That Doesn't Go There: Attacks on Shared State in Multi-User Augmented Reality Applications
arxiv(2023)
摘要
Augmented Reality (AR) is expected to become a pervasive component in
enabling shared virtual experiences. In order to facilitate collaboration among
multiple users, it is crucial for multi-user AR applications to establish a
consensus on the "shared state" of the virtual world and its augmentations,
through which they interact within augmented reality spaces. Current methods to
create and access shared state collect sensor data from devices (e.g., camera
images), process them, and integrate them into the shared state. However, this
process introduces new vulnerabilities and opportunities for attacks.
Maliciously writing false data to "poison" the shared state is a major concern
for the security of the downstream victims that depend on it. Another type of
vulnerability arises when reading the shared state; by providing false inputs,
an attacker can view hologram augmentations at locations they are not allowed
to access. In this work, we demonstrate a series of novel attacks on multiple
AR frameworks with shared states, focusing on three publicly-accessible
frameworks. We show that these frameworks, while using different underlying
implementations, scopes, and mechanisms to read from and write to the shared
state, have shared vulnerability to a unified threat model. Our evaluation of
these state-of-art AR applications demonstrates reliable attacks both on
updating and accessing shared state across the different systems. To defend
against such threats, we discuss a number of potential mitigation strategies
that can help enhance the security of multi-user AR applications.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要