Theft of virtual property - Towards security requirements for virtual worlds

Abstract

The article is focused to introduce the topic of information technology security for Virtual Worlds to a security experts' audience. Virtual Worlds arc Web 2.0 applications where the users cruise through the world with their individually shaped avatars to find either amusement, challenges or the next best business deal. People do invest a lot of time but beyond they invest in buying [virtual assets like fantasy witchcries, wepaons, armour, houses, clothes,... etc with the power of real world money. Although it is callcd '"virtual" (which is often put on the same level as "not existent") there is a real value behind it. In November 2007 dutch police arrested a seventeen years old teenager who was suspicted to have stolen virtual items in a Virtual World callcd Habbo Hotel [Rcuters07]. In order to successfully provide security mechanisms into Virtual Worlds it is necessarry to fully understand the domain for which the security mechansims arc defined. As Virtual Worlds must be clasificd into the domain of Social Software the article starts with an overview of how to understand Web 2.0 and gives a short introduction to Virtual Worlds. The article then provides a consideration of assets of Virtual Worlds participants, describes how these assets can be threatened and gives an overview of appopriate security requirements and completes with an outlook of possible countermcasures. © 2009 Vieweg+Teubner | GWV Fachverlage GmbH, Wiesbaden.