new requirements related to information security, with the aim to enhance the learning efficacy by adopting a secure perspective for each and every learning ...
2012 Fourth International Conference on Intelligent Networking and Collaborative Systems
Providing Security to Computer-Supported Collaborative Learning: An Overview Jorge Miguel, Santi Caballé, Josep Prieto Open University of Catalonia, Department of Computer Science, Multimedia, and Telecommunication Barcelona, Spain {jmmoneo, scaballe, jprieto}@uoc.edu
Abstract
are increasingly demanding new requirements related to information security, in order to secure the information managed and transmitted in the LMS and in particular to improve the efficacy of the overall collaborative process [2]. However, collaborative learning services are usually designed and implemented according to the needs of the collaborative learning model, without much consideration of security issues [2], [3]. To this end, the central aim of this paper is focused on providing an overview of the current developments in the domain of CSCL systems considering security as a key requirement, as well as showing the deficiencies and limitations found in these systems that greatly affects the underlying collaborative learning processes. This overview was presented briefly in a previous work [4]. The rest of the paper is organized as follows. Section 2 shows the background and contextual work involved in our study. Section 3 provides general security services and properties as well as some fundamentals of information security in CSCL. These approaches are all merged in Section 4 to propose innovative guidelines to develop secure learning management systems focusing on the support for collaborative learning. Finally, Section 5 concludes the paper highlighting the main ideas and outlining ongoing and future work.
Over the last two decades, a great variety of forms of e-Learning has been widely adopted and intensively exploited in most of educational institutions. As a result, e-Learning needs have been evolving accordingly with more and more demanding pedagogical and technological requirements. Given the added pedagogical value of group work, Computer-Supported Collaborative Learning has become one of the most influencing educational paradigms devoted to improve teaching and learning by the use of modern ICT. On the other hand, recently, there has been an increasing attention and demand of new requirements related to information security, with the aim to enhance the learning efficacy by adopting a secure perspective for each and every learning process and resource, as well as the information transmitted and shared. However, the development of CSCL systems guided by security as a key and transversal requirement has been, to the best of our knowledge, little investigated. In order to fill this gap, this paper provides firstly an overview of the current developments of CSCL systems from the security perspective. Then, the paper discusses on the problems caused in collaborative learning processes by the lack of security. Finally, the main guidelines for the design of secure CSCL systems are proposed to guide developers to incorporate security as an essential requirement into the collaborative learning process.
2. Main Concepts and Requirements In this section, an overview of existing technologies related to this study is presented: CSCL, Learning and General Security Services. This overview will serve as both related work and background for the next sections.
1. Introduction and Motivation Information and Communication Technologies (ICT) have been widely adopted and exploited in most of educational institutions in order to support eLearning and in particular collaborative learning. Moreover, Computer-Supported Collaborative Learning (CSCL) [1] has become one of the most influencing educational paradigms devoted to improve collaborative learning. Many Learning Management Systems (LMS) have appeared in the marketplace. In this context, the stakeholders in the domain of LMS, 978-0-7695-4808-1/12 $26.00 © 2012 IEEE DOI 10.1109/iNCoS.2012.60
2.1 Computer-Supported Learning
Collaborative
CSCL is one of the most influencing research paradigms dedicated to improve teaching and learning with the help of modern information and 97
and organization of courses and activities, which can then be customized to the tutor’s needs, learners’ profile and specific pedagogical goals. Representative LMS systems are Moodle 㻝 and Sakai 㻞 , which are being extensively adopted by educational organizations to help both educators create effective online learning communities, and educational institutions to highly customize the system to suit their pedagogical needs, and technological requirements. Despite the great support of LMS systems to important areas such as communication, collaboration and assessment, a very few of them are focused specifically on collaborative learning, given that they support collaboration as another learning option. Another common drawback is the lack of interoperability (e.g. Moodle is entirely written in PHP, and Sakai in Java), thus making the applications dependent from the programming language, underlying infrastructure, and so on. It is even more difficult to support collaboration and the corresponding sharing of information and resources with other e-learning platforms and systems.
