Virtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.
[1]
L. Moonen,et al.
Prioritizing Software Inspection Results using Static Profiling
,
2006,
2006 Sixth IEEE International Workshop on Source Code Analysis and Manipulation.
[2]
Jan Sablatnig,et al.
Cheat-prevention and -analysis in online virtual worlds
,
2008,
e-Forensics '08.
[3]
Somesh Jha,et al.
Static Analysis of Executables to Detect Malicious Patterns
,
2003,
USENIX Security Symposium.
[4]
Kjell Jørgen Hole,et al.
Case study: online banking security
,
2006,
IEEE Security & Privacy.
[5]
Benjamin Livshits,et al.
Finding application errors and security flaws using PQL: a program query language
,
2005,
OOPSLA '05.
[6]
Michael Hobbs,et al.
A Multidiscipline Approach to Governing Virtual Property Theft in Virtual Worlds
,
2010,
HCC.
[7]
James Newsom,et al.
Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits on Commodity Software, Network and Distributed System Security Symposium Conference Proceedings : 2005
,
2005
.
[8]
Benjamin Livshits,et al.
Finding Security Vulnerabilities in Java Applications with Static Analysis
,
2005,
USENIX Security Symposium.