Extended Reality (XR) is a comprehensive term that includes Augmented Reality (AR), Mixed Reality (MR), Virtual Reality (VR), and AI glasses. XR bridges physical and digital worlds, creating interactive, immersive experiences that merge with the real world. It offers numerous applications across education, training, manufacturing, collaborative 3D design, art, and multiplayer gaming.
Despite these benefits, XR systems introduce unique security, privacy, and trust challenges due to the intimate connection between users, their XR devices, and their immediate environments. The potential attacks can involve information flooding to induce latency and physical discomfort, injecting misleading virtual content to distract or deceive users, subverting personal area networks to create confusion, spoofing alarms, assessing user status through eye tracking, and accessing onboard cameras to gather environmental information without the user's awareness. Additionally, XR apps can access sensitive real-time inputs like eye gaze, head movement, hand gestures, and even biosignals, and users' immediate environment. These signals, while critical for immersive experiences, open up novel attack surfaces such as keystroke inference, emotional profiling, and behavioral tracking.
This workshop will explore the security, privacy, and trust challenges in XR systems, along with potential solutions. Topics of interest include, but are not limited to:
We successfully organized the first workshop on enhancing security, privacy, and trust in extended reality systems, co‑located with ACM MobiHoc 2025, attracted more than 30 attendees. It featured one keynote speaker; four invited speakers, including one from industry; a panel on securing XR experiences; nine full papers; five demos; and twelve posters. Here is the website for the first workshop: https://xrsecurity.github.io/2025/
Bio: Dr. Matthew Wilding joined the Defense Advanced Research Projects Agency (DARPA) in 2022. He leads programs in software engineering and critical system assurance.
Wilding came to DARPA from Collins Aerospace, where he managed the trusted methods group, working with Collins product groups and government research sponsors to pioneer rigorous development methods and apply them to computer-based products. He served as a company subject matter expert on formal verification, and he led the machine-checked verification of a separation kernel in the AAMP7 microprocessor’s firmware and the development of the Turnstile high-assurance network guard.
Earlier in his career, Wilding founded and led a digital vision research group, researched how to use automated theorem provers to establish hardware and software correctness, and worked as a software engineer. He holds a PhD in Computer Sciences from the University of Texas at Austin.
DARPA’s Intrinsic Cognitive Security (ICS) program is using mathematical approaches, known as formal methods, to guarantee that mixed reality (MR) system designs mitigate potential cognitive effects. MR merges real and virtual worlds in real time. Cognitive effects that have been demonstrated in virtual settings include manipulating emotion, inducing cybersickness, causing confusion or anxiety, and reducing trust in equipment. Cognitive engineering principles are applied to commercial MR systems designs, but today’s methods do not ensure that systems operate safely when facing an adversary intent on interfering with a mission. This talk describes challenges faced by MR system developers and highlights ICS research progress.