Semantic Zooming

Often security visualisations will either be too simple in their attempts to abstract a model, or too complex and confusing by trying to show all the data. An approach to address this issue is semantic zooming which applies meaning to different zoom levels. As more and more visualisations are digital in format, taking advantage of interactivity allows one to generalise parameters of a security model depending on the level of inspection, providing more abstract representations at a macro view, and only displaying the complex intricacies when in a micro view. This corresponds to the act of zooming into an online map to reveal additional details.

This approach complements the of stacking visual elements, as it allows elements to be seen only when such detail is required. For example, when viewing attacker profiles from a macro view, it is only important to show the total perceived threat that an attacker has. As a result, the attacker can be represented by a single circle whose radius is the sum of the stacked circles. A zoom provides a more detailed view, where a viewer might want to inspect how parameters differ between attackers; only at this point does the visualisation reveal the individual stacked elements. By displaying this detail only when necessary, it is possible to create visualisations that can be relatively simple without any loss of information while still allowing the viewer to take a closer look.

On the left a generalised, zoomed-out state of an object, on the right a detailed view that allows for a specific inspection of each element.
On the left a generalised, zoomed-out state of an object, on the right a detailed view that allows for a specific inspection of each element.

When applying the stackable legend in section stacking parameters to massive attack trees, the overall visual effect of the visualisation becomes confusing and harder to read. Viewers are not as able to follow paths as easily as before. However, semantic zooming can be applied in multiple ways. Because the stacked lines are only necessary at a very detailed level, it is perfectly fine to show the average threat level at a macro view with other paths or the entire tree. Only when zooming in to view specific paths will the individual stacked lines be revealed to the viewer. This eliminates the original complexity at a macro level while still allowing specificity at a micro level.

This can be combined with a rearrangement of the linearised attack trees to present the paths in a more understandable manner. By using a radial view for the linearised attack trees at a macro view and transitioning to a table, in which information about the total path can be displayed alongside each path upon user interaction, it can be possible to sort and analyse paths in a way that might otherwise be unwieldy at the macro level. A viewer can then zoom in even closer to see an individual path and its stacked line components, as well as any intermediate labels that might not have been shown before.

radial_difficulty_step
Example of a linearised attack tree that uses the principle of semantic zooming. In this case, the parameter displayed is difficulty, as general difficulty for one attack trace and per step.

 Try out the very rudimentary demo.