Re: visualizing security techniques

[Marsh Ray <marsh () extendedsubset com>]

On 11/04/2010 07:20 PM, travis+ml-dailydave () subspacefield org wrote:
> So for those of you who make presentations for non-experts, I was
> wondering if you had any ideas on how to create compelling
> graphics/video/animations for security presentations.

There are a lot of good "security fail" pictures floating around the 
net. Sometimes these illustrate perfectly even some relatively deep 
principles and everyone in the audience can relate to them.

> Now, I don't need fancy graphics to explain something to this list - I
> can just say DEP or ALSR or ROP and we're all on the same page.  But
> for teaching the concept in the first place... sometimes some
> animation is worth a thousand words.

Yep.

> I almost finished an electrical engineering degree before switching to
> CS, and I found myself inventing a method for visualizing linear
> circuits.  Electricity was water, a capacitor was a bladder,

The books I read just had a wide pool or a literal tank.

> resistors
> were narrowing of the pipes, and an inductor was... well, no direct
> analogy,

That's a hard one. A paddlewheel with an inertial flywheel?

> but I had a visualization for the magnetic field building up
> and collapsing.  Turns out I wasn't the only one who did this, but I
> was upset I had to invent it independently.

When I was little, the cell phone store "Radio Shack" used to sell 
discrete components. They had an booklet series on electronics which 
explored this analogy pretty thoroughly with cartoons.

> Other things that really could benefit from visualization are mixing
> in radio circuits and "beat frequencies" in audio.

Sometimes you just can't beat a primitive oscilloscope.

> So, does anyone have good ideas on making presentations for teaching
> security concepts?  Do you guys have personal ways for visualizing
> any security techniques or processes?

I've been experimenting with OpenGL lately. I saw a vendor discussing a 
product which gave a 3D depiction of the subject network. If/when WebGL 
exposes 3D to Javascript in a useful way, we might expect that format to 
become more commonplace.

> I'm mostly interested in F/LOSS tools, which certainly limits the
> options available.

I haven't found anything you can't do yet with OSS apps, that really 
needs doing.

> I use lyx with the Beamer template for
> presentations, which produces nice PDFs, but it can't do animations or
> embedded video clips.

It depends on your audience and it depends on your message, but IMHO 
those things are usually more of a distraction. But don't listen to me, 
I'm not exactly a master presenter.

The few times I've tried to mix video into a presentation it didn't go 
smoothly. It's hard to get the sound level right. One time it cut off 
the critical last few seconds of the clip for no reason - this was a 
commercial product on a Mac.

I currently have a mixed-media presentation in early stages. I'm 
thinking of just having the animation code run live the whole time and 
interacting with it as part of the talk rather than trying to switch 
apps and stuff in the middle of the talk. The challenge may be then to 
make it not feel like a software demo.

> PS: If anyone here has network security inclinations, perhaps you
> can tell me how to best graphically explain this:
>
> http://www.subspacefield.org/security/dfd/

May I suggest a policy of not drawing a brick wall that's on fire? 
Perhaps you could start a trend.

Your app reminds me of http://en.wikipedia.org/wiki/Maxwell%27s_demon
which has a long tradition of visual depictions. You might look there 
for inspiration.

Dave doesn't usually take a lot of follow-ups, but for anyone who's 
interested, we should continue the discussion with off-list CC.

- Marsh
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave