Securing Electronic Exam Environments
Download
Date
Authors
Type
Examensarbete för masterexamen
Master's Thesis
Master's Thesis
Model builders
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Electronic exams have gained widespread popularity due to their convenience and advantages, particularly in courses involving writing or programming assessments. However, along with their benefits, electronic exams also pose the risk of facilitating cheating, especially when examinees are allowed to use their own devices. To ensure that in-hall bring-your-own-device (BYOD) electronic exams are as secure as their traditional paper-based counterparts, significant measures must be taken to secure the exam environment. This study focuses on two types of e-exam environments: software-based and OS-based. The thesis presents a comprehensive threat modeling process using the Quantitative
Threat Modeling Method (QTMM) to identify various cheating-related threats. Based on these findings, the research proposes eight new design principles to guide
developers in creating robust and secure e-exam environments as part of their design strategy. These principles are then evaluated through a case study conducted on a popular e-exam environment, Safe Exam Browser (SEB). The case study reveals several vulnerabilities and successful attacks, highlighting that six out of the eight proposed design principles were not adhered to. To address this problem, the thesis presents a novel design proposal for Safe Exam Browser that aligns with the suggested design principles. Implementation of this proposal would effectively address many of the preventable threats, including a significant design flaw. Lastly, the thesis explores how well both software-based and OS-based e-exam environments can mitigate threats by following these design principles. By emphasizing the importance of robust security measures in e-exam environments and providing practical recommendations, this research contributes to the ongoing efforts to enhance the integrity of electronic examinations.
Description
Keywords
Security, threat modeling, electronic exams, vulnerabilities, design principles