Software Security in Video Games - Cheats and Anti-Cheats

Game cheating is an active problem in the gaming world especially in PC games were both hardware and software control is in the hands of the machine owner. Cheaters get unfair advantage over regular gamers and destroy the game experience. Game studios and online game hosts have deployed anti-cheat services over the last few years to try and minimise the effect of cheats but these are still common.

This research project will approach the following research questions
1) How do game cheats work and what type of cheats exist?
2) How do cheats bypass the current anti-cheat services?
3) Are the anti-cheat services good enough to stop cheating, if not is there room for improvement in anti-cheat services?
4) Can the anti-cheat techniques be applied in the field of program vulnerability analysis and vice versa?
5) Can trusted execution environments like SGX can help with the game cheat problem?

As a first step the student will start by analysing underground game cheat forums. These forums contain information about how game cheats are created in the form of tutorials and also contain actual cheats. In some cases they even have their source code. This will provide a good insight on how cheats are created and which tools the cheaters/ forum users use to bypass the anti-cheat services. The different type cheats they exist. (1)

Then the student will try to create an environment where he will be able to analyse in a systematic way the cheats by combining static and dynamic analysis. Acquire ,if possible, source code from available anti-cheat services and try to bypass them in order to understand in more detail why they fail to detect certain cheats. (2) (3) (4) (5)

The most significant impact of the renewal of Royal Holloway's CDT in Cyber Security will be the production of at least 30 further PhD-level graduates. In view of the strong industry involvement in both the taught and research elements of the programme, CDT graduates are "industry-ready": through industry placements, they have exposure to real-world cyber security problems and working environments; because of the breadth of our taught programme, they gain exposure to cyber security in all its forms; through involvement of our industrial partners at all stages of the programme, the students are regularly exposed to the language and culture of industry. At the same time, they will continue to benefit from generic skills training, equipping them with a broad set of skills that will be of use in their subsequent workplaces (whether in academia, industry or government). They will also engage in PhD-level research projects that will lead to them developing deep topic-specific knowledge as well as general analytical skills.

One of the longer-term impacts of CDT research, expressed directly through research outputs, is to provide mechanisms that help to enhance confidence and trust in the on-line society for ordinary citizens, leading in turn to quality of life enhancement. CDT research has the potential of directly impacting the security of deployed system, for example helping to make the Internet a more secure place to do business. Moreover the work on the socio-technical dimensions of security and privacy also gives us the means to influence government policy to the betterment of society at large. Through the training component of the CDT, and subsequent engagement with industry, our PhD students are exposed to the widest set of cyber security issues and forced to think beyond the technical boundaries of their research. In this way, our CDT is training a generation of cyber security researchers who are equipped - philosophically as well as technically - to cope with whatever cyber security threats the future may bring. The programme equip students with skills that will enable them to understand, represent and solve complex engineering questions, skills that will have an impact in UK industry and academic long beyond the lifetime of the CDT.