An Attack-Defense Tree on e-Exam System

Yusep Rosmansyah, Mora Hertanto Ritonga, Ariq Bani Hardi

Abstract


The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.

Keywords


e-exam; attack-defense tree; penetration testing

Full Text:

PDF


Copyright (c) 2019 Yusep Rosmansyah, Mora Hertanto Ritonga, Ariq Bani Hardi


International Journal of Emerging Technologies in Learning (iJET) – eISSN: 1863-0383
Creative Commons License
Indexing:
Scopus logo Clarivate Analyatics ESCI logo EI Compendex logo IET Inspec logo DOAJ logo DBLP logo Learntechlib logo EBSCO logo Ulrich's logo Google Scholar logo MAS logo