Wyzwania bezpieczeństwa nowoczesnych platform nauczania zdalnego - Publication - Bridge of Knowledge

Your account

login

Search

Wyzwania bezpieczeństwa nowoczesnych platform nauczania zdalnego

Abstract

W artykule zaprezentowano aspekty bezpieczeństwa nowoczesnych platform nauczania zdalnego. Przedstawiono ich charakterystykę i wyzwania technologiczne. Zdefiniowano bezpieczeństwo i istniejące w tym obszarze zagrożenia. Przybliżono metody oceny poziomu bezpieczeństwa. Na bazie wdrożonej na Politechnice Gdańskiej platformy eNauczanie PG omówiono sposoby zapewniania zakładanego poziomu bezpieczeństwa takich systemów.

Author (1)

Cite as

Full text

download paper
downloaded 161 times
Publication version
Accepted or Published Version
License
Creative Commons: CC-BY-SA open in new tab

Keywords

Details

Category:
Articles
Type:
artykuły w czasopismach recenzowanych i innych wydawnictwach ciągłych
Published in:
EduAkcja. Magazyn Edukacji Elektronicznej pages 80 - 89,
ISSN:
Publication year:
2015
Bibliographic description:
Lubomski P.: Wyzwania bezpieczeństwa nowoczesnych platform nauczania zdalnego// EduAkcja. Magazyn Edukacji Elektronicznej. -., nr. 1(9) (2015), s.80-89
Bibliography: test
  1. Anisetti, M., Ardagna, C. A., Damiani, E., Saonara, F. (2013). A test-based security certification scheme for web servi- ces. ACM Transactions on the Web, 7, 2, 1-41. open in new tab
  2. Benantar, M. (2006). Access Control Systems. Security, Identity Management and Trust Models. Springer-Verlag US. open in new tab
  3. Cisco WebEx (2015). Pobrano 25 lutego 2015 z: http://www.webex.com
  4. Clinch, J. (2009). ITIL v3 and information security. White Paper, 1-40.
  5. Common Vulnerability Scoring System Version 2 Calculator. (2014). National Institute of Standards and Technology. Pobrano z: https://nvd.nist.gov/cvss.cfm?calculator&version=2 open in new tab
  6. CVE Community,Common Vulnerabilities and Exposures. (2015). The MITRE Corporation. Pobrano 25 lutego 2015 z: http://cve.mitre.org
  7. CWE Community,Common Weakness Enumeration. (2015). The MITRE Corporation, Pobrano 25 lutego 2015 z: Paweł Lubomski, Wyzwania bezpieczeństwa nowoczesnych platform nauczania zdalnego EduAkcja. Magazyn edukacji elektronicznej, nr 1 (9)/2015 , str. 88
  8. Damián-Reyes, P., Favela, J., Contreras-Castillo, J. (2009). Uncertainty Management in Context-Aware Applications: Increasing Usability and User Trust. Wireless Personal Communications, 56, 1,. 37-53. open in new tab
  9. De Capitani Di Vimercati, S., Foresti, S. Jajodia, S., Paraboschi, S., Psaila, G., Samarati, P. (2012). Integrating trust management and access control in data-intensive Web applications. ACM Transactions on the Web, 6, 2, 1-43. open in new tab
  10. Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K. (2004). Using trust and risk in role-based access control policies. Proceedings of the ninth ACM symposium on Access control models and technologies -SACMAT '04, 156. open in new tab
  11. Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal of Information Security, 4, 2, 92-100. open in new tab
  12. eNauczanie PG. (2015). Pobrano 25 lutego 2015 z: http://enauczanie.pg.gda.pl open in new tab
  13. Erl, T. (2007). SOA Principles of Service Design. SOA Systems Inc.
  14. Goth, G. (2008). Single Sign-on and Social Networks. IEEE Distributed Systems Online, 9 (12), 1-1 . open in new tab
  15. Hansen, F., Oleshchuk, V. (2003). SRBAC: A spatial role-based access control model for mobile systems. Proceedings of the 7th Nordic Workshop on Secure IT Systems (NORDSEC'03), 129-141. open in new tab
  16. Hauser, J. R., Katz, G. M. (1998). Metrics: you are what you measure! European Management Journal, 4, 517-528. open in new tab
  17. Hinson, G. (2006). Seven myths about information security metrics. ISSA Journal, Pobrano 25 lutego 2015 z: http:// www.noticebored.com/IsecT_paper_on_7_myths_of_infosec_metrics.pdf
  18. Kirkpatrick, M. S., Bertino, E. (2010). Enforcing spatial constraints for mobile RBAC systems. SACMAT '10 Proce- edings of the 15th ACM symposium on Access control models and technologies, 99-108. open in new tab
  19. Krawczyk, H, Lubomski, P. (2010). Generalized access control in hierarchical computer network. Zeszyty naukowe Wydziału Elektroniki, Telekomunikacji i Informatyki Politechniki Gdańskiej, 18, 217-222. open in new tab
  20. Krawczyk, H., Lubomski P. (2010).Pączkowanie -metoda rozwoju interoperacyjnych komponentów dla systemów rozproszonych. Inżynieria oprogramowania w procesach integracji systemów informatycznych, 8, 241-248. open in new tab
  21. Leavitt, N. (2011). Mobile Security: Finally a Serious Problem? Computer, 44, 6, 11-14. open in new tab
  22. Liu, Y., Hoang, D. B. (1994). OSI RPC model and protocol. Computer Communications, 17, 1, 53-66.
  23. Lubomski, P., Żuchowski, I. (2014). Techniczne aspekty implementacji nowoczesnej platformy e-learningowej. Zeszyty Naukowe Wydziału Elektrotechniki i Automatyki Politechniki Gdańskiej, 37, 41-44.
  24. Lund, M. S., Solhaug, B., Stølen, K. (2010). Evolution in Relation to Risk and Trust Management. Computer, 43, 5, 49-55. open in new tab
