Securing Electronic Exam Environments
Examensarbete för masterexamen
Computer science – algorithms, languages and logic (MPALG), MSc
Electronic exams have gained widespread popularity due to their convenience and advantages, particularly in courses involving writing or programming assessments. However, along with their benefits, electronic exams also pose the risk of facilitating cheating, especially when examinees are allowed to use their own devices. To ensure that in-hall bring-your-own-device (BYOD) electronic exams are as secure as their traditional paper-based counterparts, significant measures must be taken to secure the exam environment. This study focuses on two types of e-exam environments: software-based and OS-based. The thesis presents a comprehensive threat modeling process using the Quantitative Threat Modeling Method (QTMM) to identify various cheating-related threats. Based on these findings, the research proposes eight new design principles to guide developers in creating robust and secure e-exam environments as part of their design strategy. These principles are then evaluated through a case study conducted on a popular e-exam environment, Safe Exam Browser (SEB). The case study reveals several vulnerabilities and successful attacks, highlighting that six out of the eight proposed design principles were not adhered to. To address this problem, the thesis presents a novel design proposal for Safe Exam Browser that aligns with the suggested design principles. Implementation of this proposal would effectively address many of the preventable threats, including a significant design flaw. Lastly, the thesis explores how well both software-based and OS-based e-exam environments can mitigate threats by following these design principles. By emphasizing the importance of robust security measures in e-exam environments and providing practical recommendations, this research contributes to the ongoing efforts to enhance the integrity of electronic examinations.
Security , threat modeling , electronic exams , vulnerabilities , design principles