threat model

Guide for threat model

Threat Model - Legends of Hastinapur

Assets

Critical Assets

  1. Player Data
    • Account credentials (hashed passwords, email)
    • Personal information (username, payment history)
    • Game progress (characters, inventory, skills)
  2. Game State
    • Server-side authoritative state
    • Real-time player positions and actions
  3. Payment Information
    • Transaction records
    • Subscription data
  4. Infrastructure
    • Database servers
    • Game servers (WebSocket)
    • Cloudflare Tunnel tokens

Threat Actors

ActorMotivationCapability
Script KiddiesFame, disruptionLow - use existing tools
HackersFinancial gain, data theftMedium-High - custom exploits
Malicious Plugin DevelopersInject malware, steal dataMedium - Lua knowledge
Insider ThreatsData exfiltrationHigh - system access
DDoS AttackersRansom, disruptionMedium - botnets

Attack Vectors & Mitigations

1. SQL Injection

Vector: Malicious input in login/registration forms
Impact: Database breach, account takeover
Mitigation:
  • ✅ Use parameterized queries (prepared statements)
  • ✅ Input validation on all endpoints
  • ⚠️ TODO: Add SQL injection tests

2. Plugin Exploits

Vector: Malicious Lua plugins bypass sandbox
Impact: Server compromise, player data theft
Mitigation:
  • ✅ Restricted Lua libraries (no io, os, debug in production)
  • ✅ Ed25519 signature verification
  • ✅ Memory limits (32MB per plugin)
  • ⚠️ TODO: Runtime monitoring for suspicious plugin behavior

3. DDoS Attacks

Vector: Flood game server with connections/messages
Impact: Service unavailability
Mitigation:
  • ✅ Cloudflare WAF + DDoS protection
  • ✅ Rate limiting (100 req/min per IP, 1000 actions/min per player)
  • ⏳ TODO: Implement auto-scaling

4. Authentication Bypass

Vector: Weak JWT tokens, session hijacking
Impact: Account takeover
Mitigation:
  • ✅ Argon2id password hashing
  • ✅ JWT with 15-min expiry
  • ⚠️ TODO: Implement refresh token rotation
  • ⚠️ TODO: Add 2FA (Time-based OTP)

5. XSS (Cross-Site Scripting)

Vector: Malicious scripts in player names, chat messages
Impact: Session theft, phishing
Mitigation:
  • ⚠️ TODO: Sanitize all user-generated content
  • ⚠️ TODO: Content Security Policy headers

6. Data Exfiltration

Vector: Insider access, compromised credentials
Impact: Player data breach
Mitigation:
  • ✅ SSL/TLS for all connections
  • ⏳ TODO: Database encryption at rest
  • ⏳ TODO: Audit logs for admin actions
  • ⏳ TODO: Role-based access control (RBAC)

Risk Matrix

ThreatLikelihoodImpactPriorityMitigated?
SQL InjectionLowCriticalHigh✅ Yes
Plugin ExploitMediumHighHigh✅ Partial
DDoSHighMediumHigh✅ Yes
Auth BypassLowCriticalHigh⚠️ Partial
XSSMediumMediumMedium❌ No
Data ExfiltrationLowCriticalMedium⚠️ Partial

Security Recommendations

  1. Immediate (P0):
    • Implement XSS sanitization
    • Add 2FA support
    • Database encryption at rest
  2. Short-term (P1):
    • Security penetration testing
    • Bug bounty program
    • SIEM integration
  3. Long-term (P2):
    • SOC 2 compliance
    • Regular security audits
    • Red team exercises