communication technology [1], [5–7]. Collaborative or group learning refers to instructional methods where students are encouraged to work together on learning tasks. As an example, project-based collaborative learning proves to be a very successful method to that end [5]. Therefore, CSCL applications aim to create virtual collaborative learning environments where students, teachers, tutors, etc., are able to cooperate with each other in order to accomplish a common learning goal. To achieve this goal, CSCL applications provide support to three essential aspects of collaboration, namely coordination, collaboration and communication; with communication being the base for reaching coordination and collaboration [8]. Collaboration and communication might be synchronous or asynchronous. The former means cooperation at the same time and the shared resource will not typically have a lifespan beyond the sharing while the latter means cooperation at different times being the shared resource stored in a persistent support. The representation and analysis of group activity interaction is an important issue in CSCL for the support of coaching and evaluation in online collaborative learning environments [1]. Interaction analysis relies on information captured from the actions performed by the participants during the collaborative process. To this end, fine-grained notifications and complex information collected from the learners’ interaction are provided to give immediate feedback about others’ activities and about the collaboration in general [9].
2.3. General security services Information security in computing systems can be defined as a combination of elements or characteristics. The classic CIA triad [11] defines the three main targets of information security: Confidentiality, Integrity and Availability. In addition, [12] proposed an alternative to this model including the elements: possession or control (access control), authenticity, and utility. However, [13] explains that all general software has bugs, hence security software has bugs. This theory may lead to unreachable security approaches. “If you do not run a program, it does not matter if it has a security hole”. Obviously, we need to use software, and it is necessary to clear up this problem. Although we could take security properties defined by [12] as a first reference, the technological reality of networks and software engineering means that it is necessary to add other elements to this set of properties. Moreover, since we cannot completely ensure all of the properties and security services defined, it is necessary to offer additional facilities to make the model more efficient, such as audit service and failure control. These issues will reduce the effects and negative consequences of bugs or security vulnerabilities. Eventually, a holistic analysis of information security must be considered [14] involving different areas, such as legal aspects and privacy
2.2 Learning Management Systems (LMS) Coordination, collaboration and communication processes for learning should be supported in an integrated management system. Flate explains a LMS this way: Learning Management System is a broad term that is used for a wide range of systems that organize and provide access to online learning services for students, teachers, and administrators. These services usually include access control, provision of learning content, communication tools, and organizations of user groups [10]. Learning Management Systems (LMS) are software packages to enable the management of educational content and also integrate tools that support most of groupware needs, such as e-mail, discussion forums, chat, virtual classrooms, and so on [10]. Over the last years, a great amount of full-featured Web based LMS systems have appeared in the marketplace [10], offering designers and instructors generic, powerful user-friendly layouts for the easy and rapid creation
㻝㻌 The Moodle project is found at: http://moodle.org㻌 㻞㻌 The Sakai project is found at:
http://www.sakaiproject.org/㻌
98
committee made up of those who are closely involved. Subsequent works on e-Learning privacy are directed to specify this approach. In [20] a policy-based privacy and security management scheme for collaborative eeducation systems is applied, using the Ponder language as a policy language specification and also working on policy-based agent coordination for effective collaboration in e-Learning in order to model the management structure within collaborative eeducation systems. Furthermore, privacy could also be analyzed by presenting the basic principles behind privacy practices, legislation and investigating the more popular e-Learning standards to determine their provisions and limitations for privacy [21]. Previous contributions also review the capabilities of a number of existing privacy enhancing technologies, including methods for network privacy, policy-based privacy management, and trust systems. A different perspective of privacy property is presented in [22] aiming at collecting requirements of end-users. The results and conclusions show how security and privacy levels in elearning have to be increased in various areas. Finally, other works in e-Learning privacy have been focused in the following challenges and goals: x Propose a guarantor-mediated reputation together with a context-based identity management scheme to assess trustworthiness of the e-Learning actors without requiring specific knowledge of their identity [23]. x Take a risk-driven approach to discuss the realworld operation of a fully-featured LMS from the perspective of privacy management [24]. x Track students’ activities putting attention on privacy threats and data protection [25]. x Classify the motivation of privacy invasion within e-Learning and propose security solutions [26].
