Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.Comment: Tp appear in the CCNC 2019 Conferenc

Systematic assessment of security, privacy and usability of virtual reality learning environment applications

[ACCESS RESTRICTED TO THE UNIVERSITY OF MISSOURI--COLUMBIA AT REQUEST OF AUTHOR.] Social Virtual Reality Environments is a new cloud computing based platform which integrates IoT to build applications in areas such as military, education, surgical training, etc. Although VR can be used for critical applications, it is important to ensure security, privacy and usability of the applications which has not been studied in depth. In this thesis, we explore new security and privacy issues in VR and their impact on overall quality of user experience. We also perform a usability study for a social VR application and show that VR based learning environment can be more effective than a traditional desktop-based environment. For systematic assessment, we propose a novel formal methods based framework to study these applications from security, privacy and usability perspectives. Our framework uses the UPPAAL tool to convert attack trees into Network of Stochastic Timed Automata (NSTA). Next, we use statistical model checking (UPPAAL SMC) to perform vulnerability assessment of the threats. Such an analysis helps us adopt pertinent design principles such as hardening, diversity and principle of least privilege to enhance the resilience of the VR systems.by Aniket R. GulhaneIncludes bibliographical reference