas very much in development: feedback welcome and encouraged! ideas very much in development: feedback welcome and encouraged! General focus: visualization of security information General focus: visualization of security information Goal: to give users appropriate feedback about security Goal: to give users appropriate feedback about security aid in assessment and carrying out appropriate actions aid in assessment and carrying out appropriate actions Dalhousie EDGE Lab focuses on collaboration and visualization Dalhousie EDGE Lab focuses on collaboration and visualization initial ideas focused on secure collaboration initial ideas focused on secure collaboration

Security Lens We looked at how to reveal security information for distributed collaboration We looked at how to reveal security information for distributed collaboration e.g., using a CSCW tool, or text messaging e.g., using a CSCW tool, or text messaging how to quickly communicate that security configuration was done correctly how to quickly communicate that security configuration was done correctly Led to the idea of a “security lens”: a representation of peering into a channel Led to the idea of a “security lens”: a representation of peering into a channel Consider relevant parties along the path of communication Consider relevant parties along the path of communication Use lens to show what security (secrecy) looks like from multiple perspectives: self, partner, world (eavesdroppers) Use lens to show what security (secrecy) looks like from multiple perspectives: self, partner, world (eavesdroppers) Currently a visualization technique, not a real tool Currently a visualization technique, not a real tool

Simple example: text message Include a lens in messaging application; user selects this when they want to run a check (preview) Include a lens in messaging application; user selects this when they want to run a check (preview) Shown below is communication between two parties Shown below is communication between two parties Set view to self, Bob or world to see what is revealed to each Set view to self, Bob or world to see what is revealed to each Could represent secrecy as unreadable text. Plaintext should be revealed only for self and partner Could represent secrecy as unreadable text. Plaintext should be revealed only for self and partner

Advantages At-a-glance view provides snapshot of useful security information At-a-glance view provides snapshot of useful security information Provides a sort of sanity check for configuration Provides a sort of sanity check for configuration Can provide information on demand – not intrusive, gives feedback at appropriate time Can provide information on demand – not intrusive, gives feedback at appropriate time Application-level data can provide context unavailable at lower level Application-level data can provide context unavailable at lower level e.g., can provide tailored feedback for specific actions, include info about private versus public keys, info about parties in communication e.g., can provide tailored feedback for specific actions, include info about private versus public keys, info about parties in communication

Challenges and Concerns Pragmatically difficult: application-level view requires integration of lens into different programs Pragmatically difficult: application-level view requires integration of lens into different programs Simple example is simplistic: does not take into account the complexity of many situations Simple example is simplistic: does not take into account the complexity of many situations Lens perspective might be only useful for transactions, not long-duration activities (monitoring) Lens perspective might be only useful for transactions, not long-duration activities (monitoring) How to use the lens perspective for one user across multiple programs; potentially many different tasks, data, and roles to incorporate How to use the lens perspective for one user across multiple programs; potentially many different tasks, data, and roles to incorporate How much approximation is appropriate? How much approximation is appropriate? Don’t want abstraction to cloud the facts Don’t want abstraction to cloud the facts Correct configuration may not guarantee actual secrecy, and incorrect configuration may succeed if encryption exists at lower level Correct configuration may not guarantee actual secrecy, and incorrect configuration may succeed if encryption exists at lower level Would users bother to adjust perspective? Would users bother to adjust perspective?

Future Directions The direction is likely to be set through discussions at this workshop The direction is likely to be set through discussions at this workshop Need to look at viability of perspective view as useful visualization technique Need to look at viability of perspective view as useful visualization technique Can it be applied effectively across a range of applications and situations? Can it be applied effectively across a range of applications and situations? If it seems to be a helpful approach, then we can consider how this visualization might be done in practice If it seems to be a helpful approach, then we can consider how this visualization might be done in practice We are (in parallel) considering other visualization problems We are (in parallel) considering other visualization problems how to present snapshots of host security information (e.g., personal firewall, virus scanner) how to present snapshots of host security information (e.g., personal firewall, virus scanner) starting a small stud y on how people use visual security cues in web browsers starting a small stud y on how people use visual security cues in web browsers

Conclusions We feel that it is important to provide support for at-a-glance visualization of security information We feel that it is important to provide support for at-a-glance visualization of security information This is not an easy problem: complex area, need to integrate variety of data types and tasks, don’t want to overwhelm user This is not an easy problem: complex area, need to integrate variety of data types and tasks, don’t want to overwhelm user Work is at very early stages: we hope to work with the researchers at this workshop to further refine our approach Work is at very early stages: we hope to work with the researchers at this workshop to further refine our approach

Thanks! Thanks for your kind attention Thanks for your kind attention Thanks to Diana Smetters (PARC) and Paul Dourish (UC Irvine) for feedback on these early ideas Thanks to Diana Smetters (PARC) and Paul Dourish (UC Irvine) for feedback on these early ideas Please forward comments, suggestions, flames, etc., to whalen at cs dot dal dot ca Please forward comments, suggestions, flames, etc., to whalen at cs dot dal dot ca