2 research outputs found
Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
Social Virtual Reality based Learning Environments (VRLEs) such as vSocial
render instructional content in a three-dimensional immersive computer
experience for training youth with learning impediments. There are limited
prior works that explored attack vulnerability in VR technology, and hence
there is a need for systematic frameworks to quantify risks corresponding to
security, privacy, and safety (SPS) threats. The SPS threats can adversely
impact the educational user experience and hinder delivery of VRLE content. In
this paper, we propose a novel risk assessment framework that utilizes attack
trees to calculate a risk score for varied VRLE threats with rate and duration
of threats as inputs. We compare the impact of a well-constructed attack tree
with an adhoc attack tree to study the trade-offs between overheads in managing
attack trees, and the cost of risk mitigation when vulnerabilities are
identified. We use a vSocial VRLE testbed in a case study to showcase the
effectiveness of our framework and demonstrate how a suitable attack tree
formalism can result in a more safer, privacy-preserving and secure VRLE
system.Comment: Tp appear in the CCNC 2019 Conferenc
Systematic assessment of security, privacy and usability of virtual reality learning environment applications
[ACCESS RESTRICTED TO THE UNIVERSITY OF MISSOURI--COLUMBIA AT REQUEST OF AUTHOR.] Social Virtual Reality Environments is a new cloud computing based platform which integrates IoT to build applications in areas such as military, education, surgical training, etc. Although VR can be used for critical applications, it is important to ensure security, privacy and usability of the applications which has not been studied in depth. In this thesis, we explore new security and privacy issues in VR and their impact on overall quality of user experience. We also perform a usability study for a social VR application and show that VR based learning environment can be more effective than a traditional desktop-based environment. For systematic assessment, we propose a novel formal methods based framework to study these applications from security, privacy and usability perspectives. Our framework uses the UPPAAL tool to convert attack trees into Network of Stochastic Timed Automata (NSTA). Next, we use statistical model checking (UPPAAL SMC) to perform vulnerability assessment of the threats. Such an analysis helps us adopt pertinent design principles such as hardening, diversity and principle of least privilege to enhance the resilience of the VR systems.by Aniket R. GulhaneIncludes bibliographical reference