Feature request: Clarify color about threat-dragon HOT 15 CLOSED

A couple of thoughts:

1. I'd stay away from marking up each data flow for security/not, and only mark one or the other (probably insecure, since it's needs attention)
2. Boxes around labels make them harder to distinguish from other things.
3. (deeper) What toggles the secure label? Is it only TLS? What about the difference between message security (S/mime or DKIM) vs channels security (start-tls, or only with MTS-STS?)

from threat-dragon.

For v2, there will be a help section added to the diagram page itself that will show the indicators. I agree with the OP that using colors isn't the best choice due to printers as well as people with color-blindness (green vs red can be very hard to differentiate).

Do we want to just include the key for v2, or should we discuss alternatives for UI indicators?

from threat-dragon.

and just to recap on what all the components mean :

from threat-dragon.

Building off of the material provided, how do you feel about having an icon be present as part of the data flow label, and the protocol in parenthesis after the label? For example, an encrypted data flow using HTTPS without threats might look something like this (padding is off, just the general idea):

"Custom Edge" is just the label for the data flow. I know that boxes are reserved for actors, however, I can see things getting very unruly in the UI should we not have the labels and indicators in some sort of container. We'd still need to figure out what icons we'd want for what information as far as data flows (public network, (un)encrypted, etc). I think this approach would keep things clear and relatively clutter free. The only downside I see is that with the icons, they take up a bit of space so we may have a few cases where the labels for dataflows overlap when migrating to v2.

from threat-dragon.

version 2.0 is coming sometime end of 2020, so in the meantime I have created a pull request #211 that makes the trust boundaries for version 1.x black rather than green.

This is going some way to reducing colour, and also making the boundaries a different colour did not add to the information content

from threat-dragon.

I'll be updating the 2.0 branch to remove the color from trust boundaries as well. Thanks, Jon!

from threat-dragon.

Agreed, we want to move away from green and red.

My take on this is that colour should not be used (solely) to indicate the status of any element, just as a further aid to what is already being indicated.

I guess we should fit in with what the generally generally expects, and I think it is only Threat Dragon that provides dashed line borders to components that are out of scope - shame to lose that though

from threat-dragon.

I wouldn't want to lose the out of scope indicator. Maybe we can standardize some icons that can be displayed along a line or within a box/circle that indicate different things? The only downside of that is that it can quickly become cluttered looking. We definitely want to balance the ability to quickly understand the threat model as well as keeping it readable.

Just spitballing, and this is off the top of my head so I may be missing some other important pieces of information.

These icons could even become part of the label? This is related to #135 as well.

As mentioned elsewhere, I'm by no means a UI/UX expert. If anyone has suggestions, please do leave a comment! I'm willing to try out as many different things as needed with the new Diagraming framework until we find a great solution. 😄 With that said, I'll try to put together a few different ideas and post the results here. Sometimes it can be difficult to express thoughts on UI through words as opposed to pictures.

from threat-dragon.

I agree the out of scope indicator is a really useful - it is not something I remember having for MS Threat Modelling Tool nor for Cisco's Threat Builder.
Having said that, looking at the attached output from TB Cisco seems to use colour to indicate out of scope ... and cylinders for storage:

from threat-dragon.

and for comparison here is an output from TMT 2017:

from threat-dragon.

@lreading this does look very good to me, I really like the way the data flow is represented

The box around the icon + label + protocol certainly fits in with what other tools do, so this looks a great way forward from my point of view. Secure communications has becomes so important that an icon will be a good use of space.

Are communication paths that are not secure going to have an open padlock? And there are also cases where the security of the communications is provided by something other than the protocol, for example HTTP can be secure if the data link is in itself secure, so will the padlock follow the "Is encrypted" checkbox rather than being determined by the protocol?

Thinking about that again, the use of "Is encrypted" should probably read "Is secured"

from threat-dragon.

Thanks for the feedback, this is great!

I'll try a few other ways of displaying the labels in the data flow and see if there's something that will be less busy and easier to distinguish. Maybe no border whatsoever is the way to go? I'll post screenshots back here after playing with a few things. I think the rounded border helps a bit, but it is pretty subtle.

Regarding point 3 as far as what toggles the secure label: There's currently a checkbox for "is encrypted" that you can apply to data flows. @jgadsden suggested changing that to "is secure". At that point, it would be the user determining what constitutes "secure" for the communication channel / data flow in question. There's also a user-defined field for protocol that would allow the user to expand on what is securing that data flow.

from threat-dragon.

After more discussion surrounding this, it's imperative we keep the UI relatively clutter free and easy to use/understand. I think that appending the protocol to the data flow label in parenthesis would address the need for showing encryption/secure, while avoiding further use of colors. I believe this would also mostly satisfy the want from #135

The original question involved the use of color. I think for the initial launch of v2 we should keep the existing colors, but introduce a new UI element to distinguish elements that have threats. My initial thought would be to make it bolder, but this also may be a bit too subtle. I am very open to suggestions for a new UI element that indicates that something has threats associated with it! I still plan to add a key/legend to the diagram to make it relatively clear, at least when viewing on a screen.

A visual example with bolded lines for having threats and including the protocol in the labels:

from threat-dragon.

These are good ideas @lreading , the bold can work - also possible is using italics for the threat status?
A suggestion may be that we do not need a different colour for the boundaries (trust or otherwise) because green/black does not add any information

from threat-dragon.

Closing, as this is completed in the v2-development branch.

from threat-dragon.