Extended Reality (XR) is a comprehensive term that includes Augmented Reality (AR), Mixed Reality (MR), and Virtual Reality (VR). XR bridges physical and digital worlds, creating interactive, immersive experiences that merge with the real world. It offers numerous applications across education, training, manufacturing, collaborative 3D design, art, and multiplayer gaming.
Despite these benefits, XR systems introduce unique security, privacy, and trust challenges due to the intimate connection between users, their XR devices, and their immediate environments. The potential attacks can involve information flooding to induce latency and physical discomfort, injecting misleading virtual content to distract or deceive users, subverting personal area networks to create confusion, spoofing alarms, assessing user status through eye tracking, and accessing onboard cameras to gather environmental information without the user's awareness. Additionally, XR apps can access sensitive real-time inputs like eye gaze, head movement, hand gestures, and even biosignals, and users' immediate environment. These signals, while critical for immersive experiences, open up novel attack surfaces such as keystroke inference, emotional profiling, and behavioral tracking.
This workshop will explore the security, privacy, and trust challenges in XR systems, along with potential solutions. Topics of interest include, but are not limited to:
Matthew Wilding joined DARPA in 2022 to develop, execute, and transition programs in software engineering and critical system assurance.
Wilding came to DARPA from Collins Aerospace, where he managed the trusted methods group, working with Collins product groups and government research sponsors to pioneer rigorous development methods and apply them to computer-based products. He served as a company subject matter expert on formal verification, and he led the machine-checked verification of a separation kernel in the AAMP7 microprocessor’s firmware and the development of the Turnstile high-assurance network guard.
Earlier in his career, Wilding founded and led a digital vision research group, researched how to use automated theorem provers to establish hardware and software correctness, and worked as a software engineer.
DARPA’s Intrinsic Cognitive Security (ICS) program is using mathematical approaches, known as formal methods, to guarantee that mixed reality (MR) system designs mitigate potential cognitive effects. MR merges real and virtual worlds in real time. Cognitive effects that have been demonstrated in virtual settings include manipulating emotion, inducing cybersickness, causing confusion or anxiety, and reducing trust in equipment. Cognitive engineering principles are applied to commercial MR systems designs, but today’s methods do not ensure that systems operate safely when facing an adversary intent on interfering with a mission.
This talk describes challenges faced by MR system developers and highlights ICS research progress.
Heather Zheng is the Neubauer Professor of Computer Science at University of Chicago. She received her PhD from University of Maryland, College Park. Prior to joining University of Chicago in 2017, she spent 6 years in industry labs (Bell-Labs and Microsoft Research Asia) and 12 years as a faculty at University of California at Santa Barbara. At UChicago, she co-directs the SAND Lab (Security, Algorithms, Networking and Data). She was one of MIT Technology Review’s Innovators under 35 in 2005; her research on cognitive radios was featured by MIT Technology Review as one of the 10 Emerging Technologies in 2006. More recently, her work on protecting human artists against unethical data exploration received the USENIX Internet Defense Prize, the Chicago Innovation Award, a special mention in TIME Magazine Best Inventions of 2023, and the Community Impact Award from the Concept Art Association in 2024. She is a fellow of ACM and IEEE, and has served on several editorial boards and steering committees for journals and conferences.
The boundaries between the physical and digital (virtual) worlds are rapidly dissolving. Users are increasingly dependent on computing devices, such as extended reality (XR) systems, to engage with physical environments and one another. These devices, in turn, are becoming heavily reliant on AI/ML to enable and enhance such interactions. However, the rapid development, accessibility and adoption of AI/ML have also intensified the complexity and uncertainty of the security landscape, particularly in the dynamic between attackers and defenders. In this talk, I will present some of our recent work exploring how AI/ML is shaping security and privacy challenges within XR systems.
As mixed reality systems become popular, new threats to their security and privacy arise, and it is important to understand these emerging threat models and their possible defenses. In this talk, we will discuss recent and ongoing work on mixed reality security, focusing on two aspects. First, we will discuss application-level attacks arising in multi-user scenarios, where multiple users collaborate in a shared mixed reality experience. A subset of malicious users can exploit commercial mixed reality platforms to cause undesirable effects to other users. Second we will present our recent work on LLM-integrated XR systems, where we analyze emerging vulnerabilities, demonstrate proof-of-concept attacks across major XR platforms, and discuss potential mitigation strategies.
Jiasi Chen is an Associate Professor of Electrical Engineering and Computer Science at the University of Michigan, Ann Arbor. She received her Ph.D. from Princeton University and her B.S. from Columbia University. Her research focus is on multimedia systems, mobile computing, and extended reality and its security. Her projects typically involve mathematical optimization coupled with systems implementation. She is a recipient of an NSF CAREER award and industry gifts from Meta, Adobe, and AT&T.
Yicheng Zhang is an incoming tenure-track Assistant Professor in the Department of Electrical and Computer Engineering at George Mason University (GMU). He is completing his Ph.D. in Electrical and Computer Engineering at the University of California, Riverside, advised by Prof. Nael Abu-Ghazaleh. He also holds an M.S. in Computer Engineering from the University of California, Irvine, and a B.S. in Electrical Engineering from Sichuan University. His research focuses on system and architecture security, with particular expertise in augmented reality and virtual reality (AR/VR) security, GPU/FPGA side-channel attacks, and secure system design. His work has been published at leading conferences and journals, including USENIX Security, IEEE Symposium on Security and Privacy, IEEE DSN, IEEE TIFS, and IEEE ISMAR. He actively contributes to the academic community by serving on program committees and reviewing for major security venues. He has received multiple recognitions for his research, including the UCR Dissertation Completion Fellowship Award in 2025. His work has also been featured by media outlets such as UCR News, ZME Science, Tech Xplore, and Analytics Insight.
