Journal of Networks, Vol 7, No 6 (2012), 895-907, Jun 2012
doi:10.4304/jnw.7.6.895-907

Virtual World Security Inspection

Nicholas Charles Patterson, Michael Hobbs

Abstract


Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.


Keywords


virtual worlds, virtual property theft, real money trading, keylogging, vulnerability, software inspection

References


 

[1] A. Watters, "Number of Virtual World Users Breaks 1 Billion, Roughly Half Under Age 15," ReadWriteWeb, 2010.

[2] M. Eikenberry, "Real Money Trade is a Billions Dollar a year Industry," YouTube, 2011.

[3] N. Patterson and M. Hobbs, "A Multidiscipline Approach to Governing Virtual Property Theft in Virtual Worlds," in What Kind of Information Society? Governance, Virtuality, Surveillance, Sustainability, Resilience. vol. 328, J. Berleur, M. Hercheui, and L. Hilty, Eds.: Springer Boston, 2010, pp. 161-171.
http://dx.doi.org/10.1007/978-3-642-15479-9_15

[4] B. Cathal, "Prioritizing Software Inspection Results using Static Profiling," 2006, pp. 149-160.

[5] DFC.Intelligence, "Virtual Property and Real Money Trade: A Business and Legal Survey," DFC Intelligence, San Diego, California2009.

[6] S. Cikic, S. Grottke, F. Lehmann-Grube, and J. Sablatnig, "Cheat-prevention and -analysis in online virtual worlds," in 1st International Conference on Forensic Applications and Techniques in Telecommunications, Information, and Multimedia and Workshop (e-Forensics '08) Adelaide, Australia: ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), 2008, pp. 1-7.

[7] V. B. Livshits and M. S. Lam, "Finding security vulnerabilities in java applications with static analysis," in Proceedings of the 14th conference on USENIX Security Symposium - Volume 14 Baltimore, MD: USENIX Association, 2005.

[8] M. Christodorescu and S. Jha, "Static analysis of executables to detect malicious patterns," in Proceedings of the 12th conference on USENIX Security Symposium - Volume 12 Washington, DC: USENIX Association, 2003.

[9] K. J. Hole, V. Moen, and T. Tjostheim, "Case study: online banking security," Security & Privacy, IEEE, vol. 4, pp. 14-20, 2006.
http://dx.doi.org/10.1109/MSP.2006.36

[10] M. Martin, B. Livshits, and M. S. Lam, "Finding application errors and security flaws using PQL: a program query language," SIGPLAN Not., vol. 40, pp. 365-383, 2005.
http://dx.doi.org/10.1145/1103845.1094840

[11] J. Newsome and D. Song, "Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software," in The 12th Annual Network and Distributed System Security Symposium San Diego, California: Internet Society (ISOC), 2005.

[12] Blizzard.Entertainment, "World of Warcraft Community Site," California: Vivendi, 2004.

[13] NCSoft, "NCSoft Corporation," Korea: NCSoft, 2009.

[14] MindArk, "Entropia Universe," Gothenburg, 2009.

[15] J. Radoff, "Anatomy of an MMORPG, by Jon Radoff," 2007.

[16] W. Yin-Poole, "World of Warcraft hits 12m subscribers ": EUROGAMER, 2010.

[17] NCsoft, "Guild Wars Surpasses Six Million Units Sold," in Guild Wars Press Release, 2009.

[18] C. Donatello, "‘Entropia Universe’ Boasts Improved Land Grab System," Science Fiction, 2011.

[19] J. Nielsen, "Usability inspection methods," in Conference companion on Human factors in computing systems Boston, Massachusetts, United States: ACM, 1994.

[20] SecureSphere, "SecureSphere - Free IT Security Software.," 2010.

[21] Actual.Spy.Software, "Actual.Key.Logger," 2010.

[22] J. W. Meritt, "A Method for Quantitative Risk Analysis," Wang Global, 1999.

[23] B. Witzel, "Bad things that can happen to good people: Identifying project risks," CharityVillage, 2005.


Full Text: PDF


Journal of Networks (JNW, ISSN 1796-2056)

Copyright @ 2006-2013 by ACADEMY PUBLISHER – All rights reserved.