A few weeks ago I was fortunate to attend a talk concerning the utility of virtual and synthetic worlds. One idea mentioned was the concept of using virtual environments as a means of which to visualize and interact with complex systems. From a security perspective, complex systems and the amalgamation of varying components often result in many unforeseen security issues. Systems interacting with, and depending upon one another in ways they were not originally designed will leave holes in the fabric (a fun platitude for security folks to chew on once more). Unfortunately, no revolutionary solution for devising uniform, comprehensively secure systems from their genesis are coming any time soon. So what can the security community do to compliment these manifold systems?
This idea of using virtual environments to visualize complex systems is very powerful, especially from a security perspective. Visualization would provide security engineers (network admins, application developers, etc) to see, dynamically, how systems are working and interacting. For instance, if a Web server begins to see heightened traffic rates, perhaps a visual image of the Web server (a blue server box or something to make it uniquely distinguishable) would expand to raise a red flag of a potential DDoS attack. Perhaps, a visualization of a complex system would allow admins to see what different protocols (lines w/ different colors?) are being used for disparate systems to communicate. Maybe, with regards to the “cloud“, visual representations for depicting VM segmentation and resource allocation could be used to symbolize data leaks between VMs, exposure to the host and hypervisor. The potential ways to use system visualizations via a virtual environment are endless. The next question is, how can one trust the visualizations one is seeing? But that’s for another day…
What about the ease of which users would be able to interact with their infrastructure? No more manually grep’ing through log files and modifying systems via command line and shell scripts. It’d be much easier to visually see a comprehensive view of one’s infrastructure and be able to make modifications with a few mouse clicks. Instead of interacting with complex systems by means of such complex methodology, we should be working to interact with them in more simplistic, intuitive ways.
Today, every systems engineer devises many system and network diagrams before deployment and implementation. But these forms of documentation are static. We need to begin implementing living visualizations that dynamically interact with our living systems.
Please understand this is simply conceptual and would require quite a bit of work to take place under the hood, but it’s fun to think about.
Security Visualizations of Complex Systems in Virtual Environments
September 2, 2009 by Douglas Crescenzi
[...] Security Visualizations of Complex Systems in Virtual Environments – Douglas Crescenzi, MetaSecurity « QOTD: Karl Popper [...]
At Green Phosphor we have spent the last two years building the infrastructure for doing exactly what you are talking about, Douglas.
We have a patent-pending gateway which can be hooked up to live datasources and/or applications outside a virtual world; the gateway produces visualizations in the world which are interactive – a user interacting with a visualization causes a message to go back out to the gateway, which can then respond with detail data, additional visualizations, or modifications to the current visualizations – or take some action with an application.
It currently works with Sun’s Wonderland .4, Second Life, and Forterra’s OLIVE.
Regards,
Ben
Wow, very cool. Do you have any documentation you can share?
but how do we use immersive, multisensory technology to create interactive representations of information that go beyond adding another dimension to a well established format of information display?
I agree that immersive 3D helps with visualization, but I believe that we have not yet cracked the code on how best to use VR to provide the human brain with the most efficient exposure to data/problem solving.
>>I agree that immersive 3D helps with visualization, but I believe that we have not yet cracked the code on how best to use VR to provide the human brain with the most efficient exposure to data/problem solving.
Excellent points. I think it will be important for these visualization products to be both granular and modular. Users need the autonomy to interact with these visualizations in a manner best suited to meet their needs. Although, this adds additional layers of complexity and could potentially overwhelm much of the user base.
right, and to continue my thought, I see VR misused in many different ways: creating a conference room in which you display a powerpoint presentation, creating a library filled with books, allowing web searches that float the pages returns in space, etc. there are many examples of how the multi-sensory dimensionality possibilities of VR are not used,in favor of simply extending a well establish model(eg, adding a 3rd dimension to a chart).
much of what we have established in 2D modeling was done so because there were no other variables to leverage(not including time).
What I am puzzled by is what I refer to as the “can’t find my shoes dilemma”. When I am at home, and I cannot find my shoes, I do not visualize a spreadsheet with a line item for all the possible locations of my shoes. What I do, is visualize my entire house, with subconcsious prioritization of the the most likely locations. and look at that – my shoes are sitting right by the door where I left them. in this case, adding a 3rd dimension to a spreadsheet will not help me much. BUT, providing a 3D representation of the “universe” of possible outcomes, with some baked in prioritization, this is how my brain works, and this is possible in VR.
There are many uses for this technology, and many styles of 3D user interface which can be automatically generated from data. A true 3D histogram can be a great way to compare multiple metrics over time – for example the net oil output of forty different countries, over time. The third dimension allows intuitive comparison of the trends of all the countries at once. I’ve been using it and it works.
A representation which uses geolocation and/or architecture, whether actual or simulated, to take advantage of the user’s spatial reasoning is a great paradigm as well, as Bauer points out. Green Phosphor does not want to be a bottleneck in the innovative use of 3D; rather than limiting our user community to the visualization styles we come up with, we will be releasing an API which allows any developer to create a plugin which relates data dimensions to simulated physical dimensions using whatever metaphors or style the developer chooses. Our technology becomes a framework enabling the innovation to come from anyone, and I think that is very important – because as has been said here, we are just scratching the surface of 3D and the right metaphors have not been worked out yet.
Here’s a video we just put out showing that our technology is now working in OLIVE:
http://www.youtube.com/watch?v=uSeIbhXQolI
And here’s one that was done in Sun Wonderland, showing greenhouse gas emissions visualized in 3D.
http://www.youtube.com/watch?v=azbkPvmlEjg
Regards,
Ben