Presentation is loading. Please wait.

Presentation is loading. Please wait.

Richard Johnson  How can we use the visualization tools we currently have more effectively?  How can the Software Development.

Published byJuliet Young Modified over 9 years ago

Similar presentations

Presentation on theme: "Richard Johnson  How can we use the visualization tools we currently have more effectively?  How can the Software Development."— Presentation transcript:

1 Richard Johnson richardj@microsoft.com

2  How can we use the visualization tools we currently have more effectively?  How can the Software Development Lifecycle benefit from visualizations?  What is the impact of visualizations on our software security processes?

3  What is visualization?  Information transmission through imagery  Why is visualization important?  Visualizations utilize the mind’s most perceptive input mechanism  What are the challenges in visualization?  Create intuitive spatial mappings of non-spatial data  Retain clarity while presenting highly dimensional data

4  Data Visualization

5  Information Visualization

6  Concept Visualization

7  Strategy Visualization

8  Metaphor Visualization

9  Problem Space  Program Visualization  Algorithm Visualization  Sourcing Data  Static vs Dynamic data  Inaccurate analysis tools  The goal is always: Reduce Complexity!

10  Structural Connectivity  Execution & Data Flow  Class Hierarchies  State Machine Models  Memory profile  Algorithm Complexity  Revision History  Age and authorship  Milestones in quality assurance

11  Execution tracing  Code coverage  Indirect relationships  Dynamic dependencies  Memory tracing  Heap management patterns  Object instances  Taint propagation  Environment

12  Attack Surface Area  Dataflow entry points  Privilege boundaries  Implementation Flaws  Arithmetic flaws  Comparison flaws  Unchecked user input  Exploitability  Execution environment  Compiler security  Reachability  History  Code age  Author credibility

13  Hierarchical Layout  Layered by order of connectedness  Not for highly connected graphs

14  Circular  Nodes aligned on circles  Clustering

15  Orthogonal  Edges aligned on axes  Clustering

16  Force Directed  Spring, Magnetic, and Gravitational force  Packing

17  Hyperbolic Space  Clarity on center focus  Packing

18  Higher Dimensional Space  Clarity with high connectivity  Multi-level views

19  Nodes  Spatial coordinates  Spatial extents  Color  Shape  Edges  Color  Shape  Width  Style

20  Nodes  Spatial coordinates  Spatial extents  Color  Shape  Edges  Color  Shape  Width  Style

21  Nodes  Spatial coordinates  Spatial extents  Color  Shape  Edges  Color  Shape  Width  Style

22  Observe binary interdependencies

23  Acquire a method level control flow graph

24

25  Reduce graph using code coverage data

26  Trace dataflow dependency to discover taint propagation

27  Use static analysis plugins to derive security properties such as GS and SafeSEH

28

29  Analyze non-covered paths in tainted functions

30

31  Examine source code where correlations occur

32  Source Code Revision History  History Flow

33  Source Code Revision History  History Flow

34  State Machine Models  Thinking Machine

35  State Machine Models  Thinking Machine

36 Richard Johnson richardj@microsoft.com

37

Download ppt "Richard Johnson  How can we use the visualization tools we currently have more effectively?  How can the Software Development."

Similar presentations

Saumya Debray The University of Arizona Tucson, AZ 85721.

Saumya Debray The University of Arizona Tucson, AZ
Introduction to Memory Management. 2 General Structure of Run-Time Memory.

Introduction to Memory Management. 2 General Structure of Run-Time Memory.
Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.

Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.
Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.

Building a Better Backtrace: Techniques for Postmortem Program Analysis Ben Liblit & Alex Aiken.
Providing Geography for Topology; A Schematic View of the National Watershed Boundary Dataset (WBD) James E. Mitchell, Ph.D. IT GIS Manager Kurt L. Johnson.

Providing Geography for Topology; A Schematic View of the National Watershed Boundary Dataset (WBD) James E. Mitchell, Ph.D. IT GIS Manager Kurt L. Johnson.
SVG Graph Browsers Data Visualization and Exploration With Directed Graphs in SVG.

SVG Graph Browsers Data Visualization and Exploration With Directed Graphs in SVG.
Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.

Linear Obfuscation to Combat Symbolic Execution Zhi Wang 1, Jiang Ming 2, Chunfu Jia 1 and Debin Gao 3 1 Nankai University 2 Pennsylvania State University.
Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.

Using Programmer-Written Compiler Extensions to Catch Security Holes Authors: Ken Ashcraft and Dawson Engler Presented by : Hong Chen CS590F 2/7/2007.
Graph Drawing Zsuzsanna Hollander. Reviewed Papers Effective Graph Visualization via Node Grouping Janet M. Six and Ioannis G. Tollis. Proc InfoVis 2001.

Graph Drawing Zsuzsanna Hollander. Reviewed Papers Effective Graph Visualization via Node Grouping Janet M. Six and Ioannis G. Tollis. Proc InfoVis 2001.
1 Presented by Jean-Daniel Fekete. 2  Motivation  Mélange [Elmqvist 2008] Multiple Focus Regions.

1 Presented by Jean-Daniel Fekete. 2  Motivation  Mélange [Elmqvist 2008] Multiple Focus Regions.
Midterm 2 Overview Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.

Midterm 2 Overview Fawzi Emad Chau-Wen Tseng Department of Computer Science University of Maryland, College Park.
Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.

Representing programs Goals. Representing programs Primary goals –analysis is easy and effective just a few cases to handle directly link related things.
Graph Visualization cs5764: Information Visualization Chris North.

Graph Visualization cs5764: Information Visualization Chris North.
1 Chapter Seven Large and Fast: Exploiting Memory Hierarchy.

1 Chapter Seven Large and Fast: Exploiting Memory Hierarchy.
LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.

LIFT: A Low-Overhead Practical Information Flow Tracking System for Detecting Security Attacks Feng Qin, Cheng Wang, Zhenmin Li, Ho-seop Kim, Yuanyuan.
Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al.

Improving Network Applications Security: a New Heuristic to Generate Stress Testing Data Presented by Conrad Pack Del Grosso et al.
An Introduction to Software Visualization Dr. Jonathan I. Maletic Software DevelopMent Laboratory Department of Computer Science Kent State University.

An Introduction to Software Visualization Dr. Jonathan I. Maletic Software DevelopMent Laboratory Department of Computer Science Kent State University.
7/2/2015cse410-25-deadlock © 2006-07 Perkins, DW Johnson and University of Washington1 Deadlock CSE 410, Spring 2008 Computer Systems

7/2/2015cse deadlock © Perkins, DW Johnson and University of Washington1 Deadlock CSE 410, Spring 2008 Computer Systems
Visualization of Graph Data CS 4390/5390 Data Visualization Shirley Moore, Instructor October 6, 2014 1.

Visualization of Graph Data CS 4390/5390 Data Visualization Shirley Moore, Instructor October 6,
Chad Wickman Kent State University Hypertext and Writing.

Chad Wickman Kent State University Hypertext and Writing.

Similar presentations

Ads by Google