Visible to the public Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

TitleSecurity, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Publication TypeConference Paper
Year of Publication2019
AuthorsGulhane, Aniket, Vyas, Akhil, Mitra, Reshmi, Oruche, Roland, Hoefer, Gabriela, Valluripally, Samaikya, Calyam, Prasad, Hoque, Khaza Anuarul
Conference Name2019 16th IEEE Annual Consumer Communications Networking Conference (CCNC)
ISBN Number978-1-5386-5553-5
Keywordsadhoc attack tree, attack tree, attack tree formalism, composability, computer based training, cyber physical systems, data privacy, educational user experience, human factors, immersive systems, IoT Application Testbed, privacy, privacy control, privacy-preservation, pubcrawl, Real-time Systems, resilience, Resiliency, risk management, Safety, safety risk assessment, security, security risk assessment, Servers, social aspects of automation, Social Virtual Reality, Solid modeling, SPS threats, three-dimensional immersive computer experience, trees (mathematics), user experience, virtual reality, virtual reality learning environment, VR technology, VRLE system, vSocial VRLE

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.

Citation Keygulhane_security_2019