legislation, secure software development, networking and secure protocols, information security management systems, standards and methodologies, certification organizations and security testing methods and tools. Nowadays, technological solutions based on Public Key Infrastructure (PKI) models [15] are available to offer a practical implementation of services which ensure the security issues that have been described (e.g., confidentiality, integrity, etc.). This infrastructure will guard the information system against potential security vulnerabilities or possible violations of any security properties. PKI, simply defined, is an infrastructure that allows for the creation of a trusted method for providing privacy, authentication, integrity, and non-repudiation in communications between two parties. Since 1999, PKI related standards and specifications are available, especially implemented, the Internet X.509 Public Key Infrastructure (PKIX) [16] developed by the PKIX Working Group with the goal of developing Internet standards to support X.509based PKI. In this context, we can define PKI as the basis of a pervasive security infrastructure whose services are implemented and delivered using publickey concepts and techniques [17]. PKI underlying infrastructure has techniques such as digital signature, digital certificates, certification authorities, key stores, etc., which build the system architecture to create security services which will ensure all of the properties compiled in our study. Moreover, PKI infrastructure adds additional services, such as time stamping, which is essential in the development of collaborative learning activities when we need to verify the date or time of a transaction between the users of the LMS or an activity step.
3. IT Security for CSCL: and overview In this section, we first provide an overview of the available literature in e-Learning security, emphasizing collaborative learning. From this view, we then describe the main security needs for CSCL See [18] for a definition of the security terminology used.
In the case of real LMS systems and analyzing security issues, Moodle becomes the center of eLearning security research, regarding topics such as vulnerabilities, infrastructure, system configuration and security-enhanced technological applications and mechanisms [27–29]. According to digital identity service (PKI solutions in e-Learning system architectures), as more and more learners are moving to e-Learning, the concern of lost digital identity becomes a big challenge [30]. In this contribution the design for a meta-format of digital identities of e-Learning users is presented. In [31] issues involved in using PKI technologies to resolve privacy and security issues in e-Learning applications are presented briefly giving reasons for its development. Other works that consider integration
3.1. Related work on IT Security for eLearning Since 1998, privacy has been considered as an important factor in e-Learning design. Privacy issues for students in a virtual learning environment are an order of magnitude greater than those for students in a more traditional campus learning environment [19]. This paper suggests that the most effective mechanism for dealing with the privacy issues raised in the virtual learning environment should be a task force or
99
specifications, can provide the appropriate framework to effectively support authentication and authorization services, offering mutual trust to both learners and service providers using attribute-based encryption (ABE) [32] or general PKI solutions [33]. Finally, in order to specifically examine eLearning activities, virtual assignments and exams, security issues have been researched into presence verification mechanism [34], [35] and security services analysis [36], [37].
A student sends a message to a group member, and the receiver could assert, in a fraudulent way, that the message has not been received. These single actions may be combined in a more complex scenario, which could generate much more damage. Hence, in order to arrange the limitations and problems presented, security services are an essential requirement into each and every CSCL process.
3.2 IT Security needs for CSCL
In this section, the merge of CSCL, LMS and IT security needs lead to an innovative approach of Secure Collaborative Learning Management Systems (SCLMS). In order to provide guidelines for the design of SCLMS systems, we first analyze the existing support for security when developing new e-Learning systems [2], [11]. This will ultimately serve as a first step for the development of real SCLMS applications. The implementation by using widely adopted standards, such as those provided by PKI, may also benefit the collaborative learning process. Through the exploitation of SCLMS in real contexts, it is expected to greatly enhance and improve the collaborative learning experience of all participants of the collaboration.
