Abstract This topic deals with the problem of access control in 3D virtual environments which are interactive, behavior-rich, multi-user, and based on user-contributed content. Traditional coarse-grained and geometry-centric privilege modeling methods are not sufficient for such environments. New methods are required that concern not only geometrical models, their relationships and structure, but also inter-object behavioral interactions. In this topic, a method called Selective Semantic Modeling (SSM) is described. The SSM method enables modeling of privileges for behavioral objects with respect to their semantics. The SSM method is based on the concept of semantic operations, which are generated at run-time from the current content structure of a virtual environment and are applicable to the access control model as a part of a privilege. Semantic consistency of the privilege is guaranteed by a two-phase regeneration and validation mechanism, so that user privileges can be expressed in a precise, semantically accurate and flexible way.
Introduction
Creation, maintenance, and development cost of behavioral and interactive content for multiuser 3D virtual environments is very high. At the same time, evolving content is the key factor to keep long-term users. Environments supporting content creation by user communities in a social way gain advantage in the market since usergenerated content is cheaper to acquire from the service provider’s perspective as well as more attractive from the user perspective. Therefore, modern virtual environments are not only behavioral and interactive but also user-contributed, massively used and—in consequence—highly dynamic [24, 25, 30].
Modern virtual environments are behavioral: they model not only geometry and structure of objects, but also their behavior implemented in various scripting languages.
Modern virtual environments constitute interactive environments, where interactions take place not only between a user and multiple virtual objects, but also among the objects themselves.
In modern virtual environments, objects and inter-object interactions are user contributed. Users can create new behavioral objects at run-time in a decentralized manner.
Virtual environments are massively used and highly complex: they support a large number of classes, objects and methods that require a great variety of possible roles, privileges, and operations, which have to be understandable and manageable for a large number of users.
Finally, as the consequence of the above features, modern virtual environments are highly dynamic. Thousands of users constantly add new behavior to objects, modify them, assemble them into more complex scenes, and extend their functionality, so behavioral content evolves over time in many aspects.
Consequently, there is a need to refine data security protection in such virtual environments. Since traditional coarse-grained and geometry-centric access control and privilege modeling methods are not sufficient for such environments, new methods are required. Protection should concern not only geometrical models, their relationships and structure, but also inter-object behavioral interactions. New methods cannot be too coarse and limit the user too much when creating new behavior-rich content and when modifying the existing objects since the primary assumption is to promote user creativity and sociability.
To protect behavioral content, an effective yet unobtrusive and flexible access control model, using privileges based on interactions between objects in a persistently running virtual environment, is needed. Possible interactions can be thoroughly analyzed by taking into account the call range of object methods. Access control model should also be expressive enough to take into account inter-object dependencies and their semantics. Objects can be created not only from scratch, but also as compositions of other objects, possibly created by different users or even coming from different virtual environments. The privilege system should automatically encompass newly created objects and follow the evolution of the virtual environment. Privileges should be manageable and understandable by a human operator and, at the same time, should be applicable at the fine-grained level.
In this topic, a new method called Selective Semantic Modeling (SSM) is proposed, which addresses the requirements listed above. The SSM method consists of two elements. The first one is a flexible Virtual Reality Privilege Representation (VR-PR) for virtual environment objects. The second one is a semantic extension of VR-PR—Knowledgebase of Objects Behavior (KBOB) built according to an Ontology of Objects Behavior (OOB).
The SSM method enables modeling privileges for virtual environment behavioral resources with respect to semantics of behaviors. The SSM method is based on the concept of semantic operations. Semantic operations are generated at run-time from the current behavior-rich content of the virtual environment and are applicable to the employed access control model as a part of a privilege. Semantic consistency of the maintained privilege set is forced by a two-phase regeneration and validation mechanism, so that user privileges can be expressed in a precise, semantically accurate, and flexible way.
This topic is organized as follows. In Sect. 7.2, the state of the art in the field of data security in multiuser virtual environments is presented. In Sect. 7.3, the VR-PR approach to privilege modeling is proposed, based on the induction of metaoperations used to express privileges. Section 7.4 is devoted to the SSM method employing semantics-based privileges. In this section, the KBOB knowledgebase for semantics-based privileges is described, as well as the OOB ontology. In Sect. 7.5, a prototype SSM4VM system built according to the SSM method and designed for virtual museums is presented. In Sect. 7.6, other potential applications of the SSM method are described. Section 7.7 concludes the topic.
