Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications

Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a three-dimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.

[1]  Dianxiang Xu,et al.  A threat model‐based approach to security testing , 2013, Softw. Pract. Exp..

[2]  Klara Nahrstedt,et al.  Safety, Security, and Privacy Threats Posed by Accelerating Trends in the Internet of Things , 2020, ArXiv.

[3]  Olga Gadyatskaya,et al.  Using Attack-Defense Trees to Analyze Threats and Countermeasures in an ATM: A Case Study , 2016, PoEM.

[4]  Sugata Sanyal,et al.  Survey of Security and Privacy Issues of Internet of Things , 2015, ArXiv.

[5]  Peng Liu,et al.  The Effect of IoT New Features on Security and Privacy: New Threats, Existing Solutions, and Challenges Yet to Be Solved , 2018, IEEE Internet of Things Journal.

[6]  Wenchao Chen,et al.  The Ethical Dilemmas of Virtual Reality Application in Entertainment , 2017, 22017 IEEE International Conference on Computational Science and Engineering (CSE) and IEEE International Conference on Embedded and Ubiquitous Computing (EUC).

[7]  Chang-Gun Lee,et al.  Measuring Interaction QoE in Internet Videoconferencing , 2007, MMNS.

[8]  Rodrigo Roman,et al.  On the features and challenges of security and privacy in distributed internet of things , 2013, Comput. Networks.

[9]  William Yurcik,et al.  Toward a threat model for storage systems , 2005, StorageSS '05.

[10]  Michael R. Grimaila,et al.  The Use of Attack and Protection Trees to Analyze Security for an Online Banking System , 2007, 2007 40th Annual Hawaii International Conference on System Sciences (HICSS'07).

[11]  Sjouke Mauw,et al.  Foundations of Attack Trees , 2005, ICISC.

[12]  Carla Schmidt,et al.  Social Competence Intervention for Youth with Asperger Syndrome and High-functioning Autism: An Initial Investigation , 2010, Journal of autism and developmental disorders.

[13]  Erwin Laure,et al.  Advanced Cloud Privacy Threat Modeling , 2016, ArXiv.

[14]  Tadayoshi Kohno,et al.  Security and privacy for augmented reality systems , 2014, Commun. ACM.

[15]  Zhihai He,et al.  Towards a social virtual reality learning environment in high fidelity , 2017, 2018 15th IEEE Annual Consumer Communications & Networking Conference (CCNC).

[16]  Tae-Sung Kim,et al.  Security risk assessment framework for smart car using the attack tree analysis , 2017, Journal of Ambient Intelligence and Humanized Computing.

[17]  Hamed Haddadi,et al.  Privacy Leakage in Mobile Computing: Tools, Methods, and Characteristics , 2014, ArXiv.

[18]  Vitaly Shmatikov,et al.  No Escape From Reality: Security and Privacy of Augmented Reality Browsers , 2015, WWW.

[19]  Qun Li,et al.  Security and Privacy Issues of Fog Computing: A Survey , 2015, WASA.

[20]  Akihiro Nakao,et al.  GENI: A federated testbed for innovative network experiments , 2014, Comput. Networks.

[21]  Matthew Schmidt,et al.  Usage Considerations of 3D Collaborative Virtual Learning Environments to Promote Development and Transfer of Knowledge and Skills for Individuals with Autism , 2018, Technol. Knowl. Learn..

[22]  Jeffrey L. Hieb,et al.  Cyber security risk assessment for SCADA and DCS networks. , 2007, ISA transactions.

[23]  Ahmad Almulhem,et al.  Threat Modeling for Electronic Health Record Systems , 2012, Journal of Medical Systems.

[24]  Ronald R. Mourant,et al.  Human Factors Issues in Virtual Environments: A Review of the Literature , 1998, Presence.

[25]  Xun Wang,et al.  On Detecting Camouflaging Worm , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[26]  Herbert S. Parmet,et al.  With High Fidelity , 2018 .

[27]  Mark S. Dennison,et al.  Use of physiological signals to predict cybersickness , 2016, Displays.