Game Engines 2021W Lecture 21

From Soma-notes
Game Engines & Security
-----------------------

Threat modelling is the first task when determining the security of a system
 - what attacks actually matter?
 - software security doesn't matter when a baseball bat
   is the real threat

With games, what are the threats we care about?
 - "theft"/piracy
 - cheating
 - loss of service

Software piracy is something all commercial software developers care about, but games are particularly interested because
 - customers are price sensitive
 - typically have lots of time on their hands
 - and product is "consumable", can only expect usage
   for a limited period of time
 - subject to changes in taste
   - once interest passes, sales tend to go way down

Copy protection for games is much older than game engines
 - used to be games were all written from scratch
 - code reuse was rare

Older forms of copy protection often involved games taking the "from scratch" idea to an extreme

Locksmith for the Apple II was a full reverse engineering suite
 - needed because game copy protection involved creating
   non-standard disk operating systems!
 - had unique ways of encoding data on disk
 - these formats could not be properly read by
   standard disk reading software
 - and even if they could copy the raw data, they
   couldn't copy the weird patterns developers put in them

When writing data to a physical medium, you have many restrictions
 - first, can't use all bit patterns, as only some bit patterns are allowed (because it is a physical substrate)
 - must have error correction, because reads won't be perfect
 - and, need navigation marks *in the data stream*,
   because you have to manually find the start,
   especially when the medium is circular
     - start of track, end of track, etc

 - game copy protection could mess with all of this
     - almost impossible to make a "perfect" copy of
       any disk with regular disk hardware unless
       you understand the format in some way

Today it is all behind a standard API so regular software can never see it
 - disk controllers are variable underneath but are
   proprietary secrets

"cracking", then and now, means converting a program from a copy protected form to a standard, easily copyable form

A modern game engine typically doesn't have much of a role in copy protection
 - now part of the DRM layer baked into the hardware
 - uses strong cryptography (i.e., digital signatures),
   code obfuscation, and tamper-resistant hardware

The way you get access to this is by working with a publisher and having them authorize your code by "publishing" it in some way.  Without their authorization,
your code won't run.

The game security problem that is more top of mind and in need of engine support is anti-cheating
 - because, what does it mean to cheat?

Mainly a concern in multiplayer, distributed games
 - which are incredibly common

Copy protection is often part of anti-cheat software, but
it isn't enough

Anti cheat software has to make sure the program runs securely
 - have to make runtime state is confidential and integrity protected
 - have to make sure service remains available

Security is confidentiality, integrity, and availability (basically)

Want to stop
 - one player impersonating another
 - "spying" on other players, getting unfair advantages in the world

In an FPS, a cheater may want to
 - look through walls
 - have computer-enhanced aim, firing, movement

Note these all invole unauthorized viewing or modifying of game state
 - viewing unauthorized parts of the world model
 - unauthorized controller input (i.e., from a bot)

Unauthorized input can be managed by locking down the hardware

World model confidentiality is hard because it directly
contradicts performance requirements
 - want to maintain local copies of the entire world with every game client to maximize performance
    - need to send less data around as the player moves
 - but those copies threaten the confidentiality of game state

Ideally a game engine would allow you to easily manage
distribution of game state
 - could mark parts of it secret so it would be shared less
 - support in-engine state obfuscation

Denial of service is a harder problem
 - generally just means contracting with an anti-DDoS service
 - but this isn't enough, because you have to figure out what to do when there are failures

For example, you could make it so that on network failure
a player's character become temporarily invulnerable
 - can't be killed when not actively playing
 - but now have you given players an incentive to DoS themselves?

Multiplayer games become bigger than the game you create
 - they develop a culture
 - part of that culture may be to make use of mechanisms that you didn't build, i.e., cheats
 - but you as a developer can influence how that culture develops

This is particularly true with in-game economies
 - if players perceive unfairness, they
   will either leave or will try to even the odds
   by any means necessary, i.e. cheating

Modding is really a strategy for managing the meta game
 - many of the same techniques of crackers
 - but here, used in a creative context

People respond to incentives, and not all incentives are financial
 - huge drive to "have fun"
 - part of having fun is figuring out puzzles,
   gaining a competitive advantage, "playing the game"
 - for many in the game community, cheats and software
   piracy are more fun than playing the games themselves

Computer security itself is really a game between attackers and defenders
 - this game can work in your interests or against your interests

My research is really about how to make the game of security less fun
 - particularly for the attackers
But to be fair, some of my work may make it more fun

Examples
 - if you figure out how to copy one game, it won't
   help you copy the next (diversity)
 - but maybe I've just increased replayability?

Anomaly detection
 - detect when things are "weird" at some level, e.g.
   how the program runs
 - but then this became a game of attackers trying to make their attacks look "normal" (mimicry attacks)

Games have (a bit) trained some people to enjoy cracking systems, developing exploits
 - huge incentives, not many downsides

When you present, please have your cameras on
 - public speaking goes better when people can see you