Game Engines 2021W Lecture 21
Jump to navigation
Jump to search
Game Engines & Security ----------------------- Threat modelling is the first task when determining the security of a system - what attacks actually matter? - software security doesn't matter when a baseball bat is the real threat With games, what are the threats we care about? - "theft"/piracy - cheating - loss of service Software piracy is something all commercial software developers care about, but games are particularly interested because - customers are price sensitive - typically have lots of time on their hands - and product is "consumable", can only expect usage for a limited period of time - subject to changes in taste - once interest passes, sales tend to go way down Copy protection for games is much older than game engines - used to be games were all written from scratch - code reuse was rare Older forms of copy protection often involved games taking the "from scratch" idea to an extreme Locksmith for the Apple II was a full reverse engineering suite - needed because game copy protection involved creating non-standard disk operating systems! - had unique ways of encoding data on disk - these formats could not be properly read by standard disk reading software - and even if they could copy the raw data, they couldn't copy the weird patterns developers put in them When writing data to a physical medium, you have many restrictions - first, can't use all bit patterns, as only some bit patterns are allowed (because it is a physical substrate) - must have error correction, because reads won't be perfect - and, need navigation marks *in the data stream*, because you have to manually find the start, especially when the medium is circular - start of track, end of track, etc - game copy protection could mess with all of this - almost impossible to make a "perfect" copy of any disk with regular disk hardware unless you understand the format in some way Today it is all behind a standard API so regular software can never see it - disk controllers are variable underneath but are proprietary secrets "cracking", then and now, means converting a program from a copy protected form to a standard, easily copyable form A modern game engine typically doesn't have much of a role in copy protection - now part of the DRM layer baked into the hardware - uses strong cryptography (i.e., digital signatures), code obfuscation, and tamper-resistant hardware The way you get access to this is by working with a publisher and having them authorize your code by "publishing" it in some way. Without their authorization, your code won't run. The game security problem that is more top of mind and in need of engine support is anti-cheating - because, what does it mean to cheat? Mainly a concern in multiplayer, distributed games - which are incredibly common Copy protection is often part of anti-cheat software, but it isn't enough Anti cheat software has to make sure the program runs securely - have to make runtime state is confidential and integrity protected - have to make sure service remains available Security is confidentiality, integrity, and availability (basically) Want to stop - one player impersonating another - "spying" on other players, getting unfair advantages in the world In an FPS, a cheater may want to - look through walls - have computer-enhanced aim, firing, movement Note these all invole unauthorized viewing or modifying of game state - viewing unauthorized parts of the world model - unauthorized controller input (i.e., from a bot) Unauthorized input can be managed by locking down the hardware World model confidentiality is hard because it directly contradicts performance requirements - want to maintain local copies of the entire world with every game client to maximize performance - need to send less data around as the player moves - but those copies threaten the confidentiality of game state Ideally a game engine would allow you to easily manage distribution of game state - could mark parts of it secret so it would be shared less - support in-engine state obfuscation Denial of service is a harder problem - generally just means contracting with an anti-DDoS service - but this isn't enough, because you have to figure out what to do when there are failures For example, you could make it so that on network failure a player's character become temporarily invulnerable - can't be killed when not actively playing - but now have you given players an incentive to DoS themselves? Multiplayer games become bigger than the game you create - they develop a culture - part of that culture may be to make use of mechanisms that you didn't build, i.e., cheats - but you as a developer can influence how that culture develops This is particularly true with in-game economies - if players perceive unfairness, they will either leave or will try to even the odds by any means necessary, i.e. cheating Modding is really a strategy for managing the meta game - many of the same techniques of crackers - but here, used in a creative context People respond to incentives, and not all incentives are financial - huge drive to "have fun" - part of having fun is figuring out puzzles, gaining a competitive advantage, "playing the game" - for many in the game community, cheats and software piracy are more fun than playing the games themselves Computer security itself is really a game between attackers and defenders - this game can work in your interests or against your interests My research is really about how to make the game of security less fun - particularly for the attackers But to be fair, some of my work may make it more fun Examples - if you figure out how to copy one game, it won't help you copy the next (diversity) - but maybe I've just increased replayability? Anomaly detection - detect when things are "weird" at some level, e.g. how the program runs - but then this became a game of attackers trying to make their attacks look "normal" (mimicry attacks) Games have (a bit) trained some people to enjoy cracking systems, developing exploits - huge incentives, not many downsides When you present, please have your cameras on - public speaking goes better when people can see you