The metaplace security model
As part of an ongoing project on the security of online games and virtual reality applications, we joined the open beta test of Metaplace, to carry out our own analysis of Metaplace's security mechanisms, and to observe what went wrong in practise during the beta test. The beta test version of Metaplace is particularly interesting because it went further than most online games in allowing "user generated content". For example, users were able to customize the game (or effectively, build their own game) by writing code that was run on the game server. This clearly has serious security implications, and Metaplace had its own unique security mechanisms to address the resulting issues. At the end of the beta test, Metaplace (then renamed Island Life) was changed to be more modest in the forms of user generated content that were permitted. The beta test was therefore a one-off opportunity to see if these mechanisms worked in practise. We found that some well-known operating systems security issues reappeared in new forms in Metaplace: anyone who in the future would like to build a game with this degree of user-generated content in their game would do well to be aware of these issues. The obvious competitor to Metaplace was Linden Lab's Second Life, which also permits advanced forms of user-generated content. Second Life's approach to security is significantly different from Metaplace, and there both advantages and disadvantages: we give a more detailed comparison later in the paper.