Abstract
The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.
Highlights
As information technology evolves, more and more researchers and organizations deploy electronic examination (e-exam) systems
The secure e-exam is implemented by several e-exam website providers [4], [5], and [6]
The attack tree model on this paper focuses on several attack goals that are considered to be harmful to the e-exam system
Summary
More and more researchers and organizations deploy electronic examination (e-exam) systems. A study about the design of the Secure Exam Management System (SEMS) was proposed by Kaiiali et al [3]. The paper provides seven main functions in securing the examination process. These are: Distribution of secure and random exam questions Turbo mode assessment iJET ‒ Vol 14, No 23, 2019. Security analysis based on the attack tree has been widely discussed in various studies, such as in [7], [8], [9], [10], and [11]. The scheme of the attack tree on an e-exam system was based on SEMS Design [3] and NIST SP 800-30 Revision 1 Document about Conducting Risk Assessments [13]. The main contribution of this paper is useful as consideration for system managers to improve the security level of their e-exam systems
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
