How Can Visualization Affect Security?

Joana Muchagata and Ana Ferreira

CINTESIS - Centre for Health Technology and Services Research, Faculty of Medicine, University of Porto, Portugal

Keywords: Human Computer Interaction, Security of Mobile Visualization Design, User-adaptive Visualization,

Electronic Health Records.

Abstract: Technology like computers and especially mobile devices have changed the way people see and interact

with the world. Many of our everyday tasks are only completed using technology supported by different

platforms (desktop computers, laptops, tablets and smartphones) so the visualization of content is presented

differently depending on the used device and type of information requested. However, even with user-

healthcare data. More research is needed to define and validate security visualization techniques integrated

into human mobile interactions, to better provide for the security and privacy of sensitive data.

1 INTRODUCTION

Today we live in a technological society where our

everyday tasks are completed efficiently and

effectively using computers and communication

devices (Moon and Chang, 2014). Although

technologies like desktops are still very common,

mobile devices like smartphones or tablets are very

useful to support user needs on the move (Burigat,

interfaces, the latest generation of smartphones are

progressively viewed as handheld computers

(Boulos, Wheeler, Tavares and Jones, 2011). These

improvements have made possible to include

advanced visualization techniques in most

computing application areas, such as medicine,

engineering and science. Also, the adaptation of

these techniques to mobile devices increases the

power of visualization to anytime, anywhere

(Chittaro, 2006). Visualization can make a wide

obvious one being the small screen size.

But visualization is not only a matter of

information type and content. The way people

interact with interfaces can affect information

security and privacy. How can a user be searching

for information in a mobile device, within a specific

place and context, while having the guarantee that

the way that information is displayed is the most

secure and private? One very common example is

when users access personal or sensitive data (e.g.,

those can be eavesdropped by attackers listening to

public non secure Wi-Fi hotspots.

The main goal of this paper is to review and

analyse the way information is visualized depending

on a user’s context and type of device and how this

similar research work within the literature.

Muchagata, J. and Ferreira, A.

How Can Visualization Affect Security?.

DOI: 10.5220/0006695505030510

The next section presents the state of the art

while section 3 describes the methods used to

analyse existing visual techniques and related

security. Section 4 presents the recommendation list

of visual techniques for improved security and

section 5 describes two use-cases to validate the

obtained list. Section 6 discusses the obtained results

while section 7 concludes the paper.

2 STATE OF THE ART

A Google study on devices (Google, 2016) revealed

users prefer to use more than one type of device. It is

estimated that users spend 3 hours per day on

smartphones, about 2 hours on a computer and a

multiple types of devices on the same day, and even

when they are using the computer they are also using

another device. The study also shows that the

preferred places to use a smartphone are at home,

work, stores, restaurants and bars, and the most used

resource is the web and after that, apps.

both desktop and mobile? What type of content do

they explore, download, buy and avoid on those

devices? Is one more trusted than the other?

The majority of tasks are supported by both

platforms (desktop and mobile) but the results are

visualized differently as they may have a different

presentation and layout. Usually, in a mobile

version, information is displayed in small pieces and

interactive elements are larger for touch interactions.

In the desktop version there is also the opportunity

browser), environment (location, light, noise) and

social aspects (privacy or collaboration) (Paterno,

2014). When users are on the move or when they are

looking for specific information and need a quick

answer, they prefer to use a mobile device.

Meanwhile, time consuming activities and specific

types of software are reserved to a computer. And in

some cases, users choose multiple devices because

this makes it easier to accomplish a task (Chittaro,

2006) (Paterno, 2014).

Studies in the field of security visualization are

relatively new and need more awareness. Many

times people access public Wi-Fi hotspots, often

located in populated areas such as coffee shops,

restaurants, hotels and airports, that offer little or no

security (Simmons, 2014) (Joshi, Aref, Ghafoor and

Spafford, 2001).

Briggs, 2014). One of the most common methods to

alert users about a possible event that can

compromise their protection are the security

warnings, and users may deal with them in different

situations (Bravo-Lillo, Cranor, Downs, Komanduri

and Sleeper, 2011) (Zaaba, Furnell and Dowland,

2014). However, in many times, users have

difficulties understanding the warnings as these can

have different representations depending on the

contexts and the level of severity (e.g. dialogue box,

technique to use at a specific request scenario and

decreases the size of more distant objects (Figure 2).

Figure 2: Example of a fish-eye view (Lapin, 2014).

With the previous study of different techniques and

visualization methods (subsection 4.1), in this

section we analyse the security of information taking

Many websites and apps are adapted and

visualized differently, with a specific design,

interface and layout characteristics, depending on

which device is used. Each of the methods has

advantages but at the same time has security

problems. The three main security characteristics:

Confidentiality, Integrity, Availability (CIA) can be

compromised in some situations.

Based on a few studies mentioned above

(Burigat, Chittaro and Gabrielli, 2008) (Chittaro,

availability can be compromised; and (c) how it is

possible to improve or prevent security problems.

User-adaptive visualization interface can be

understood as being an interface made by graphical

components (images, text and buttons) that change

and adapt its structure, behaviour and function based

on each individual’s information (Yelizarov and

Gamayunov, 2014) (Schwartze, Blumendorf and

Albayrak, 2010). Traditionally, information

connection, time and other security and privacy

aspects. The layout and information content must

change and adapt to those characteristics.