Constantly increasing processing power of computers and throughput of telecommunication networks as well as progress of servers virtualization techniques permit servers and clients to handle more and more advanced virtual environment systems [9]. 3D virtual environments are deployed in a large number [5] in various application domains (business, co-design, entertainment, social life), which are based on various participation paradigms (mass, niche, groups competition, competition within groups).
There are two trends that help virtual environments to survive in the market: user-content orientation and federalization. Ability to navigate in a virtual environment through 3D interface is not enough to attract and keep long-term users. The key factor is content, which has to constantly evolve to remain attractive. However, the cost of content creation, maintenance, and development for a large population of users is very high. A solution to this problem is to provide virtual environments with technological solutions that open them to the content that is generated by users.Also, such content is certainly cheaper to develop and maintain for the service provider. In turn, federalization [11] provides users of virtual environments with access to a broader range of services, and up-to-date digital assets coming from different sources.
Nevertheless, in recent years it has been observed that the growth of many virtual environments, including these supporting user-generated content, is frequently slowed down or even stopped. One of the major reasons for this is related to the user and content security. If a user cannot be sure whether she is able to control the access of other users to her content, she will not participate actively in the content development. Moreover, if she cannot be sure whether her interactions with the content created by other users is always safe for her, her privacy and her content, probably she will not participate in the virtual environment at all. Also, the problem of usage control in the context of the IPR assurance is the issue [16].
DRM is a technique to control access and usage of digital content, including multimedia data as described in [41]. Modern DRM techniques are designed to maintain control over the content during the whole or a large part of the content lifecycle as illustrated in [13]. Various types of multimedia data are protected by the DRM systems. However, constantly developing multimedia techniques in conjunction with development of networking techniques challenge the existing DRM systems. In particular, randomly chosen fragments of 3D virtual environments, containing behavioral objects (including scripting source code), interacting dynamically with each other and created by active users cannot be sufficiently protected by current DRM systems. In most DRM systems, a rigid separation of content creator, license creator, and user roles is assumed [14]. This is not consistent with modern multimedia systems, where users create the content and compose digital items created or composed by other users.
The most distinguished standardization effort in the domain of protecting digital rights of multimedia content is MPEG-21 REL [36], a rule-based access control language developed for expressing rights that a given entity has been granted. Rights are related to a particular resource under a set of conditions. A content creator or its owners use it to govern the use of their digital content. Unfortunately, Digital Item representation, which is the base for this model, is not expressive enough to support complex behavior-rich 3D scenes with content that has to be protected selectively. Alternative access control languages, like XACML [20], or ccREL [1] are even more generic, thus they cannot be applied directly to protect virtual environments with respect to specificity of their data model. When designing a multimedia system to control access to objects, either the Role-Based Access Control model [29], the Attribute-Based Access Control [27], or their extensions may be applied. These models, however, are not intended to solve the problem of privilege granting in highly dynamic systems with user-generated interactive content.
Apart from the DRM and general access control techniques mentioned above, also multimedia mining techniques address the problems of data security and privacy protection [31]. Multimedia mining faces two difficulties in comparison to traditional data mining: the problem of ambiguous and redundant representations of entities described by multimedia data, and inherent dynamism over time of some types of multimedia data. Moreover, in the domain of 3D virtual environments, multimedia mining has to deal with mining in geometrical and behavioral inter-object relations [35].
Research on data privacy protection in the 3D virtual environment domain is derived from the output of either CAD or VR communities. The majority of research effort on advanced privileges modeling in virtual environments is based on the achievements of CAD domain, because there is a need in the industry for CAD systems providing access control while enabling collaboration [7]. Thus, the CAD area is a source of many interesting ideas, later adopted to virtual environments. Still, these access control models have limitations. Some protect only object geometry with the granularity of different mesh resolutions—the protection does not concern interactions or behaviors [4]. Others are asynchronous, which is not useful in virtual environment practice [28]. Finally, in other access control models only basic operations such as read, write and modify are used to form privileges [37].
