Server-side Verification of Client Behavior in Online Games
Online gaming is a lucrative and growing industry, but one that is slowed by cheating that compromises the gaming experience and hence drives away players (and revenues). In this paper we develop a technique by which game developers can enable game operators to validate the behavior of game clients as being consistent with valid execution of the sanctioned client software. Our technique employs symbolic execution of the client software to extract constraints on client-side state implied by each client-to-server message, and then uses constraint solving to determine whether the sequence of client-to-server messages can be “explained” by any possible user inputs, in light of the server-to-client messages already received. The requisite constraints and solving components can be developed either simultaneously with the game or retroactively for existing games. We demonstrate our approach in two case studies: one of the open-source game XPilot, and one of a game similar to Pac-Man of our own design.