Schwartze et al., (Schwartze, Blumendorf and

Albayrak, 2010) also defend that the layout model

defines the spatial relationship between elements

(such as images, text and buttons) and set its width

and height depending on platform, environment and

user characteristics. In their opinion, a layout model

should be dynamic, where context sensitivity, user

situations, require an automatic context adaptation of

Wahlster, 2002) present a project named REAL.

This mobile pedestrian navigation system adapts the

presentation of route description according to the

Another study about a visit to a museum described

device with the adaptation of the style and content

presentation to the context and interests of the

visitors in order to provide a coherent presentation

throughout the visit. A similar study (Graziola,

Pianesi, Zancanaro and Goren-Bar, 2005) regards

the adaptation between a mobile museum guide and

the personality and attitudes of each participant. In

this case the authors used adaptive video

presentations, in which the system dynamically

composes video presentations by adding or

removing shots to provide detailed description,

depending on actual user interests, interaction

history as well as current and previous locations.

In order to demonstrate the application of Adaptive

level of security in a specific moment. The

techniques presented in Table 1 can be used to

improve security visualization.

The use-cases are based on two fictional EHR

apps. In Use-Case A, the user is a patient who needs

mobile device and the app MyHealth. Use-Case B

describes a mobile app called iMedicine used by a

doctor when searching for her patients’ records.

Paulo is a patient and he is at a pharmacy during

lunch time but there is a very long queue. While he

sign in through the app where he has the information

about all his medical records, including

appointments, prescriptions, tests, lab results and

medical notes. He needs to see the last medical

prescription in the system by his doctor to check for

allergies to a specific medication (Figures 3 and 4).

Figure 3: Before using the AGVI, Paulo, the patient, is

visual security.

Ideally, the AGVI in place analyses Paulo’s

characteristics: device (smartphone), location

(pharmacy/public place), connection (public open

pharmacy free Wi-Fi network so he does not need to

authenticate. This is considered as a high security

risk connection. As Paulo is in a pharmacy the

system only provides the items related with

“Medications” and “Prescriptions” (Figure 4).

“restructuring of the information space” (line 1 in

Table 1) can be used to adjust the information

content to the smartphone’s screen space. Also

“focus & context approaches”, more precisely the

fish-eye technique, is available (line 5 in Table 1).

This is useful if Paulo needs to see part of the

information in more detail. When using the fish-eye

technique the system uses a timer for restricting the

duration of zooming moments in contexts of high

security risk (in this case 5 seconds).

some diagnostic in an x-ray exam. Dr. Luísa has her

smartphone with her so she accesses the app with

her doctor credentials. She is using the free Wi-Fi

network from the coffee shop so it is a high security

risk connection. She signs into the app and she

searches for the patient’s exam result. Again,

without the AGVI she is able to see everything: her

profile, her patients, appointments, exams and other

info. After choosing the exams icon she can see the

list of all her patients and select the patient she needs

Figure 5: Before using the AGVI Dr. Luísa is able to see

everything about her profile, patient’s information and

exam details.

visualization technique from Table 1 is also applied.

She can use the technique “overview and detail

approaches” (line 4 in Table 1) to highlight a

specific part of the exam that was mentioned by her

colleague (third image in Figure 6). At all times she

the “+info” icon.

Figure 6: After using the AGVI, the app shows

information according with user’s most common accessed

In this study we focus on techniques and

ways to securely interact with their device. The

authors could not find research work that provides

impact on security. There are some techniques

available that focus on adapting views to types of

devices, mainly screen size (section 4).

Nevertheless, these techniques can indirectly

influence the three main characteristics of security

(e.g., CIA). Table 1 presents this analysis and,

although it focuses on only five visualization

techniques, it is easy to see that each technique can

influence positively or negatively CIA. This

contexts. This is certainly crucial in more sensitive

environments such as healthcare and with the use of

mobile devices that allow access to information

anytime/anywhere. Still, the provided analysis is

generic and needs to be more detailed,

complemented and validated in future work.

Adaptive Graphical Visualization Interface

(AGVI) to user and content is a technique that is

more focused on context and user requirements than

the type of device used and so can be a relevant

other issues need to be studied and solved for this

scenario as patient sensitive information still travels

easily eavesdropped.

Use-case B presents a similar scenario but now

with the perspective of a healthcare professional.

Different contextual, type of access, technical means

and user characteristics apply and so different visual

techniques are used to adapt to these. Again, the

differences between using and not using the AGVI

are notorious. A lot of information that is not

required for a specific context can be hidden and

contributes with a list of visualization techniques

and their appliance in healthcare scenarios for

improved privacy and security. However, this is just

the starting point as altering information

visualization can also affect usability. There is the

need to further test and analyse different scenarios

and thoroughly validate security as well as usability

issues involved.

Limitations. There is not much research data

existing visualization techniques and show how

these can affect security and privacy of the

visualized data. We worked with existing techniques

these techniques in two use-cases on the healthcare

domain. It was not possible to test in real scenarios

with real users to see if the proposed adaptations

really improve privacy and security of health data.

Despite all the security mechanisms that can be in

place to protect applications, the way people interact

with interfaces is a crucial issue to take into

consideration as this can affect information security

challenge, both to define and validate. This paper

presents a first step in that direction but much needs

test users’ different visualization needs and abilities

and how the system can adapt and show detailed

results for a specific situation. We also aim to

identify the importance of having a system where

visualizations can be customized and support users

according to their individual needs and roles in the

healthcare practice.

Development Fund (ERDF).

20, 304-312.

(ICT4M).