Requirements in Conflict: Player vs. Designer vs. Cheater

There are significant interactions between video game stakeholder emotional requirements and security requirements. Counter-intuitively, some traditional security requirements are not necessarily met by the game implementation some forms of security breaches are condoned by the stakeholders (if not actually demanded by them) and the requirements engineering process must support these contradictions. We present an overview of security requirements for video games and show how stakeholder diversity introduces significant complexities to the requirements negotiation process. Our analysis of certain security threats, and their emotional motivations, shows that these motivations form an important element of the emotional requirements and that significant context is necessary for properly capturing the emotional requirements related to security. Finally, we show how emotional requirements can be used to guide security goal development for this domain and propose the use of in-game justice systems to allow players to address security violations in realtime.

[1]  Nancy R. Mead,et al.  Security quality requirements engineering (SQUARE) methodology , 2005, SESS@ICSE.

[2]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2000, Proceedings 37th International Conference on Technology of Object-Oriented Languages and Systems. TOOLS-Pacific 2000.

[3]  Bashar Nuseibeh,et al.  Coordinating distributed ViewPoints: the Anatomy of a Consistency Check , 1994 .

[4]  Philippe Golle,et al.  Keeping bots out of online games , 2005, ACE '05.

[5]  Bashar Nuseibeh,et al.  Security requirements engineering: when anti-requirements hit the fan , 2002, Proceedings IEEE Joint International Conference on Requirements Engineering.

[6]  Colin Potts,et al.  Using schematic scenarios to understand user needs , 1995, Symposium on Designing Interactive Systems.

[7]  Simon Carless Gaming Hacks , 2004 .

[8]  Bashar Nuseibeh,et al.  Core Security Requirements Artefacts , 2004 .

[9]  John P. McDermott,et al.  Using abuse case models for security requirements analysis , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[10]  Gary McGraw,et al.  Exploiting Online Games , 2007, USENIX Annual Technical Conference.

[11]  Mia Consalvo,et al.  Cheating: Gaining Advantage in Videogames , 2007 .

[12]  Andrew P. Moore,et al.  Attack Modeling for Information Security and Survivability , 2001 .

[13]  David Myers,et al.  What's good about bad play? , 2005 .

[14]  Donald Firesmith,et al.  Engineering Security Requirements , 2003, J. Object Technol..

[15]  Mia Consalvo,et al.  Cheating can be good for you: educational games and multiple play styles , 2005 .

[16]  A. Moore Security Requirements Engineering through Iterative Intrusion-Aware Design , 2001 .

[17]  Ian F. Alexander,et al.  Misuse Cases: Use Cases with Hostile Intent , 2003, IEEE Softw..

[18]  Andreas L. Opdahl,et al.  Eliciting security requirements with misuse cases , 2004, Requirements Engineering.

[19]  Kevin A. Schneider,et al.  Emotional Requirements , 2008, IEEE Software.

[20]  Kevin A. Schneider,et al.  Emotional Requirements in Video Games , 2006, 14th IEEE International Requirements Engineering Conference (RE'06).

[21]  Kevin A. Schneider,et al.  Requirements engineering and the creative process in the video game industry , 2005, 13th IEEE International Conference on Requirements Engineering (RE'05).

[22]  Carina Frota Alves,et al.  Challenges in Requirements Engineering for Mobile Games Development: The Meantime Case Study , 2007, 15th IEEE International Requirements Engineering Conference (RE 2007).

[23]  Bashar Nuseibeh,et al.  An empirical investigation of multiple viewpoint reasoning in requirements engineering , 1999, Proceedings IEEE International Symposium on Requirements Engineering (Cat. No.PR00188).

[24]  Cynthia E. Irvine,et al.  A Case Study in Security Requirements Engineering for a High Assurance System , 2001 .

[25]  Mia Consalvo,et al.  Gaining Advantage: How Videogame Players Define and Negotiate Cheating , 2005, DiGRA Conference.

[26]  Jeff Yan,et al.  Security design in online games , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[27]  Brian Randell,et al.  A systematic classification of cheating in online games , 2005, NetGames '05.

[28]  Axel van Lamsweerde,et al.  Handling Obstacles in Goal-Oriented Requirements Engineering , 2000, IEEE Trans. Software Eng..

[29]  Gary McGraw,et al.  Exploiting Online Games: Cheating Massively Distributed Systems (Addison-Wesley Software Security Series) , 2007 .

[30]  Hyun-Jin Choi,et al.  Security issues in online games , 2002, Electron. Libr..

[31]  Isabel Ramos,et al.  Requirements engineering for organizational transformation , 2005, Inf. Softw. Technol..

[32]  A. Lyhyaoui,et al.  Online Games: Categorization of Attacks , 2005, EUROCON 2005 - The International Conference on "Computer as a Tool".

[33]  Annie I. Antón,et al.  Misuse and Abuse Cases : Getting Past the Positive , 2022 .