Abstract
W artykule zaprezentowano aspekty bezpieczeństwa nowoczesnych platform nauczania zdalnego. Przedstawiono ich charakterystykę i wyzwania technologiczne. Zdefiniowano bezpieczeństwo i istniejące w tym obszarze zagrożenia. Przybliżono metody oceny poziomu bezpieczeństwa. Na bazie wdrożonej na Politechnice Gdańskiej platformy eNauczanie PG omówiono sposoby zapewniania zakładanego poziomu bezpieczeństwa takich systemów.
Author (1)
Cite as
Full text
download paper
downloaded 161 times
- Publication version
- Accepted or Published Version
- License
- open in new tab
Keywords
Details
- Category:
- Articles
- Type:
- artykuły w czasopismach recenzowanych i innych wydawnictwach ciągłych
- Published in:
-
EduAkcja. Magazyn Edukacji Elektronicznej
pages 80 - 89,
ISSN: - Publication year:
- 2015
- Bibliographic description:
- Lubomski P.: Wyzwania bezpieczeństwa nowoczesnych platform nauczania zdalnego// EduAkcja. Magazyn Edukacji Elektronicznej. -., nr. 1(9) (2015), s.80-89
- Bibliography: test
-
- Anisetti, M., Ardagna, C. A., Damiani, E., Saonara, F. (2013). A test-based security certification scheme for web servi- ces. ACM Transactions on the Web, 7, 2, 1-41. open in new tab
- Benantar, M. (2006). Access Control Systems. Security, Identity Management and Trust Models. Springer-Verlag US. open in new tab
- Cisco WebEx (2015). Pobrano 25 lutego 2015 z: http://www.webex.com
- Clinch, J. (2009). ITIL v3 and information security. White Paper, 1-40.
- Common Vulnerability Scoring System Version 2 Calculator. (2014). National Institute of Standards and Technology. Pobrano z: https://nvd.nist.gov/cvss.cfm?calculator&version=2 open in new tab
- CVE Community,Common Vulnerabilities and Exposures. (2015). The MITRE Corporation. Pobrano 25 lutego 2015 z: http://cve.mitre.org
- CWE Community,Common Weakness Enumeration. (2015). The MITRE Corporation, Pobrano 25 lutego 2015 z: Paweł Lubomski, Wyzwania bezpieczeństwa nowoczesnych platform nauczania zdalnego EduAkcja. Magazyn edukacji elektronicznej, nr 1 (9)/2015 , str. 88
- Damián-Reyes, P., Favela, J., Contreras-Castillo, J. (2009). Uncertainty Management in Context-Aware Applications: Increasing Usability and User Trust. Wireless Personal Communications, 56, 1,. 37-53. open in new tab
- De Capitani Di Vimercati, S., Foresti, S. Jajodia, S., Paraboschi, S., Psaila, G., Samarati, P. (2012). Integrating trust management and access control in data-intensive Web applications. ACM Transactions on the Web, 6, 2, 1-43. open in new tab
- Dimmock, N., Belokosztolszki, A., Eyers, D., Bacon, J., Moody, K. (2004). Using trust and risk in role-based access control policies. Proceedings of the ninth ACM symposium on Access control models and technologies -SACMAT '04, 156. open in new tab
- Disterer, G. (2013). ISO/IEC 27000, 27001 and 27002 for Information Security Management. Journal of Information Security, 4, 2, 92-100. open in new tab
- eNauczanie PG. (2015). Pobrano 25 lutego 2015 z: http://enauczanie.pg.gda.pl open in new tab
- Erl, T. (2007). SOA Principles of Service Design. SOA Systems Inc.
- Goth, G. (2008). Single Sign-on and Social Networks. IEEE Distributed Systems Online, 9 (12), 1-1 . open in new tab
- Hansen, F., Oleshchuk, V. (2003). SRBAC: A spatial role-based access control model for mobile systems. Proceedings of the 7th Nordic Workshop on Secure IT Systems (NORDSEC'03), 129-141. open in new tab
- Hauser, J. R., Katz, G. M. (1998). Metrics: you are what you measure! European Management Journal, 4, 517-528. open in new tab
- Hinson, G. (2006). Seven myths about information security metrics. ISSA Journal, Pobrano 25 lutego 2015 z: http:// www.noticebored.com/IsecT_paper_on_7_myths_of_infosec_metrics.pdf
- Kirkpatrick, M. S., Bertino, E. (2010). Enforcing spatial constraints for mobile RBAC systems. SACMAT '10 Proce- edings of the 15th ACM symposium on Access control models and technologies, 99-108. open in new tab
- Krawczyk, H, Lubomski, P. (2010). Generalized access control in hierarchical computer network. Zeszyty naukowe Wydziału Elektroniki, Telekomunikacji i Informatyki Politechniki Gdańskiej, 18, 217-222. open in new tab
- Krawczyk, H., Lubomski P. (2010).Pączkowanie -metoda rozwoju interoperacyjnych komponentów dla systemów rozproszonych. Inżynieria oprogramowania w procesach integracji systemów informatycznych, 8, 241-248. open in new tab
- Leavitt, N. (2011). Mobile Security: Finally a Serious Problem? Computer, 44, 6, 11-14. open in new tab
- Liu, Y., Hoang, D. B. (1994). OSI RPC model and protocol. Computer Communications, 17, 1, 53-66.
