skip to main content


Title: Security, Privacy and Safety Risk Assessment for Virtual Reality Learning Environment Applications
—Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a threedimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system.  more » « less
Award ID(s):
1647213
NSF-PAR ID:
10091394
Author(s) / Creator(s):
Date Published:
Journal Name:
IEEE Consumer Communications & Networking Conference (CCNC)
Format(s):
Medium: X
Sponsoring Org:
National Science Foundation
More Like this
  1. Social Virtual Reality based Learning Environments (VRLEs) such as vSocial render instructional content in a threedimensional immersive computer experience for training youth with learning impediments. There are limited prior works that explored attack vulnerability in VR technology, and hence there is a need for systematic frameworks to quantify risks corresponding to security, privacy, and safety (SPS) threats. The SPS threats can adversely impact the educational user experience and hinder delivery of VRLE content. In this paper, we propose a novel risk assessment framework that utilizes attack trees to calculate a risk score for varied VRLE threats with rate and duration of threats as inputs. We compare the impact of a well-constructed attack tree with an adhoc attack tree to study the trade-offs between overheads in managing attack trees, and the cost of risk mitigation when vulnerabilities are identified. We use a vSocial VRLE testbed in a case study to showcase the effectiveness of our framework and demonstrate how a suitable attack tree formalism can result in a more safer, privacy-preserving and secure VRLE system. 
    more » « less
  2. Social Virtual Reality Learning Environments (VRLE) offer a new medium for flexible and immersive learning environments with geo-distributed users. Ensuring user safety in VRLE application domains such as education, flight simulations, military training is of utmost importance. Specifically, there is a need to study the impact of ‘`immersion attacks’' (e.g., chaperone attack, occlusion) and other types of attacks/faults (e.g., unauthorized access, network congestion) that may cause user safety issues (i.e., inducing of cybersickness). In this paper, we present a novel framework to quantify the security, privacy issues triggered via immersion attacks and other types of attacks/faults. By using a real-world social VRLE viz., vSocial and creating a novel attack-fault tree model, we show that such attacks can induce undesirable levels of cybersickness. Next, we convert these attack-fault trees into stochastic timed automata (STA) representations to perform statistical model checking for a given attacker profile. Using this model checking approach, we determine the most vulnerable threat scenarios that can trigger high occurrence cases of cybersickness for VRLE users. Lastly, we show the effectiveness of our attack-fault tree modeling by incorporating suitable design principles such as hardening, diversity, redundancy and principle of least privilege to ensure user safety in a VRLE session. 
    more » « less
  3. Adding new unlicensed wireless spectrum is a promising approach to accommodate increasing traffic demand. However, unlicensed spectrum may have a high risk of becoming congested, and service providers (SPs) may have difficulty to differentiate their wireless services when offering them on the same unlicensed spectrum. When SPs offer identical services, the resulting competition can lead to zero profits. In this work, we consider the case where an SP bundles its wireless service with a content service. We show that this can differentiate the SPs’ services and lead to positive SP profits. In particular, we study the characteristics of the content services that an SP should bundle with its wireless service, and analyze the impact of bundling on consumer surplus. 
    more » « less
  4. There is great demand for scalable, secure, and efficient privacy-preserving machine learning models that can be trained over distributed data. While deep learning models typically achieve the best results in a centralized non-secure setting, different models can excel when privacy and communication constraints are imposed. Instead, tree-based approaches such as XGBoost have attracted much attention for their high performance and ease of use; in particular, they often achieve state-of-the-art results on tabular data. Consequently, several recent works have focused on translating Gradient Boosted Decision Tree (GBDT) models like XGBoost into federated settings, via cryptographic mechanisms such as Homomorphic Encryption (HE) and Secure Multi-Party Computation (MPC). However, these do not always provide formal privacy guarantees, or consider the full range of hyperparameters and implementation settings. In this work, we implement the GBDT model under Differential Privacy (DP). We propose a general framework that captures and extends existing approaches for differentially private decision trees. Our framework of methods is tailored to the federated setting, and we show that with a careful choice of techniques it is possible to achieve very high utility while maintaining strong levels of privacy. 
    more » « less
  5. Abstract

    Trees are pivotal to global biodiversity and nature’s contributions to people, yet accelerating global changes threaten global tree diversity, making accurate species extinction risk assessments necessary. To identify species that require expert-based re-evaluation, we assess exposure to change in six anthropogenic threats over the last two decades for 32,090 tree species. We estimated that over half (54.2%) of the assessed species have been exposed to increasing threats. Only 8.7% of these species are considered threatened by the IUCN Red List, whereas they include more than half of the Data Deficient species (57.8%). These findings suggest a substantial underestimation of threats and associated extinction risk for tree species in current assessments. We also map hotspots of tree species exposed to rapidly changing threats around the world. Our data-driven approach can strengthen the efforts going into expert-based IUCN Red List assessments by facilitating prioritization among species for re-evaluation, allowing for more efficient conservation efforts.

     
    more » « less