Extended Reality (XR) technology has become integral to critical sectors such as healthcare, military, and education. Despite its benefits, XR devices necessitate the continuous collection of vast personal data streams—including body movements, eye tracking, and environmental scans—to facilitate interactive experiences. This data collection raises significant security and privacy concerns. In this presentation, I will begin by outlining the threat model inherent in XR environments and highlight the privacy issues identified in recent academic research. I will discuss my recent work on XR privacy, such as deducing the 360-degree videos users are viewing based on their head movement trajectories and examining privacy policy compliance issues in XR applications from major platforms. I will conclude by exploring additional potential threats within XR systems and the future intersection of XR and generative AI.
Xiaokuan Zhang is a tenure-track Assistant Professor in the Department of Computer Science at George Mason University (GMU). Before joining GMU, he spent one year working as a postdoctoral researcher at Georgia Tech. He holds a Ph.D. in Computer Science from Ohio State University. Dr. Zhang's research focuses on system security and privacy, with particular expertise in extended reality (XR) security, Web3/DeFi security, and Rust security. His work is regularly presented at leading security conferences, including ACM CCS, IEEE Security and Privacy, USENIX Security, and NDSS. He also actively contributes to the academic community by serving on the program committees of these conferences. Dr. Zhang has received an ACM CCS Distinguished Paper Award, an ACM SIGSOFT Distinguished Paper Award, and two Springer Cybersecurity Awards for Best Practical Research Paper. His research has been a top 10 finalist in the NYU CSAW best applied security paper competition on three occasions. Additionally, he has received academic research awards from the Ethereum Foundation in 2023 and 2024.
Talk information: TBA
Dr. Evie Powell is a games researcher and developer that specializes in immersive experiences and natural user interfaces. Her background includes working on natural user interfaces via the Kinect technology at Xbox (Microsoft); working on AR experiences and next-gen technology solutions to help with spinal fusion surgery at Proprio; and building delightful colocated AR experiences by leading the Pokemon Playgrounds project at Niantic. With a unique career that spans from live saving technology to games for wellness, Dr. Powell integrates game design and UX design to create meaningful experiences that help people learn, play, and work differently. Dr. Powell graduated from The University of North Carolina at Charlotte with her Ph.D in Computer Science where her research centered on socially pervasive game experiences and context aware gaming using mobile technologies.
Jad Al Aaraj, Athina Markopoulou (University of California, Irvine)
Mohammad Waquas Usmani (University of Massachusetts Amherst), Susmit Shannigrahi (Tennessee Technological University), Michael Zink (University of Massachusetts Amherst)
Bertram Liu, Vamsi Shankar Simhadri, Xiaokuan Zhang (George Mason University)
Zhehan Qu, Tianyi Hu, Maria Gorlatova (Duke University)
Kaiming Huang (The Pennsylvania State University), Peng Wu (Northeastern University) , Mahdi Imani (Northeastern University) , Tian Lan (George Washington University), Gang Tan (The Pennsylvania State University)
Sihun Baek, Zhehan Qu, Maria Gorlatova (Duke University)
Mengyu Chen, Youngwook Do, Feiyu Lu, Blair MacIntyre (JPMorganChase)
Yanming Xiu, Maria Gorlatova (Duke University)
Muhammad Shoaib, Wajih Ul Hassan (University of Virginia)
Yu Liu (University of Southern California), Qiao Jin (North Carolina State University), Feng Qian (University of Southern California)
Rongqian Chen (George Washington University), Shu Hong (George Washington University), Rifatul Islam (Kennesaw State University) , Mahdi Imani (Northeastern University), Gang Tan (Penn State) , Tian Lan (George Washington University)
Shu Hong (George Washington University) , Rongqian Chen (George Washington University), Rifatul Islam (Kennesaw State University) , Mahdi Imani (Northeastern University) , Gang Tan (Pennsylvania State University) , Tian Lan (George Washington University)
Heber Herencia-Zapana, Isaac Amundson (Collins Aerospace)
Sourya Saha, Md. Nurul Absur, Saptarshi Debroy (City University of New York)
Shane Dirksen (University of California, Santa Barbara), Radha Kumaran (University of California, Santa Barbara), You-Jin Kim (Texas A&M University), Yilin Wang (University of California, Santa Barbara), Tobias Höllerer (University of California, Santa Barbara)
Shuaikang Hou (Georgia State University), Muyao Tang, Srinivasan Murali (Texas A&M University-San Antonio), Huadi Zhu (Georgia State University)
Nazmus Shakib Shadin, Nasim Ahmed, Md Mahedi Hassan, Rifatul Islam, Xinyue Zhang (Kennesaw State University)
Peng Wu (Northeastern University), Nasim Ahmed (Kennesaw State University), Kaiming Huang (The Pennsylvania State University), Rifatul Islam (Kennesaw State University) , Tian Lan (George Washington University), Gang Tan (The Pennsylvania State University) , Mahdi Imani (Northeastern University)