39,265 research outputs found
Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial
render instructional content in a three-dimensional immersive computer
experience for training youth with learning impediments. There are limited
prior works that explored attack vulnerability in VR technology, and hence
there is a need for systematic frameworks to quantify risks corresponding to
security, privacy, and safety (SPS) threats. The SPS threats can adversely
impact the educational user experience and hinder delivery of VRLE content. In
this paper, we propose a novel risk assessment framework that utilizes attack
trees to calculate a risk score for varied VRLE threats with rate and duration
of threats as inputs. We compare the impact of a well-constructed attack tree
with an adhoc attack tree to study the trade-offs between overheads in managing
attack trees, and the cost of risk mitigation when vulnerabilities are
identified. We use a vSocial VRLE testbed in a case study to showcase the
effectiveness of our framework and demonstrate how a suitable attack tree
formalism can result in a more safer, privacy-preserving and secure VRLE
system.Comment: Tp appear in the CCNC 2019 Conferenc
Picking battles: The impact of trust assumptions on the elaboration of security requirements
This position paper describes work on trust assumptions in the con-text of security requirements. We show how trust assumptions can affect the scope of the analysis, derivation of security requirements, and in some cases how functionality is realized. An example shows how trust assumptions are used by a requirements engineer to help define and limit the scope of analysis and to document the decisions made during the process
- …