- Lubomski, P., Żuchowski, I. (2014). Techniczne aspekty implementacji nowoczesnej platformy e-learningowej. Zeszyty Naukowe Wydziału Elektrotechniki i Automatyki Politechniki Gdańskiej, 37, 41-44.
- Lund, M. S., Solhaug, B., Stølen, K. (2010). Evolution in Relation to Risk and Trust Management. Computer, 43, 5, 49-55. open in new tab
- Mather, T., Kumaraswamy, S., Latif, S. (2009). Cloud Security and Privacy. An Enterprise Perspective on Risks and Compliance. O'Reilly.
- Mell, P., Kent, K. A., Romanosky, S. (2007). The common vulnerability scoring system (CVSS) and its applicability to federal agency systems. US Department of Commerce, National Institute of Standards and Technology. open in new tab
- Mell, P., Scarfone, K., Romanosky, S. (2006). Common Vulnerability Scoring System, IEEE Security and Privacy Ma- gazine, 4, 6, 85-89. open in new tab
- Mell, P., Scarfone, K., Romanosky, S. (2015). A Complete Guide to the Common Vulnerability Scoring System Version 2.0, " FIRST.org, Inc. Pobrano 25 lutego 2015 z: http://www.first.org/cvss/cvss-guide open in new tab
- Microsoft Security Response Center Security Bulletin Severity Rating System (2002). Microsoft Developer Network, Pobrano 25 lutego 2015 z: http://msdn.microsoft.com/en-us/library/bb720758.aspx open in new tab
- Miller, C. (2011). Mobile Attacks and Defense. IEEE Security & Privacy Magazine, 9, 4, 68-70. open in new tab
- moodle. (2015). Pobrano 25 lutego 2015 z: https://moodle.org 32. National Vulnerability Database Version 2.2. (2015). National Institute of Standards and Technology. Pobrano 25 lu- tego 2015 z: https://nvd.nist.gov open in new tab
- NVD Common Vulnerability Scoring System Support v2. (2007). National Institute of Standards and Technology. Pobrano 25 lutego 2015 z: http://nvd.nist.gov/cvss.cfm open in new tab
- Open Sourced Vulnerability Database. (2015). Open Sourced Vulnerability Database (OSVDB). Pobrano 25 lutego 2015 z: http://osvdb.org open in new tab
- OWASP community. The Open Web Application Security Project (OWASP). (2015). Pobrano 25 lutego 2015 z: https:// www.owasp.org
- OWASP Top Ten Project. (2015). Pobrano 25 lutego 2015 z: https://www.owasp.org/index.php/Category:OWASP_ Top_Ten_Project open in new tab
- Payne, S. C. (2006). A Guide to Security Metrics. SANS Security Essentials GSEC Practical Assignment, Pobrano 25 lutego 2015 z: https://www.sans.org/reading-room/whitepapers/auditing/guide-security-metrics-55. open in new tab
- Politechnika Gdańska, Moja PG. (2015). Pobrano 25 lutego 2015 z: https://moja.pg.gda.pl open in new tab
- SecurityFocus Vulnerability Database and BugTraq mail list. (2015). SecurityFocus. Pobrano 25 lutego 2015 z: http:// www.securityfocus.com/vulnerabilities. open in new tab
- Software Engineering Institute, US-CERT Vulnerability Notes. (2015). Carnegie Mellon University. Pobrano 25 lutego 2015 z :https://www.kb.cert.org/vuls open in new tab
- The WASC Threat Classification v2.0. (2015) The Web Application Security Consortium (WASC). Pobrano 25 lutego 2015 z: http://projects.webappsec.org/w/page/13246978/Threat Classification open in new tab
- Thorne, K. (2003). Blended Learning: How to Integrate Online & Traditional Learning, Kogan Page.
- US-CERT Vulnerability Metric (2015). National Institute of Standards and Technology. Pobrano 25 lutego 2015 z: www.kb.cert.org/vuls/html/fieldhelp#metric open in new tab
- Zaption (2015).Pobrano 25 lutego 2015 z: http://www.zaption.com Security Challenges Of Modern E-Learning Platforms Summary Keywords: e-learning, security, interoperability, security audit, risk analysis, reliability, performance Modern e-learning platforms are widely accessible at any time, from every place on the Earth. They use complex technology and are connected to many other systems. We can notice continuous growth and dynamic changes of such systems. On the other hand data processed by these systems are valuable and need to be protected. It is a big challenge to provide appropriate level of security and safety of such systems. The platforms being under considera- tion are mainly internet systems. Very often they combine many services developed in various technologies. They are exposed to threats similar to other internet systems. In the area of security the threats derive from errors in the implementation of authentication, authorization and session management. Oftentimes, weaknesses are the result of insufficient input validation. There is also a matter of ensuring service performance and availability at the intended level. To measure the level of security of the system, security audits are used. Each vulnerability detected by the audit should be analyzed in terms of the potential risk. Performance of the system is checked during performance tests. It is worth to notice, that it is constant work to measure, analyze and improve the level of system security. open in new tab
- Verified by:
- Gdańsk University of Technology
seen 245 times