Professional Documents
Culture Documents
E-Learning Security Models: Vladimir I. Zuev
E-Learning Security Models: Vladimir I. Zuev
E-Learning Security Models: Vladimir I. Zuev
Zuev
E-Learning Security Models
Summary
Article Info:
The article looks into methods and models that are useful when analyzing the risks
Management Information Systems, and vulnerabilities of complex e-learning systems in an emergency management
Vol. 7 (2012), No. 2, context. Definitions of vulnerability and emergency response capabilities, such as
pp. 024-028 VLE/PLE attack surface, are suggested.
Received 12 September 2011 The article provides insight into some of the issues related to analysis of risks and
Accepted 24 April 2012 vulnerabilities of e-learning systems, but more research is needed to address this
difficult and comprehensive task.
UDC 37.018.43:004.738.5 ; 371.322:004
Keywords
implementation of innovation in education, information technologies, single
informational and educational environment
Fourth, it is the risk associated with the inability etc. The more components are included in VLE,
to make contact with the teacher. the greater is the number of potential
And last, it is technology risk, which is vulnerabilities and, therefore, the attack surface.
associated with high level of students ICT Meanwhile, not all elements of VLE are parts of
competence. the VLE attack surface, and those that really are
the sources of vulnerabilities, are unequal in their
There is also certain kind of risks associated
breach potential. It is therefore necessary to define
with the staff, which can also act either as an
criteria by which we assess the vulnerabilities
object, or as the subject of attacks on e-learning
(contribution of each of the possible breach
system.
elements).
Therefore e-learning security system metrics
The element of VLE becomes a part of the
formalization and creation of adequate model of
VLE attack surface if the attacker can use it to
such a system is quite a difficult task.
disrupt normal system performance. To assess this
elements ability it is logical to introduce a criterion
5. E-University Security Metrics based on the ratio:
Meanwhile, metrics can be an effective tool for
university security managers to discern the [The System Recovery Cost / Damage from the Actions
effectiveness of various components of their of the Attacker].
security programs, the security of a specific Another option may be the assessment ratio of
learning management system, product or process, system failure time and system repair time.
and the ability of faculty and staff to address Thus, the VLE attack surface is an integral
security issues for which they are responsible. characteristic of the vulnerability of the system as a
Metrics can also help identify the level of risk in whole. It gives an idea about the damage that an
not taking a given action, and in that way provide attacker can cause the system and at the same time
guidance in prioritizing corrective actions. gives notions of the way he must act in order to
Additionally, they may be used to raise the level of damage an e-University.
security awareness within the university. Manadhata and Wing (2004) introduced the
A complete analysis of the e-learning security concept of attack vector. Actually attack
systems includes: vector characterizes an option of malicious
a topological analysis of the structure of e- disruption of the systems normal performance.
learning system, Thus the set of attack vectors is defined by
accounting of software cyclomatic complexity, the set of threats and risks of e-learning system as
taking into account psychological and mentioned above.
educational components of the educational The larger attack surface is, the more insecure is
process, etc. the e-learning system. Manadhata and Wing (2011)
formalized the notion of a systems attack surface
Meanwhile, sometimes it is possible to offer a using an I/O automata model of the system and
more simple way of solving this problem. introduced an attack surface metric to measure the
It is evident that any time the attack occurs, an attack surface in a systematic manner.
attacker comes in contact with the e-learning One way to minimize the risk is by reducing the
system, using the channels of information, using attack surfaces of their VLE. A smaller attack
and imitating the system ways and methods, surface makes the exploitation of the vulnerabilities
sending or receiving information from the system. harder and lowers the damage of exploitation and
Similar acts are performed by an attacker during hence mitigates the security risk.
the attack on pure informational sites. So we use
the methodology developed for this case. 6. Conclusion
Following Howard, Pincus and Wing (2003), let
us introduce VLE attack surface. An adequate evaluation of all vulnerabilities and
Let us call a VLE attack surface a lot of risks of e-learning system will ensure a creation of a
(the locus) of the possible vulnerabilities of the e- model according to which a strategy of protection
learning security system. Those are data can be developed. Thus threat modeling is an
transmission channels, elements of the LMS, integral part of e-learning system planning. Paying
database, software, e-learning techniques and attention to the problem at the initial stage of
procedures, points of systems input and output, developing a secure e-learning system, we will be
able to adequately analyze the systems architecture Kultan, J. (2011). Issledovanije ispozovanija LMS Moodle v processe
obuenija. Elektronnaja Kaza 2011 : materialy tret`ej medunarodnoj
in order to detect and resolve security problems. nauno-praktieskoj konferencii (pp. 295-300). Kaza: Izdatestvo
Juniversum.
References Manadhata, P. K., & Wing, J. M. (2011). An Attack Surface Metric. IEEE
Hilse, H. (2000). Unternehmen, Universitten und "Corporate Universities": Transactions on Software Engineering, 37 (3), 371-386.
Wissen und Lernen im Wandel der Institutionen. Retrieved February 22, Manadhata, P. K., & Wing, J. M. (2004). Measuring a Systems Attack
2011 from Universitt Witten-Herdecke: http://www.uni- Surface. Retrieved March 20, 2011 from SCS Technical Report Collection:
wh.de/de/wiwi/index.htm http://reports-archive.adm.cs.cmu.edu/anon/2004/CMU-CS-04-102.pdf
Howard, M., Pincus, J., & Wing, J. M. (2003). Measuring relative attack Weippl, E. R. (2005). Security in E-Learning. Advances in Information
surfaces in Proceedings of WADIS 2003: Workshop on Advanced Security, 16, 13-75.
Developments in Software and Systems Security. Retrieved March 19, Zuev, V. I. (2010). Bezopasnost electronnogo obuchenia. Proceedings of
2011 from School of Compute Science, Carnegie Mellon: Sovershenstvovanie podgotovki IT specialistov. Moscow: Moscow state
http://www.cs.cmu.edu/~wing/publications/Howard-Wing03.pdf university of economics, statistics and informatics - MESI.
Vladimir I. Zuev
Kazan Federal University Kazan
Institute for social sciences and humanities (ISSH)
Dostoevsky Str., 10
Kazan
Russia
Email: vzuev@ksu.ru