Embed Size (px)
Citation preview
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Using Geographic Information Systems for Enhanced Security
Visualization
Matthew DunlopDavid Shelly
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Agenda
PurposeProblemStudy
DesignResults
PrototypeFuture
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
PurposeTo design a usable security visualization prototype tool that leverages global information systems (GIS)
Present security information more clearlyFacilitate rapid identification of network security shortcomingsAllow better protection of critical network assets
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
ProblemInformation overload
VT processes over 5 million emails per dayManages over 500 SMTP & 3500 HTTP servers
Analysts rely on multiple toolsAnalysis takes more time
Popular tools are not very usablePrimarily text basedDo not scale well for large networksGraphical representations are not intuitive
GIS adds context as well as scalability
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Current Security Tools – Text-basedSnort Wireshark
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Current Security Tools – GraphicalThe Network Visualizer Rumint
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Study Design - ParticipantsVirginia Tech system administratorsSANS IT professionalsU.S. Army network engineers
50 respondents
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Study Design – Question AreasBackground InformationSystem InformationSecurity InformationSecurity ToolsGIS Information
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Study Results – Background
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Study Results - PreferencesTop usability improvements
Improved user interfaceBetter summary of informationImproved visual representation
Other findingsPrefer customizabilityMultiple tools = longer time to isolate threats
Most important aspects of security tools
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Study Results - VisualizationVisualization not widely used
50% never used it to visualize networks76% never used it to visualize security
Openness to GIS visualization76% feel GIS tool would be useful for network visualization50% envision using it for security visualization
Helpful in explaining security to technical and nontechnical audiences
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
PrototypeDesign
Color-coded security status
Device details
Filtering options
Ability to drill down
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Detailed View
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Future WorkBuild working model of prototype
Conduct usability study
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech
Questions
