An Attack-Defense Tree on e-Exam System

Yusep Rosmansyah, Mora Hertanto Ritonga, Ariq Bani Hardi


The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.


e-exam; attack-defense tree; penetration testing

Full Text:


Copyright (c) 2019 Yusep Rosmansyah, Mora Hertanto Ritonga, Ariq Bani Hardi

International Journal of Emerging Technologies in Learning (iJET) – eISSN: 1863-0383
Creative Commons License
Scopus logo Clarivate Analyatics ESCI logo EI Compendex logo IET Inspec logo DOAJ logo DBLP logo Learntechlib logo EBSCO logo Ulrich's logo Google Scholar logo MAS logo