TY - JOUR
T1 - The metaplace security model
AU - Roe, Michael
PY - 2011
Y1 - 2011
N2 - As part of an ongoing project on the security of online games and virtual reality applications, we joined the open beta test of Metaplace, to carry out our own analysis of Metaplace's security mechanisms, and to observe what went wrong in practise during the beta test. The beta test version of Metaplace is particularly interesting because it went further than most online games in allowing "user generated content". For example, users were able to customize the game (or effectively, build their own game) by writing code that was run on the game server. This clearly has serious security implications, and Metaplace had its own unique security mechanisms to address the resulting issues. At the end of the beta test, Metaplace (then renamed Island Life) was changed to be more modest in the forms of user generated content that were permitted. The beta test was therefore a one-off opportunity to see if these mechanisms worked in practise. We found that some well-known operating systems security issues reappeared in new forms in Metaplace: anyone who in the future would like to build a game with this degree of user-generated content in their game would do well to be aware of these issues. The obvious competitor to Metaplace was Linden Lab's Second Life, which also permits advanced forms of user-generated content. Second Life's approach to security is significantly different from Metaplace, and there both advantages and disadvantages: we give a more detailed comparison later in the paper.
AB - As part of an ongoing project on the security of online games and virtual reality applications, we joined the open beta test of Metaplace, to carry out our own analysis of Metaplace's security mechanisms, and to observe what went wrong in practise during the beta test. The beta test version of Metaplace is particularly interesting because it went further than most online games in allowing "user generated content". For example, users were able to customize the game (or effectively, build their own game) by writing code that was run on the game server. This clearly has serious security implications, and Metaplace had its own unique security mechanisms to address the resulting issues. At the end of the beta test, Metaplace (then renamed Island Life) was changed to be more modest in the forms of user generated content that were permitted. The beta test was therefore a one-off opportunity to see if these mechanisms worked in practise. We found that some well-known operating systems security issues reappeared in new forms in Metaplace: anyone who in the future would like to build a game with this degree of user-generated content in their game would do well to be aware of these issues. The obvious competitor to Metaplace was Linden Lab's Second Life, which also permits advanced forms of user-generated content. Second Life's approach to security is significantly different from Metaplace, and there both advantages and disadvantages: we give a more detailed comparison later in the paper.
UR - http://www.scopus.com/inward/record.url?scp=84855783030&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-25867-1_30
DO - 10.1007/978-3-642-25867-1_30
M3 - Article
AN - SCOPUS:84855783030
SN - 0302-9743
VL - 7114
SP - 313
EP - 326
JO - Lecture Notes in Computer Science (LNCS)
JF - Lecture Notes in Computer Science (LNCS)
ER -