4. Towards secure LMS to support CSCL
From the study of the research of IT security for eLearning presented, we identify specific needs of IT security in the context of CSCL, which should be supported by the LMS for the following aspects: (i) interactions between participants; (ii) material management; (iii) static, multimedia and, specially, collaborative documents; (iv) communication processes; (v) generation of results. In particular, many e-Learning security needs can influence the CSCL processes and management [4], such as: x A student falsifying course materials uploaded by the teacher to the groupware system (i.e. identity and integrity threats). x A student presenting a convincing false identity to others (i.e. spoofing attack). x Participants listening to private and unauthorized communications. x Altering the time stamp of assignments which have been submitted. x A student accessing in an unauthorized manner to other students’ personal data (e.g. administrative data or personal messages). x An external agent makes the LMS unavailable to its authorized users (i.e. denial of service) and they cannot submit an assignment when they are trying to access. x The LMS contents a virus file which is downloaded and ran at students' computers start up, to cause malicious effects in the personal computer or in the LMS integrity, sending an external agent credentials data.
4.1 Developing secure e-Learning systems In [2] the author proposes several guidelines for designing and developing secure e-learning systems with special emphasis on organizational and management issues. To this end, the ISO-17799 international security standard is considered, which establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in organizations [12]. Moreover, the author proposes a model where identifies the most important steps of a risk analysis [13], as follows: (i) identification of assets; (ii) estimation or calculation of threats and risks; (iii) setting priorities; (iv) implementation of controls and countermeasures; (v) monitoring of risks and of the effectiveness of counter measures. This view is closely related to other approaches which focus on the security in Information Security Management Systems (ISMS) [14], providing a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an ISMS. These management solutions may complete the risk analysis model proposed. However, the above approach has two main limitations when designing secure scenarios for eLearning. First, although a model for security risk analysis is defined and some security guards are
Further issues are found specifically in CSCL processes: x A user is able to delete, modify or make unavailable a collaborative document in an unauthorized manner, (e.g. a wiki page). x A student submits a post to a discussion forum, and the student could claim that he did not submit the post.
100
proposed (e.g. PGP or role-based access control), the author does not actually conduct a complete analysis and related design processes. Therefore, this model does not provide a systematic methodology for the domain of e-Learning security design. Second limitation is related to security user’s requirements proposed. The specification of security requirements include, for instance, to protect authors' e-Learning contents from copyright infringements as well as teachers' protection from students who may undermine their evaluation system by cheating, and finally students' protection from being too closely monitored by their teachers when using the software. Although this specification may be useful in requirement analysis initial phases, it could hide real needs, such as monitoring actions protection by teachers. All the above implies the need for a more holistic approach to identify and analyze security requirements in eLearning. In [11] the author focuses on investigating eLearning from interdisciplinary perspectives to develop a security concept that provides a sufficient level of security without negatively influencing the learning process. For this purpose, the following research methodology is followed: (i) Identification of eLearning criteria [16]; (ii) Threat analysis and demonstration of case studies [15]; (iii) Development of recommendations. Once the identification criteria is defined, the author introduces a new measure for the computation of a security rating for an e-Learning system, such that the security concept of the system can be summarized to this single value [17]. This measure only considers the security concept, not the actual implementation quality. Results of this measure, therefore, only regards the theoretical security not the practical one. In addition to recommendations given for implementing an e-Learning system with an appropriate security level, [19] suggests a proxy server solution which acts as a security agent that overtakes security critical activities from learners without distracting them from the actual learning process [11], [16]. However, the proxy must have access to the private key of the user, therefore user's private key will be stored into two different places: saved into the server file system and, for instance, embedded into user's cryptographic smart cards. If this server had a security fail, the digital identity of all users could be faked, even the server itself may be supplanted by a external agent (e.g. man in the middle attack). As for the LMS security performance, only two projects have been examined in the literature: Moodle and the ILIAS project (http://www.ilias.de/), which are not representative of all available LMS, hence other analysis approaches may be applied to specific learning models. Finally, the optimal compromise between
security improvements and acceptable learning process distractions has not been empirically investigated, this lack for practical systems is detailed in [19] according to privacy and confidentiality security services. In general and besides above mentioned lacks, references considered in this section are mainly focused on e-Learning paradigms and do not describe collaborative learning security aspects. Next section fills this gap.
