B.A.S.T.I.O.N.: Design and Implementation of an Automated Compliance Enforcement Tool
B.A.S.T.I.O.N.: Design and Implementation of an Automated Compliance Enforcement Tool
Supervisor(s): | Fabian Franzen |
Status: | finished |
Topic: | Others |
Author: | Leon Birkel |
Submission: | 2025-01-16 |
Type of Thesis: | Bachelorthesis |
DescriptionCheating prevention and detection in online scenarios presents a significant challenge due to the physical remoteness of users. Traditional methods of enforcing compliance, such as physical inspections or on-site audits, often require proximity and presence and are unusable in online environments like Electronic Sports competitions or remote exams, necessitating novel approaches. Monitoring tools aim to solve this problem by providing integrity-secured and verifiable reports on user activity and system status. Moss is the existing standard monitoring tool for Electronic Sports tournaments. To understand existing vulnerabilities and develop a deeper understanding of mon- itoring tools, we first reverse-engineer Moss. This analysis enables us to circumvent Moss’s integrity proofs, rendering its attests ineffective. Leveraging these insights, we have designed Behavior Audit and Systematic Tracking for Inspection and Operational Needs (BASTION), a hardened monitoring solution with enhanced security measures to address Moss’s weaknesses. As part of the development of BASTION, we are investigating the feasibility of dif- ferent types of trust anchors and comparing their security guarantees and weaknesses. By introducing BASTION as an addition to the existing monitoring tool ecosystem, we aim to increase the overhead for cheat developers, forcing them to acknowledge and bypass its defenses. While BASTION improves upon Moss’s weaknesses and provides a robust defense against standard cheating techniques, similar to Moss, it cannot provide total security guarantees due to the inherently untrusted environment of the user’s computer in which it operates. Nonetheless, this work contributes valuable insights into the challenges of online cheating prevention and offers a practical solution with increased resilience against malicious activity. |