Sesame: Informing User Security Decisions with System Visualization

sesameInforming User Security Decisions with System Visualization Jennifer Stoll

Craig TashmanW. Keith Edwards

Kyle Spafford



Kyle Spafford

What does internet access mean here?Why should the user care?

What does loadsys.exe mean?

What is an IP?

How should user interpret this?

What if user changes their mind?

What are the implications of this decision?



Kyle Spafford



Kyle Spafford

loadsys.exe Properties



Kyle Spafford

loadsys.exe PropertiesDoes not support informed decision making

Information presented through unfamiliar abstractions

Too little relevant information

Lack of a model for assessing impacts of choices

Make a better UI

Automate everything and eliminate user

Problemtwo solutions

what we didour approach

The

Develop design approach

Focus on UIs that expose low level concepts

Evaluate approach through simplified firewall

Problemtwo solutions

what we didour approach

The

Problem 2: Information presented through unfamiliar abstractions

Problem 1: Too little relevant information

Problem 3: Lack of a model for assessing impacts of choices

Problemtwo solutionswhat we did

our approach

The



Solution: - Visually represent wide variety of information.

- Use direct manipulation and semantic zooming to facilitate pattern and trend identification.



our approach

The




Solution: - Concretize relevant abstractions

- Depict in relation to more familiar concepts


our approach

The




Solution: - Embed abstractions in spatial/physical metaphor

- Extend the familiar desktop


our approach

The

What data would be relevant tocommon threats in firewall purview?

IDEAS design

data to showEarly

What data would be relevant tocommon threats in firewall purview?

Processes- Name - Connected servers

- Server geography- Server domain- Server owner

- Resource usage- Vendor- Install date- Window ownership

Network

IDEAS design

data to showEarly

IDEASdata to show

designEarly

EvaluationFormative

EvaluationFormative

People understand concrete representation

Could infer many relationships (e.g., process/window)

Difficulties with remote objects being remote

Difficulties with false causality between processes

Demo...

an exploration of our design approach

Sesame reasoning

live demoexploring

Sesamelive demo

reasoningexploring

unfamiliar abstractions

too little information...

Lack of a model

calc.exe

Engine: calc.exeVerified

Old Engine

Low CPU Usage

Semantic zooming

>

A

A

AAA

A

A

A

AAA

A

A

A

AAA

A

A

A

AAAA

A AAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAA

AAAA

AAAA

Power Reset Computer on the internet...

Georgia Institute of TechnologyDomain: www.gatech.eduLocation: 35 5th StreetAtlanta, GA, USA

>

A

A

AAA

A

A

A

AAA

A

A

A

AAA

A

A

A

AAAA

A AAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAA

AAAA

AAAA

Power Reset

Owner: The Georgia Inst...

Process Remote Computer



Lack of a model

calc.exe

calc.exe

calc.exe

Outlier Identification

calc.exe

Sesamelive demo

reasoningexploring



Lack of a model

Concretize Abstractions

>

A

A

AAA

A

A

A

AAA

A

A

A

AAA

A

A

A

AAAA

A AAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAA

AAAA

AAAA

Power Reset

Remote computer owned byUniversity System of Georgia

mdm.exe

WindowlessProcess

Process witha Window

Connection

Remote Computer

calc.exe

Sesamelive demo

reasoningexploring



Lack of a model

Relate unfamiliar to familiarwithin a spatial model

>

A

A

AAA

A

A

A

AAA

A

A

A

AAA

A

A

A

AAAA

A AAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAA

AAAA

AAAA

Power Reset


>

A

A

AAA

A

A

A

AAA

A

A

A

AAA

A

A

A

AAAA

A AAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAA

AAAA

AAAA

AAAA

Power Reset


calc.exe

Sesamelive demo

reasoningexploring

Is the data meaningful/usable?

Do users understand the visualization?

What is cumulative impact of UI design on security decisions?

Sesamequestionsevaluating

Average of 9-10 years computing experience

Unfamiliar with low level computing concepts

20 undergraduate students, non-computing majors

45% female, 55% male

Sesameparticipantsevaluating

Experimental group used Sesame UI, control used ZoneAlarm

No training given for using either system

Users given 6 situations, had to assess potential threat

Experimental group given 60 sec to explore Sesame

Sesameorganizationevaluating

Attempted outgoing connection from loadsys.exe

Site claiming to be Citibank

Attempted incoming connection to intmonp.exe

Attempted incoming connection to iexplore.exe

Site claiming to be Mid America Bank

Attempted outgoing connection from outlook.exe

non-threat

non-threat

non-threat

threat

threat

threat

Answering firewall popup alerts

Assessing possible phishing websites

Sesame scenariosevaluating

Success Rate By Task

0

20

40

60

80

100

T1 T2 T3 T4 T5 T6

Sesame

Control

Scenario

Su

cce

ss r

ate

(%

)

Overall: Sesame had 77.8% (73.4% with outlier) success vs 60% for control.

Firewall tasks only: Sesame users did 40% better (20% with outlier)

Sesame scenario assessmentevaluating

Without being taught, people could leverage low-level data to significantly improve their assessment of possible threats.

Users took advantage of the added information we presented

Users largely understood the Sesame model

Control group relied mostly on process names

8 out of 10 understood window-process relationship

But only 2 out of 10 understood background processes

8 out of 10 understood which areas were outside computer

8 out of 10 understood process-server relationship

Sesame group used data about local processes and remote systems

Half of Sesame users reported using the geography information

Some users had difficulty knowing where to look in visualization

Sesame feedbackevaluating

Relate different levels of abstraction

Leverage perceptual assumptions vis a vis spatial metaphors

Metaphoric 3D models can express larger system, of which Desktop is one piece

Have concrete policies spatially reside inside objects they apply to

Gain more information through (semantic) zooming

Visual effects, like swiveling the desktop, can show transitions between levels

Vital to connect new concepts to familiar ones

for Designprinciples

Direct Manipulation User Interfaces

Where to go from here...

Appear viable for security interfaces

Applications can routinely embed system-level models

But metaphor consistency will be important

We have to find a representational approach that is extensible

We can expand further, to configuration and other necessarily low level Uis

for Designprinciples

Questions...

Jennifer Stoll [email protected]

[email protected]

[email protected]

[email protected]

Craig Tashman

W. Keith Edwards

Kyle Spafford

Thank you[sesame]

Sesame: Informing User Security Decisions with System Visualization

Technology

Transcript of Sesame: Informing User Security Decisions with System Visualization