Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
| Title | Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications |
| Publication Type | Conference Paper |
| Year of Publication | 2019 |
| Authors | Gulhane, Aniket, Vyas, Akhil, Mitra, Reshmi, Oruche, Roland, Hoefer, Gabriela, Valluripally, Samaikya, Calyam, Prasad, Hoque, Khaza Anuarul |
| Conference Name | 2019 16th IEEE Annual Consumer Communications Networking Conference (CCNC) |
| ISBN Number | 978-1-5386-5553-5 |
| Keywords | adhoc attack tree, attack tree, attack tree formalism, composability, computer based training, cyber physical systems, data privacy, educational user experience, human factors, immersive systems, IoT Application Testbed, privacy, privacy control, privacy-preservation, pubcrawl, Real-time Systems, resilience, Resiliency, risk management, Safety, safety risk assessment, security, security risk assessment, Servers, social aspects of automation, Social Virtual Reality, Solid modeling, SPS threats, three-dimensional immersive computer experience, trees (mathematics), user experience, virtual reality, virtual reality learning environment, VR technology, VRLE system, vSocial VRLE |
| Abstract | Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system. |
| URL | https://ieeexplore.ieee.org/document/8651847 |
| DOI | 10.1109/CCNC.2019.8651847 |
| Citation Key | gulhane_security_2019 |
- SPS threats
- Safety
- safety risk assessment
- security
- security risk assessment
- Servers
- social aspects of automation
- Social Virtual Reality
- Solid modeling
- risk management
- three-dimensional immersive computer experience
- trees (mathematics)
- user experience
- virtual reality
- virtual reality learning environment
- VR technology
- VRLE system
- vSocial VRLE
- immersive systems
- attack tree
- attack tree formalism
- composability
- computer based training
- cyber physical systems
- data privacy
- educational user experience
- Human Factors
- adhoc attack tree
- IoT Application Testbed
- privacy
- Privacy Control
- privacy-preservation
- pubcrawl
- real-time systems
- resilience
- Resiliency