In the VR community, a number of works are devoted to methods of modeling virtual environments not only as sets of geometrical objects but also semantically [8, 15, 18, 26]. Such approaches enable application of algorithms automatically exploring content of a virtual environment, reusing objects in different contexts and taking advantage of domain knowledge stored in external ontologies.
The next research field related to this topic is structured design of virtual environments. It focuses on methods of building VR applications in which content is dynamically configured from high-level elements, thus it can be relatively easily created and modified by domain experts and common users. An approach to VR structured design which inherently supports interactive behavior-rich scenes is Beh-VR, presented in Chap. 5 and in [32] and [33]. In the Beh-VR approach, 3D scene-specific elements, such as geometry, virtual object attributes and behavior definition, are seamlessly modeled using concepts of an object or a “VR-Bean” [34].
Applying semantic modeling techniques and structural design approaches to virtual environments in a way increases the level of data security. Well tested geometry representations or behavioral code can be easily reused, thus the risk of using badly designed objects or scenes decreases. Moreover, state-of-the-art ontologies or knowledgebases can be easily applied to virtual environments or even their selected subspaces, which reduces the risk of unintended misuse of virtual environment data. However, in the formal models of such approaches as well as in their usage scenarios, it is not taken into account how access control model, particularly user privileges, could be related to the content model.
Data security issues in mass multiuser virtual worlds are a wide and still growing topic [6, 10, 19]. Yet, access control models in commercial virtual worlds are usually very simple: only few operations from a predefined list can be used to form user privileges. Access control for objects is based on two roles only (owner/nonowner). In the most popular virtual world—Second Life [30] owner/non-owner access control model for objects has been extended to support group privileges used for collaboration of two or more people in a shared parcel of land [17]. One can use predefined roles or can define new roles for different users who work on a common project. Roles are defined by assigning so called “capabilities.” But still the list of “capabilities” is predefined, fixed and coarse-grained. Moreover, “capabilities” cannot be assigned to selected resources. In Active Worlds [2], a virtual world competing with Second Life, possibilities of collaboration are even more simplified. The right to work on someone else’s object can be granted by the owner of that object only, using a so-called “privilege password” mechanism.
Recently significant progress in the area of virtual environment development can be noticed in the open source software communities. One of the most mature open source platforms is Open Wonderland [24]. Its architecture supports the creation of a wide range of interactive and dynamic virtual worlds. Open Wonderland identity and authentication mechanisms take advantage of existing corporate solutions like LDAP. For access control, any object within an environment can be associated with an access control list (ACL) to control which users can view or manipulate or edit the object. However, as in the case of commercial virtual worlds, a list of possible operations is predefined. It is worth noting that Open Wonderland’s ACLs are hierarchical, so access can be applied to a single object in a space or to all objects within a room, a building or another enclosing 3D structure.
Another access control related topic regards the implementations of recently more and more popular federated virtual environments, usually based on open source Open Simulator [23] engine implementation, such as OSGrid [25]. Their access control mechanism can be bypassed, e.g., by using “copybot” software simulating client applications that perform uncontrolled operations to copy user assets. A security threat introduced by federated processing model makes federated virtual environments perceived as inherently insecure [12]. In fact, there is a threat that a user visits a virtual environment region (host) that is running a malicious code. This is related to security threat affecting trading of virtual goods and their usage control.
Open Cobalt [22], yet another open source platform for constructing, accessing, and sharing virtual environments, makes it possible to hyperlink virtual environments using 3D portals to form a large distributed network of interconnected collaboration spaces. It is based on a different assumption than the environments previously described: it does not require centralized servers and the processing is distributed in a peer-to-peer manner. From the security analysis point of view, interesting element of such approach is reduction of reliance on error-prone server infrastructures by using a peer-based messaging protocol. However, here the problem of untrusted clients appears, which is even harder to solve than the problem of malicious hosts.
Other programming platforms for 3D virtual environments that should be mentioned are X3D-based collaboration servers, such as BS Collaborate [3] and Oc-taga Collaboration Server [21]. However, these servers provide only limited security measures, which do not enable definition of fine-grained semantically-rich access-and usage-control privileges in the virtual environments.