4.2 Developing SCLMS: a first approach A general review of the e-Learning security literature was presented in the previous section. A common limitation when moving from the e-Learning to CSCL settings is that collaborative learning is seen as another feature of the LMS and the security requirements do not consider specific requirements for CSCL. For instance, identification of e-Learning criteria is discussed in detail in [16] from the disciplines of educational science, software engineering, and information security. For each discipline, specific requirements are defined and CSCL is only included as an educational aspect (social support by co-operation and communication). The main conclusion is that CSCL design needs a revision in order to support specific security issues. In this section we propose a new formulation called Secure Collaborative Learning Management Systems (SCLMS) based on the following criteria: x To discover and identify each scenario in which collaborative learning is performed: participants, roles, tasks, steps, etc. x To identify and describe the interactions and communications processes generated in the LMS. x To analyze how collaborative learning activities in LMS are developed. x To analyze the relation between the security issues presented in this paper and processes developed in collaborative learning systems. x To define security needs to specific CSCL criteria. x To measure the security level needed for each properties and activities. x PKI security technologies must be put in place to meet these needs providing specific solutions for each requirement found. x And finally, a risk or threat analysis must be performed in order to identify vulnerabilities which have not been included as a PKI solution. Furthermore, all of these recommendations must be applied obeying the principle of not to disturb collaborative learning activities. It is also important to note that this design approach is conducted on how
101
collaborative activities should be designed. Consequently general methodologies presented in this paper must be inspected according to SCLMS needs and specific processes. Therefore, this revision should consider essential design factors, such as interactivity, working groups, collaborative outcomes and specific risks and threats in CSCL. We describe them next.
arranged in work groups. Extensively adopted LMS systems, such as Moodle and Sakai, may support the relation between working groups and participants interaction, but they do not ensure any security property. Following the same PKI solution presented above, participants could sign each post in the forum in order to manage trustworthy messages. In addition, these contents could be encoded if privacy is needed. Again, however, these PKI techniques require complex and restrictive user tasks. A further mechanism is to audit [18] these interactions.
4.2.1 Interaction level SCLMS may demand a great amount of communication processes by means of different types of interactions. Each type of interaction forming the eventual communication process will require a different security analysis, design and implementation. For instance, the digital signature technique may be useful and suitable in a conventional e-mail service integrated into a LMS, although the user has to do a little effort, the process will be trustworthy. However, in order to apply this technique massively when the main activity of the user is related to communication processes and interaction with other group members, then, it is necessary to assess how to apply the PKI service and in which type of iterations. In addition, the general concept of trustworthy in collaborative learning interactions may be deployed ensuring several properties (privacy, identity, integrity or non-repudiation) and if the participant always needs all the properties for each interaction types, the LMS could became uncontrollable and inefficient. For instance, in mobile interactions, following the above example, signing a document using a mobile device will even be a more difficult experience to the end user. In fact, it could become increasingly difficult or unrealizable. For instance, it is not possible to sign an e-mail using a certificate stored into a smart card.
