File(s) under permanent embargo
Virtual world security inspection : a software inspection process carried out on popular virtual world environments
conference contribution
posted on 2011-01-01, 00:00 authored by Nick Patterson, Michael HobbsMichael HobbsVirtual property theft is a serious problem that exists in virtual worlds. Legitimate users of these worlds invest considerable amounts of time, effort and real-world money into obtaining virtual property, but unfortunately, are becoming victims of theft in high numbers. It is reported that there are over 1 billion registered users of virtual worlds containing virtual property items worth an estimated US$50 billion dollars. The problem of virtual property theft is complex, involving many legal, social and technological issues. The software used to access virtual worlds is of great importance as they form the primary interface to these worlds and as such the primary interface to conduct virtual property theft. The security vulnerabilities of virtual world applications have not, to date, been examined. This study aims to use the process of software inspection to discover security vulnerabilities that may exist within virtual world software – vulnerabilities that enable virtual property theft to occur. Analyzing three well know virtual world applications World of Warcraft, Guild Wars and Entropia Universe, this research utilized security analysis tools and scenario testing with focus on authentication, trading, intruder detection and virtual property recovery. It was discovered that all three examples were susceptible to keylogging, mail and direct trade methods were the most likely method for transferring stolen items, intrusion detection is of critical concern to all VWEs tested, stolen items were unable to be recovered in all cases and lastly occurrences of theft were undetectable in all cases. The results gained in this study present the key problem areas which need to be addressed to improve security and reduce the occurrence of virtual property theft.
History
Event
Applications and Techniques in Information Security. Workshop (2nd : 2011 : Melbourne, Victoria)Pagination
1 - 9Publisher
School of Information Systems, Deakin UniversityLocation
Melbourne, VictoriaPlace of publication
Melbourne, Vic.Start date
2011-11-09ISBN-13
9780987229809Language
engPublication classification
E1 Full written paper - refereedEditor/Contributor(s)
M WarrenTitle of proceedings
ATIS 2011 : Proceedings of the 2nd Applications and Techniques in Information Security WorkshopUsage metrics
Categories
No categories selectedKeywords
Licence
Exports
RefWorks
BibTeX
Ref. manager
Endnote
DataCite
NLM
DC