sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
What does internet access mean here?Why should the user care?
What does loadsys.exe mean?
What is an IP?
How should user interpret this?
What if user changes their mind?
What are the implications of this decision?
sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
loadsys.exe Properties
sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
loadsys.exe Properties
sesameInforming User Security Decisions with System Visualization Jennifer Stoll
Craig TashmanW. Keith Edwards
Kyle Spafford
loadsys.exe PropertiesDoes not support informed decision making
Information presented through unfamiliar abstractions
Too little relevant information
Lack of a model for assessing impacts of choices
Make a better UI
Automate everything and eliminate user
Problemtwo solutions
what we didour approach
The
Make a better UI
Automate everything and eliminate user
Problemtwo solutions
what we didour approach
The
Develop design approach
Focus on UIs that expose low level concepts
Evaluate approach through simplified firewall
Problemtwo solutions
what we didour approach
The
Problem 2: Information presented through unfamiliar abstractions
Problem 1: Too little relevant information
Problem 3: Lack of a model for assessing impacts of choices
Problemtwo solutionswhat we did
our approach
The
Problem 2: Information presented through unfamiliar abstractions
Problem 1: Too little relevant information
Solution: - Visually represent wide variety of information.
- Use direct manipulation and semantic zooming to facilitate pattern and trend identification.
Problem 3: Lack of a model for assessing impacts of choices
Problemtwo solutionswhat we did
our approach
The
Problem 2: Information presented through unfamiliar abstractions
Problem 1: Too little relevant information
Problem 3: Lack of a model for assessing impacts of choices
Solution: - Concretize relevant abstractions
- Depict in relation to more familiar concepts
Problemtwo solutionswhat we did
our approach
The
Problem 2: Information presented through unfamiliar abstractions
Problem 1: Too little relevant information
Problem 3: Lack of a model for assessing impacts of choices
Solution: - Embed abstractions in spatial/physical metaphor
- Extend the familiar desktop
Problemtwo solutionswhat we did
our approach
The
What data would be relevant tocommon threats in firewall purview?
IDEAS design
data to showEarly
What data would be relevant tocommon threats in firewall purview?
Processes- Name - Connected servers
- Server geography- Server domain- Server owner
- Resource usage- Vendor- Install date- Window ownership
Network
IDEAS design
data to showEarly
IDEASdata to show
designEarly
IDEASdata to show
designEarly
IDEASdata to show
designEarly
IDEASdata to show
designEarly
EvaluationFormative
EvaluationFormative
EvaluationFormative
People understand concrete representation
Could infer many relationships (e.g., process/window)
Difficulties with remote objects being remote
Difficulties with false causality between processes
Demo...
an exploration of our design approach
Sesame reasoning
live demoexploring
Sesamelive demo
reasoningexploring
unfamiliar abstractions
too little information...
Lack of a model
calc.exe
Engine: calc.exeVerified
Old Engine
Low CPU Usage
Semantic zooming
>
A
A
AAA
A
A
A
AAA
A
A
A
AAA
A
A
A
AAAA
A AAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAA
AAAA
AAAA
Power Reset Computer on the internet...
Georgia Institute of TechnologyDomain: www.gatech.eduLocation: 35 5th StreetAtlanta, GA, USA
>
A
A
AAA
A
A
A
AAA
A
A
A
AAA
A
A
A
AAAA
A AAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAA
AAAA
AAAA
Power Reset
Owner: The Georgia Inst...
Process Remote Computer
unfamiliar abstractions
too little information...
Lack of a model
calc.exe
calc.exe
calc.exe
Outlier Identification
calc.exe
Sesamelive demo
reasoningexploring
unfamiliar abstractions
too little information...
Lack of a model
Concretize Abstractions
>
A
A
AAA
A
A
A
AAA
A
A
A
AAA
A
A
A
AAAA
A AAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAA
AAAA
AAAA
Power Reset
Remote computer owned byUniversity System of Georgia
mdm.exe
WindowlessProcess
Process witha Window
Connection
Remote Computer
calc.exe
Sesamelive demo
reasoningexploring
unfamiliar abstractions
too little information...
Lack of a model
Relate unfamiliar to familiarwithin a spatial model
>
A
A
AAA
A
A
A
AAA
A
A
A
AAA
A
A
A
AAAA
A AAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAA
AAAA
AAAA
Power Reset
Remote computer owned byUniversity System of Georgia
>
A
A
AAA
A
A
A
AAA
A
A
A
AAA
A
A
A
AAAA
A AAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAA
AAAA
AAAA
AAAA
Power Reset
Remote computer owned byUniversity System of Georgia
calc.exe
Sesamelive demo
reasoningexploring
Is the data meaningful/usable?
Do users understand the visualization?
What is cumulative impact of UI design on security decisions?
Sesamequestionsevaluating
Average of 9-10 years computing experience
Unfamiliar with low level computing concepts
20 undergraduate students, non-computing majors
45% female, 55% male
Sesameparticipantsevaluating
Experimental group used Sesame UI, control used ZoneAlarm
No training given for using either system
Users given 6 situations, had to assess potential threat
Experimental group given 60 sec to explore Sesame
Sesameorganizationevaluating
Attempted outgoing connection from loadsys.exe
Site claiming to be Citibank
Attempted incoming connection to intmonp.exe
Attempted incoming connection to iexplore.exe
Site claiming to be Mid America Bank
Attempted outgoing connection from outlook.exe
non-threat
non-threat
non-threat
threat
threat
threat
Answering firewall popup alerts
Assessing possible phishing websites
Sesame scenariosevaluating
Success Rate By Task
0
20
40
60
80
100
T1 T2 T3 T4 T5 T6
Sesame
Control
Scenario
Su
cce
ss r
ate
(%
)
Overall: Sesame had 77.8% (73.4% with outlier) success vs 60% for control.
Firewall tasks only: Sesame users did 40% better (20% with outlier)
Sesame scenario assessmentevaluating
Without being taught, people could leverage low-level data to significantly improve their assessment of possible threats.
Users took advantage of the added information we presented
Users largely understood the Sesame model
Control group relied mostly on process names
8 out of 10 understood window-process relationship
But only 2 out of 10 understood background processes
8 out of 10 understood which areas were outside computer
8 out of 10 understood process-server relationship
Sesame group used data about local processes and remote systems
Half of Sesame users reported using the geography information
Some users had difficulty knowing where to look in visualization
Sesame feedbackevaluating
Relate different levels of abstraction
Leverage perceptual assumptions vis a vis spatial metaphors
Metaphoric 3D models can express larger system, of which Desktop is one piece
Have concrete policies spatially reside inside objects they apply to
Gain more information through (semantic) zooming
Visual effects, like swiveling the desktop, can show transitions between levels
Vital to connect new concepts to familiar ones
for Designprinciples
Direct Manipulation User Interfaces
Where to go from here...
Appear viable for security interfaces
Applications can routinely embed system-level models
But metaphor consistency will be important
We have to find a representational approach that is extensible
We can expand further, to configuration and other necessarily low level Uis
for Designprinciples
Questions...
Jennifer Stoll [email protected]
Craig Tashman
W. Keith Edwards
Kyle Spafford
Thank you[sesame]