An Attack-Defense Tree on e-Exam System

An Attack-Defense Tree on e-Exam System

The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of emerging technologies in learning 2019-01, Vol.14 (23), p.251
Hauptverfasser: Rosmansyah, Yusep, Ritonga, Mora Hertanto, Hardi, Ariq Bani
Format: Artikel
Sprache:eng
Schlagworte:
Cheating
Cybercrime
Data encryption
Defense
Malware
Risk assessment
Servers
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.
ISSN:1863-0383
1863-0383
DOI:10.3991/ijet.v14i23.11088