Approaching AR Design & Development with a Security, Privacy, & Safety Mindset
A Workshop at ISMAR 2024
This workshop will bring together researchers in Augmented Reality (AR) and Security & Privacy (S&P) to critically assess and reshape today’s AR development practices to holistically address potential risks.
Workshop Motivation & Goals
Recent advancements in AR technologies will soon empower individuals to use AR to support their daily tasks across a variety of contexts. AR devices are becoming more suitable for long-term use, new context-aware adaptation techniques enable reconfiguring AR interfaces to suit a variety of physical environments, and the proliferation of generative AI models offers new avenues for personalizing AR experiences.
However, using AR across dynamic contexts can give rise to novel threats to security, privacy, and safety for both AR users and non-users.
For example, multimodal sensing data can be used to identify bystanders or infer sensitive information about users, such as their health conditions or elements of their physical surroundings. Certain AR system properties, when used maliciously, can alter how the AR user interacts with virtual content and lead to cybersecurity attacks.
We will structure discussions around an AR threat model to assist our understanding of potential risks and brainstorm actionable guidelines to mitigate them.
Example of security risks from user AR interaction: This paper explores UI security for AR platforms, for which we identify three UI security-related properties. We demonstrate the security implications of different instantiations of these properties through five proof-of-concept attacks on current AR platforms: ARCore (Google), ARKit (Apple), Hololens (Microsoft), Oculus (Meta), and WebXR (browser).
Example of embedding S&P considerations in low-fidelity AR prototyping: This photo shows Reframe, an AR storyboarding system that enables designers to interactively explore potential threats directly within their prototypes. Reframe was developed in a collaboration between the University of Michigan and University of Washington.
Our workshop explores how to embed consideration of security & privacy within our AR design and development workflows to proactively address potential harms.
We will critically analyze where today's AR development practices fall short, from creating training datasets to developing context-awareness techniques, prototyping AR interactions, and modeling virtual content.
Ultimately, our goal is to develop actionable guidelines to address known and future harms that will arise with advances in AR technologies.
Workshop Activities
To develop actionable guidelines for future security & privacy-minded AR development practices, we will conduct three main activities:
Threat modeling to establish a landscape of S&P harms, with a focus on the newest technical advancements in the AR landscape (e.g., generative AI, physiological sensing)
Panel discussion and lightning talks to learn from industry leaders’ best practices for approaching AR development with a S&P mindset
Brainstorming and prototyping strategies for reshaping current AR development practices to guide the creation of safer AR experiences
Workshop Attendance
We invite interested researchers and practitioners to submit a short position statement (2 pages maximum) or video response (3 minutes maximum) by Friday, July 26th, 2024. See our Call for Participation for submission details.
We encourage all interested participants to submit a position statement or video.
Space is guaranteed to anyone with an accepted submission, and at least one author is expected to attend in person.
Depending on room capacity, attendance may be possible even to those who do not have an accepted submission.
If you have any questions or suggestions regarding this workshop, please contact the Workshop Organizers at safear-ismar@umich.edu.