Game Engines 2021W Lecture 21
Jump to navigation
Jump to search
Game Engines & Security
-----------------------
Threat modelling is the first task when determining the security of a system
- what attacks actually matter?
- software security doesn't matter when a baseball bat
is the real threat
With games, what are the threats we care about?
- "theft"/piracy
- cheating
- loss of service
Software piracy is something all commercial software developers care about, but games are particularly interested because
- customers are price sensitive
- typically have lots of time on their hands
- and product is "consumable", can only expect usage
for a limited period of time
- subject to changes in taste
- once interest passes, sales tend to go way down
Copy protection for games is much older than game engines
- used to be games were all written from scratch
- code reuse was rare
Older forms of copy protection often involved games taking the "from scratch" idea to an extreme
Locksmith for the Apple II was a full reverse engineering suite
- needed because game copy protection involved creating
non-standard disk operating systems!
- had unique ways of encoding data on disk
- these formats could not be properly read by
standard disk reading software
- and even if they could copy the raw data, they
couldn't copy the weird patterns developers put in them
When writing data to a physical medium, you have many restrictions
- first, can't use all bit patterns, as only some bit patterns are allowed (because it is a physical substrate)
- must have error correction, because reads won't be perfect
- and, need navigation marks *in the data stream*,
because you have to manually find the start,
especially when the medium is circular
- start of track, end of track, etc
- game copy protection could mess with all of this
- almost impossible to make a "perfect" copy of
any disk with regular disk hardware unless
you understand the format in some way
Today it is all behind a standard API so regular software can never see it
- disk controllers are variable underneath but are
proprietary secrets
"cracking", then and now, means converting a program from a copy protected form to a standard, easily copyable form
A modern game engine typically doesn't have much of a role in copy protection
- now part of the DRM layer baked into the hardware
- uses strong cryptography (i.e., digital signatures),
code obfuscation, and tamper-resistant hardware
The way you get access to this is by working with a publisher and having them authorize your code by "publishing" it in some way. Without their authorization,
your code won't run.
The game security problem that is more top of mind and in need of engine support is anti-cheating
- because, what does it mean to cheat?
Mainly a concern in multiplayer, distributed games
- which are incredibly common
Copy protection is often part of anti-cheat software, but
it isn't enough
Anti cheat software has to make sure the program runs securely
- have to make runtime state is confidential and integrity protected
- have to make sure service remains available
Security is confidentiality, integrity, and availability (basically)
Want to stop
- one player impersonating another
- "spying" on other players, getting unfair advantages in the world
In an FPS, a cheater may want to
- look through walls
- have computer-enhanced aim, firing, movement
Note these all invole unauthorized viewing or modifying of game state
- viewing unauthorized parts of the world model
- unauthorized controller input (i.e., from a bot)
Unauthorized input can be managed by locking down the hardware
World model confidentiality is hard because it directly
contradicts performance requirements
- want to maintain local copies of the entire world with every game client to maximize performance
- need to send less data around as the player moves
- but those copies threaten the confidentiality of game state
Ideally a game engine would allow you to easily manage
distribution of game state
- could mark parts of it secret so it would be shared less
- support in-engine state obfuscation
Denial of service is a harder problem
- generally just means contracting with an anti-DDoS service
- but this isn't enough, because you have to figure out what to do when there are failures
For example, you could make it so that on network failure
a player's character become temporarily invulnerable
- can't be killed when not actively playing
- but now have you given players an incentive to DoS themselves?
Multiplayer games become bigger than the game you create
- they develop a culture
- part of that culture may be to make use of mechanisms that you didn't build, i.e., cheats
- but you as a developer can influence how that culture develops
This is particularly true with in-game economies
- if players perceive unfairness, they
will either leave or will try to even the odds
by any means necessary, i.e. cheating
Modding is really a strategy for managing the meta game
- many of the same techniques of crackers
- but here, used in a creative context
People respond to incentives, and not all incentives are financial
- huge drive to "have fun"
- part of having fun is figuring out puzzles,
gaining a competitive advantage, "playing the game"
- for many in the game community, cheats and software
piracy are more fun than playing the games themselves
Computer security itself is really a game between attackers and defenders
- this game can work in your interests or against your interests
My research is really about how to make the game of security less fun
- particularly for the attackers
But to be fair, some of my work may make it more fun
Examples
- if you figure out how to copy one game, it won't
help you copy the next (diversity)
- but maybe I've just increased replayability?
Anomaly detection
- detect when things are "weird" at some level, e.g.
how the program runs
- but then this became a game of attackers trying to make their attacks look "normal" (mimicry attacks)
Games have (a bit) trained some people to enjoy cracking systems, developing exploits
- huge incentives, not many downsides
When you present, please have your cameras on
- public speaking goes better when people can see you