4.2.3 Collaborative results An individual student is able to perform many tasks in an office software suite and it is easy to apply digital signature functions to this kind of electronic documents given that they are static content in a local environment. On the other hand, when knowledge is produced collaboratively, this support must be enhanced with collaborative contents management systems (e.g. wiki documents). However, effectively ensuring each change made into a collaborative document may be unfeasible. Therefore, SCLMS designers should find a balanced solution between risks, participant needs and security enhancement. The main lack of the previous approach is for critical activities in which version management, history of changes or authorship in each collaborative document edition are sensible and must reach security properties. In this case identity and integrity solutions should be applied in each edition although it could break the principle of not to disturb learning activities. Furthermore, it is important to notice that in this proposal the group “is signing” a collaborative result and in PKI solutions the signature function is related to digital certificates which usually are used to verify that a public key belongs to an individual, not a group. Therefore, the SCLMS must provide a new certificate profile associate to, for instance, a group of students. Another solution could be to devolve critical group tasks in one of the members, but it will introduce a different kind of risks related to reliance issues.
4.2.2 Work groups. When the knowledge is produced and transmitted collaboratively, the learning framework is usually managed by defining work groups. A work group in a LMS should be considered as any other entity, which belongs to the information system. Then, identity and authorization rules must be considered and defined for the new entity: the group. These rules must be arranged meeting identity or privacy requirements, and also another complex scenario, which is interactions between groups, where members of different groups modify simultaneously shareable material or external group agents (e.g. coordinators, tutors, etc) involved in collaborative processes. Interactions and working groups are closely related to each other and members of defined groups will perform collaborative processes based on iterations
4.2.4 Specific risks and threats. Proper technological risks involved in SCLMS may be summarized in the next three factors: (i) availability needs; (ii) external tools and (iii) concurrency level. Since interactions developed in CSCL are the main critical service needed, LMS availability is crucial in collaborative scenarios. If this system becomes unavailable, the institutional damage will be higher than in other models. Therefore, although availability service is considered evident in many LMS, in SCLMS
102
it may be valued as a critical threat, and all potentials attacks must be analyzed, measured and prevented. If prevention is not possible, failure control mechanisms should be ready to run a cloned service. As for external tools, in a CSCL framework it is easy to find many situations in which students and / or teachers take the decision to use external and noninstitutional tools in order to support their learning activities. It could be justified because generic institutional LMS do not support specific collaborative activities and there are also a large variety of free services available that could be used by non-expert users. These external tools could reach themselves all the security needs required, but combined or in particular uses it can generate new threats which would never occur in the institutional LMS and in the external tool independently. In other words, LMS meets privacy requirements and the external cloud storage too, but the privacy in data transmission process may be violated. Therefore, this specific risk must be taken into account if the institutions allow for the use of external tools and, not only analyzing both environments independently. Finally, SCLMS systems support scenarios with several concurrent processes locking the access to a shared resource. The grade of concurrency could forward integrity and availability.
Acknowledgements This work has been supported by the European Commission under the Collaborative Project ALICE ”Adaptive Learning via Intuitive/Interactive, Collaborative and Emotional System”, VII Framework Programme, Theme ICT-2009.4.2 (TechnologyEnhanced Learning), Grant Agreement n. 257639. This work was partly funded by the Spanish Government through projects TSI2007-65406-C03-03 “E-AEGIS”, TIN2011-27076-C0302 “CO-PRIVACY” and CONSOLIDER INGENIO 2010 CSD20070004 “ARES”.
