期刊名称:International Journal of Emerging Technologies in Learning (iJET)
印刷版ISSN:1863-0383
出版年度:2019
卷号:14
期号:23
页码:251-260
DOI:10.3991/ijet.v14i23.11088
出版社:Kassel University Press
摘要:The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system..