  25. Mather, T., Kumaraswamy, S., Latif, S. (2009). Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance. O'Reilly.
  26. Mell, P., Kent, K. A., Romanosky, S. (2007). The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. US Department of Commerce, National Institute of Standards and Technology. open in new tab
  27. Mell, P., Scarfone, K., Romanosky, S. (2006). Common Vulnerability Scoring System, IEEE Security and Privacy Ma- gazine, 4, 6, 85-89. open in new tab
  28. Mell, P., Scarfone, K., Romanosky, S. (2015). A Complete Guide to the Common Vulnerability Scoring System Version 2.0, " FIRST.org, Inc. Pobrano 25 lutego 2015 z: http://www.first.org/cvss/cvss-guide open in new tab
  29. Microsoft Security Response Center Security Bulletin Severity Rating System (2002). Microsoft Developer Network, Pobrano 25 lutego 2015 z: http://msdn.microsoft.com/en-us/library/bb720758.aspx open in new tab
  30. Miller, C. (2011). Mobile Attacks and Defense. IEEE Security & Privacy Magazine, 9, 4, 68-70. open in new tab
  31. moodle. (2015). Pobrano 25 lutego 2015 z: https://moodle.org 32. National Vulnerability Database Version 2.2. (2015). National Institute of Standards and Technology. Pobrano 25 lu- tego 2015 z: https://nvd.nist.gov open in new tab
  32. NVD Common Vulnerability Scoring System Support v2. (2007). National Institute of Standards and Technology. Pobrano 25 lutego 2015 z: http://nvd.nist.gov/cvss.cfm open in new tab
  33. Open Sourced Vulnerability Database. (2015). Open Sourced Vulnerability Database (OSVDB). Pobrano 25 lutego 2015 z: http://osvdb.org open in new tab
  34. OWASP community. The Open Web Application Security Project (OWASP). (2015). Pobrano 25 lutego 2015 z: https:// www.owasp.org
  35. OWASP Top Ten Project. (2015). Pobrano 25 lutego 2015 z: https://www.owasp.org/index.php/Category:OWASP_ Top_Ten_Project open in new tab
  36. Payne, S. C. (2006). A Guide to Security Metrics. SANS Security Essentials GSEC Practical Assignment, Pobrano 25 lutego 2015 z: https://www.sans.org/reading-room/whitepapers/auditing/guide-security-metrics-55. open in new tab
  37. Politechnika Gdańska, Moja PG. (2015). Pobrano 25 lutego 2015 z: https://moja.pg.gda.pl open in new tab
  38. SecurityFocus Vulnerability Database and BugTraq mail list. (2015). SecurityFocus. Pobrano 25 lutego 2015 z: http:// www.securityfocus.com/vulnerabilities. open in new tab
  39. Software Engineering Institute, US-CERT Vulnerability Notes. (2015). Carnegie Mellon University. Pobrano 25 lutego 2015 z :https://www.kb.cert.org/vuls open in new tab
  40. The WASC Threat Classification v2.0. (2015) The Web Application Security Consortium (WASC). Pobrano 25 lutego 2015 z: http://projects.webappsec.org/w/page/13246978/Threat Classification open in new tab
  41. Thorne, K. (2003). Blended Learning: How to Integrate Online & Traditional Learning, Kogan Page.
  42. US-CERT Vulnerability Metric (2015). National Institute of Standards and Technology. Pobrano 25 lutego 2015 z: www.kb.cert.org/vuls/html/fieldhelp#metric open in new tab
  43. Zaption (2015).Pobrano 25 lutego 2015 z: http://www.zaption.com Security Challenges Of Modern E-Learning Platforms Summary Keywords: e-learning, security, interoperability, security audit, risk analysis, reliability, performance Modern e-learning platforms are widely accessible at any time, from every place on the Earth. They use complex technology and are connected to many other systems. We can notice continuous growth and dynamic changes of such systems. On the other hand data processed by these systems are valuable and need to be protected. It is a big challenge to provide appropriate level of security and safety of such systems. The platforms being under considera- tion are mainly internet systems. Very often they combine many services developed in various technologies. They are exposed to threats similar to other internet systems. In the area of security the threats derive from errors in the implementation of authentication, authorization and session management. Oftentimes, weaknesses are the result of insufficient input validation. There is also a matter of ensuring service performance and availability at the intended level. To measure the level of security of the system, security audits are used. Each vulnerability detected by the audit should be analyzed in terms of the potential risk. Performance of the system is checked during performance tests. It is worth to notice, that it is constant work to measure, analyze and improve the level of system security. open in new tab
Verified by:
Gdańsk University of Technology

seen 245 times

Recommended for you

Bezpieczenstwo transportu drogowego - podsumowanie

2009

Bezpieczenstwo żeglugi pasażerskiej na Zatoce Gdańskiej, jako część składowa produktu turystycznego

2005

Wybrane zagadnienia analizy bezpieczeństwa funkcjonalnego programowalnych systemów sterowania i zabezpieczeń instalacji procesowych

2009

Kapitał własny jako miernik bezpieczeństwa funkcjonowania banku w gospodarce rynkowej

2008
Meta Tags