6. REFERENCES [1] 㼀. Koschmann, “Paradigm Shifts and Instructional Technology,” in CSCL: Theory and Practice of an Emerging Paradigm, T. Koschmann, Ed. Mahwah, New Jersey: Lawrence Erlbaum Associates, 1996, pp. 1–23. [2] E. R. Weippl, Security in e-learning. New York, NY: Springer, 2005. [3] C. J. Eibl, “Risk Analysis towards Secure E-Learning,” presented at the LYICT 2008, Kuala Lumpur, Malaysia, 2008. [4] J. Miguel, S. Caballé, and J. Prieto, “Security in Learning Management Systems: Designing collaborative learning activities in secure information systems,” eLearning Papers. European Comission: elearningeuropa.info, 2012. [5] P. Dillenbourg, “What do yuo mean by collaborative leraning?,” in Collaborative-learning: Cognitive and Computational Approaches, P. Dillenbourg, Ed. Oxford, UK: Elsevier Science, 1999, pp. 1–19. [6] Y. Dimitriadis, J. I. Asensio Pérez, J., et al, “Hacia un Sistema de Componentes Software para el Dominio del Aprendizaje Colaborativo Apoyado por Ordenador (CSCL),” in proceedings of the Simposio de Informática y Telecomunicaciones, SIT’02, Sevilla, Spain, 2002. [7] G. Stahl, “Contributions to a theoretical framework for CSCL,” in Proceedings of the Conference on Computer Support for Collaborative Learning: Foundations for a CSCL Community, 2002, pp. 62–71. [8] S. Caballé, “Combining Generic Programming and Service-Oriented Architectures for the Effective and Timely Development of Complex e-Learning Systems,” Barcelona, Spain, 2008, pp. 94–100. [9] J. Zumbach, A. Hillers, and P. Reimann, “Supporting Distributed Problem-Based Learning: The Use of Feedback Mechanisms in Outline Learning,” in Online collaborative learning : theory and practice, Ed. Hershey Pa.: Information Science Pub., 2004. [10] S. Caballé and J. Feldman, “CoLPE: Communities of Learning Practice Environment,” in Proceedings of the Directions and Implications of Advanced Computing, Berkeley, CA, USA, 2008. [11] S. Harris, All-In-One CISSP Certification Exam Guide.
5. Conclusions and Further Work This paper shows a first approach for designing secure LMS systems, which central educational purpose is the provision and support of CSCL processes and activities, while security is the main and transversal requirement guiding the whole design process. To this end, we fist provide background work in the context of LMS systems, CSCL, and main security services, such as PKI. Then, we provide general security services and needs for e-Learning and specifically for CSCL. These approaches are finally merged to propose the main guidelines to design and develop Secure Collaborative Learning Management Systems (SCLMS) that focus on the specific support for CSCL with security as a guiding requirement to conduct the whole design process. Through the exploitation of SCLMS in real contexts, it is expected to enhance and improve the CSCL experience of all participants of the collaboration. As a further work, it is planned to refine our security model and build a first architecture for SCLMS systems with the proposed security services integrated and test this architecture to support the CSCL processes occurring in our real context of learning of the Open University of Catalonia.
103
New York: McGraw-Hill Osborne Media, 2002. [12] D. Parker, “Toward a New Framework for Information Security,” in The Computer Security Handbook, 4th ed., New York: John Wiley & Sons, Inc., 2002. [13] W. R. Cheswick, S. M. Bellovin, and A. D. Rubin, Firewalls and Internet security : repelling the wily hacker. Boston: Addison-Wesley, 2003. [14] L. McLaughlin, “Interview: Holistic Security,” Security Privacy, IEEE, vol. 3, no. 3, pp. 6 – 8, Jun. 2005. [15] K. Raina, PKI security solutions for the Enterprise : solving HIPAA, E-Paper Act, and other compliance issues. Indianapolis, Ind: Wiley Pub., 2003. [16] PKIX Working Group, “Public-key infrastructure (X.509) (pkix),” 2004. [Online]. Available: http://www.ietf.org/html.charters/pkix-charter.html. [17] C. Adams and S. Lloyd, Understanding PKI concepts, standards, and deployment considerations, 2nd ed. Addison Wesley, 2003. [18] R. Shirey, “RFC 4949: Internet Security Glossary, Version 