CYBERSECURITY ASPECTS OF E-LEARNING PLATFORMS

Артем Григорович Тецький, Ольга Ігорівна Морозова

Abstract


The subject of study in the article is the platforms used to organize the educational process in the context of distance learning. The following platforms are selected: learning content management systems (open source systems and individual development), Google Classroom service, e-mail, and cloud data storage. The objects of the educational process for which the security state must be provided are shown. Such assets are files (lectures, tasks for laboratory work), a bank of questions (a total set of questions from which tests are created to control knowledge), and grades (for laboratory work and modular control of knowledge). The goal of the work is a comparative analysis of distance learning platforms in the aspect of cybersecurity. The main threats are a violation of the availability and confidentiality of data in the educational process. It is also possible to modify marks due to the exploitation vulnerabilities of the system or gaining access to the functions of the learning content management system administrator. The probability of data being compromised is higher than the probability of modification, as evidenced by information from vulnerability databases about numerous vulnerabilities in learning content management systems. An accessibility violation is a result of a denial of service, that is, the resource on which the necessary files are located becomes inaccessible to users. The method of expert evaluation with variables of fuzzy logic is used. As a result of the analysis, it was revealed that the most flexible and convenient platform is the learning content management system of individual development, at the same time it is the most unsecure among the platforms considered. An open-source learning content management system is a more secure platform due to the presence of a global community that can identify security problems faster than attackers. Using Google Classroom and using email with cloud storage is safer, but these approaches are inferior in usability and functionality. Conclusions. Choosing a distance-learning platform is about finding a compromise between security and convenience in the form of a wide functionality of the system. When deploying a centralized learning content management system, it is important to remember that this system is an object of critical information infrastructure, and the requirements for critical systems must be met for it.

Keywords


distance learning; learning content management systems; cybersecurity; critical information infrastructure

References


Sejzi, A. A., Arisa, B. Learning Management System (LMS) and Learning Content Management System (LCMS) at Virtual University. Proc. 2nd International Seminar on Quality and Affordable Education, 2018, pp. 216-220.

Iftakhar, S. Google classroom: what works and how. Journal of Education and Social Sciences, 2016, vol. 3, no. 1, pp. 12-18.

Digital Education: The cyberrisks of the online classroom. Available at: https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2020/09/04113558/education_report_04092020_2.pdf (accessed 11.10.2020).

Barhoom, T. S., Azaiza, R. J. Enhance MOODLE security against XSS vulnerabilities. International Journal of Computing and Digital Systems, 2016, vol. 5, no. 5, pp. 421-430.

Craigen, D. Diakun-Thibault, N., Purse, R. Defining cybersecurity. Technology Innovation Management Review, 2014, vol. 4, no. 10. Available at: https://timreview.ca/article/835 (accessed 11.10.2020).

Mirkovic, J., Dietrich, S., Dittrich, D., Reiher, P. Internet denial of service: attack and defense mechanisms (Radia Perlman Computer Networking and Security). Prentice Hall, 2004. 400 p.

Hofstede, R., Jonker, M., Sperotto, A., Pras, A. Flow-based web application brute-force attack and compromise detection. Journal of network and systems management, 2017, vol. 25, no. 4, pp. 735-758.

Tetskiy, A. G. Primenenie derev'ev atak dlya otsenivaniya veroyatnosti uspeshnnoi ataki web-prilozheniya [Applying of attack trees for estimation the probability of a successful attack of the web-application]. Radioelektronni i komp'uterni sistemi – Radioelectronic and computer systems, 2018, no. 3 (87), pp. 74-79. DOI: 10.32620/reks.2018.3.08.

Learning Management System Usage Distribution on the Entire Internet. Available at: https://trends.builtwith.com/cms/learning-management-system/traffic/Entire-Internet (accessed 11.10.2020).

Klassifikatsiya kritichnosti informatsionnyh sistem [Criticality classification of information systems]. Available at: https://habr.com/ru/post/512556/ (accessed 11.10.2020).

Web Application Security Assessment. Available at: https://www.whitehatsec.com/glossary/content/web-application-security-assessment (accessed 11.10.2020).

National Vulnerability Database. Available at: https://nvd.nist.gov/ (accessed 11.10.2020).




DOI: https://doi.org/10.32620/reks.2020.4.08

Refbacks

  • There are currently no refbacks.