An Attack-Defense Tree on e-Exam System
DOI:
https://doi.org/10.3991/ijet.v14i23.11088Keywords:
e-exam, attack-defense tree, penetration testingAbstract
The electronic-examination (e-exam) system is not only transforming the paper-based examination to the electronic-based examination. The e-exam system has a big security challenge that must be resolved to guarantee the trust of its users. This paper aims at analyzing security challenges of an e-exam system and proposing a solution using Attack and Defense Tree methods. The attack tree scheme was defined by risk assessment methods. The attack tree was evaluated by penetration test experiments against a server running the e-exam application. A proposed defense tree scheme against the identified attack tree was presented as the main contribution of this research. This contribution can be used as a guideline to plan similar e-exam systems and can be served as a starting point for future research towards a comprehensive attack-defense tree of the secure e-exam system.
Downloads
Published
2019-12-06
How to Cite
Rosmansyah, Y., Ritonga, M. H., & Hardi, A. B. (2019). An Attack-Defense Tree on e-Exam System. International Journal of Emerging Technologies in Learning (iJET), 14(23), pp. 251–260. https://doi.org/10.3991/ijet.v14i23.11088
Issue
Section
Short Papers