2,” 2007. [Online]. Available: http://tools.ietf.org/html/rfc4949. [19] S. K. Ferencz and C. W. Goldsmith, “Privacy issues in a virtual learning environment,” in Cause/Effect, A practitioner’s journal about managing and using information resources on college and university campuses, vol. 21, Educause, 1998, pp. 5–11. [20] C. Yang, F. O. Lin, and H. Lin, “Policy-based Privacy and Security Management for Collaborative E-education Systems,” Cancun, Mexico, 2002, pp. 501–505. [21] K. El-Khatib, L. Korba, Y. Xu, and G. Yee, “Privacy and Security in E-Learning,” International Journal of Distance Education, vol. 1, no. 4, pp. 174–190, 2003. [22] T. Klobučar, M. Jenabi, A. Kaibel, and A. Karapidis, “Security and Privacy Issues in Technology- Enhanced Learning,” Knowledge Creation Diffusion Utilization, pp. 1233–1240, 2007. [23] M. Anwar and J. Greer, “Reputation Management in Privacy-Enhanced E-learning,” Montreal, Canada, 2006. [24] W. Hommel, “Security and Privacy Management䈊 for Learning Management Systems,” in Learning management system technologies and software solutions for online teaching : tools and applications, Hershey, PA: Information Science Reference, 2010, pp. 37–57. [25] M. Madeth and G. Sébastien, “Privacy Concerns in Elearning: Is Using Tracking System a Threat?,” International Journal of Information and Education Technology (IJIET), vol. 1, no. 1, pp. 1–8, 2011. [26] J. Pei, “How to Solve the Security and Privacy Problems within E-learning,” presented at the ITME 2011 3rd International Symposium on IT in Medicine and Education., Guangzhou, China, 2011, pp. 66–69. [27] J. C. G. Hernández and M. A. L. Chávez, “Moodle
[28]
[29]
[30]
[31]
[32]
[33]
[34]
[35]
[36]
[37]
104
Security Vulnerabilities,” presented at the 2008 5th International Conference on Electrical Engineering, Computing Science and Automatic Control (CCE 2008), Mexico City, Mexico, 2008, pp. 352–357. J. Diaz, D. Arroyo, and F. B. Rodriguez, “An Approach for Adapting Moodle into a Secure Infrastructure,” presented at the 4th International Conference on Computational Intelligence in Security for Information Systems CISIS 2011, Torremolinos, Málaga, Spain, 2011, pp. 214–221. S. Kumar and K. Dutta, “Investigation on security in lms moodle,” International Journal of Information Technology and Knowledge Management, vol. 4, no. 1, pp. 233–238, 2011. J. Yong, “Digital Identity Design and Privacy Preservation for e-Learning,” presented at the 2007 11th International Conference on Computer Supported Cooperative Work in Design, Melbourne, Australia, 2007, pp. 858–863. B. Gelbord, “On the Use of PKI Technologies For Secure and Private e-learning Environments,” in proceedings of the 4th international conference on Computer systems and technologies: e-Learning, Sofia, Bulgaria, 2003, pp. 568–572. G. Kambourakis, D.-P. N. Kontoni, A. Rouskas, and S. Gritzalis, “A PKI approach for deploying modern secure distributed e-learning and m-learning environments,” Computers & Education, vol. 48, no. 1, pp. 1–16, 2007. G. Kambourakis, D. P. N. Kontoni, and I. Sapounas, “Introducing Attribute Certificates to Secure Distributed E-Learning or M-Learning Services,” presented at the IASTED International Conference on Web-based Education, Innsbruck, Australia, 2004, pp. 436–440. K. M. Apampa, G. Wills, and D. Argles, “An Approach to Presence Verification in Summative E-Assessment Security,” presented at the 2010 International Conference on Information Society (i-Society 2010), London, UK, 2010, pp. 449–454. K. M. Apampa, “Presence verification for summative eassessments,” University of Southampton, Southampton, England, 2010. J. Castella-Roca, J. Herrera-Joancomarti, and A. DorcaJosa, “A secure e-exam management system,” presented at the First International Conference on Availability, Reliability and Security (ARES’06), Vienna, Austria, 2006, pp. 864–871. A. Sabic and J. Azemovic, “Model of efficient Assessment System with accent on Privacy, Security and Integration with E-University Components,” presented at the 2010 2nd International Conference on Education Technology and Computer (ICETC), Shanghai, China, 2010, vol. 3, pp. 128–131.
