Document Type
Conference Paper
Publication Date
2022
DOI
10.1145/3548606.3560647
Publication Title
CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Pages
1993-2007
Conference Name
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security, November 7-11, 2022, Los Angeles, CA
Abstract
Cloud gaming has become an emerging computing paradigm in recent years, allowing computer games to offload complex graphics and logic computation to the cloud. To deliver a smooth and high-quality gaming experience, cloud gaming services have invested abundant computing resources in the cloud, including adequate CPUs, top-tier GPUs, and high-bandwidth Internet connections. Unfortunately, the abundant computing resources offered by cloud gaming are vulnerable to misuse and exploitation for malicious purposes. In this paper, we present an in-depth study on security vulnerabilities in cloud gaming services. Specifically, we reveal that adversaries can purposely inject malicious programs/URLs into the cloud gaming services via game mods. Using the provided features such as in-game subroutines, game launch options, and built-in browsers, adversaries are able to execute the injected malicious programs/URLs in cloud gaming services. To demonstrate that such vulnerabilities pose a serious threat, we conduct four proof-of-concept attacks on cloud gaming services. Two of them are to abuse the CPUs and GPUs in cloud gaming services to mine cryptocurrencies with attractive profits and train machine learning models at a trivial cost. The other two are to exploit the high-bandwidth connections provided by cloud gaming for malicious Command & Control and censorship circumvention. Finally, we present several countermeasures for cloud gaming services to protect their valuable assets from malicious exploitation.
Rights
© 2022 of the Owner/Authors.
This work is licensed under a Creative Commons Attribution International 4.0 (CC BY 4.0) License.
Original Publication Citation
Liu, G., Liu, D., Hao, S., Gao, X., Sun, K., & Wang, H. (2022). Ready raider one: Exploring the misuse of cloud gaming services. In CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1993-2007). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560647
Repository Citation
Liu, G., Liu, D., Hao, S., Gao, X., Sun, K., & Wang, H. (2022). Ready raider one: Exploring the misuse of cloud gaming services. In CCS '22: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 1993-2007). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560647
ORCID
0000-0001-7483-5252 (Hao)
Included in
E-Commerce Commons, Game Design Commons, Information Security Commons, Systems Architecture Commons