Educational Software and Security Vulnerabilities: an experimental study

Diego Rossi; Lucas Bressan; Fernanda Campos; André Oliveira; Victor Ströele

doi:10.5753/sbie.2023.234860

Diego Rossi UFJF
Lucas Bressan UFJF
Fernanda Campos UFJF
André Oliveira UFJF
Victor Ströele UFJF

DOI: https://doi.org/10.5753/sbie.2023.234860

Resumo

The educational domain comprises fragmented solutions with different services, tools, and plugins. As a complex system, it raises several security and threat prevention concerns. We conducted an exploratory study to characterize security vulnerabilities and their impacts on Learning Management Systems. We focus on an intelligent educational solution using the risk assessment methodology HEAVENS 2.0. We identify vulnerabilities in architectural elements and detail two of them. Risks are not acceptable, and security measures must be adopted to avoid damage to students, tutors, and teachers. The results highlight the security vulnerabilities and the consequences of threats to users, hoping to motivate future research

Referências

ABDALLA, A. ; STROELE, V. ; Campos, F. ; DAVID, JOSÉ MARIA N. ; Braga, Regina. Plataforma de Ecossistema de Software para Sistemas de Recomendação. In: Simpósio Brasileiro de Sistemas de Informação (SBSI), 2018, Caxias do Sul. Porto Alegre: SBC, 2018. p. 1-8.

ALMEIDA, André; GOMES, Luciana de Queiroz Leal. Avaliação de Softwares Educacionais através de Indicadores de Qualidade. In: SIMPÓSIO BRASILEIRO DE INFORMÁTICA NA EDUCAÇÃO, 32. , 2021, Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2021 . p. 249-258. DOI: https://doi.org/10.5753/sbie.2021.218685.

BÓBÓ, MÍRIA L. D. R. ; Campos, Fernanda ; STROELE, VICTOR ; DAVID, JOSÉ MARIA N. ; BRAGA, REGINA, TORRENT, TIAGO TIMPONI. Using Sentiment Analysis to Identify Student Emotional State to Avoid Dropout in E-Learning. International Journal Of Distance Education Technology,, v. 20, p. 1-24, 2022.

BOBO, M. ; Campos, F. ; STRÖELE, VICTOR ; DAVID, JOSÉ MARIA N. ; Braga, Regina . Identificação do Perfil Emocional do Aluno Através de Análise de Sentimento: Combatendo a Evasão Escolar. In: VIII Congresso Brasileiro de Informática na Educação (CBIE 2019), 2019, Brasilia. Anais do XXX Simpósio Brasileiro de Informática na Educação (SBIE 2019). Porto Alegre: SBC, 2019. v. 1. p. 1431-1440.

BRESSAN, L.; OLIVEIRA, A. L. ; CAMPOS, F. ; MONTECCHI, L. ; CAPILLA, R. ; PARKER, D. ; ASLANSEFAT, K. ; PAPADOPOULOS, Y. . Modeling the Variability of System Safety Analysis using State-Machine Diagrams. In: 8th International Symposium on Model-Based Safety Assessment, 2022, Munich. 2022. v. 1.

BRESSAN, L. ; OLIVEIRA, A. L. ; Campos, F. ; Capilla, R. . A variability modeling and transformation approach for safety-critical systems. In: 15th International Working Conference on Variability Modelling of Software-Intensive Systems (VaMoS?21), 2021, 2021, Krems, Áustri. 2021.

CAPUANO, N.; CABALLÉ, S. Multi-attribute categorization of mooc forum posts and applications to conversational agents. In: SPRINGER. International Conference on P2P, Parallel, Grid, Cloud and Internet Computing. [S.l.], 2019. p. 505–514.

COE, F. 2021. What is software security and why is it important? Accessed 04/23/2023, available from [link].

DEVLIN, J. et al. Bert: Pre-training of deep bidirectional transformers for language understanding. arXiv preprint arXiv:1810.04805, 2018.

GOMES, J. et al. A hereditary attentive template-based approach for complex knowledge base question answering systems. Expert Systems with Applications, p. 117725, 2022. ISSN 0957-4174. Disponível em: [link]. Acesso em: 09/06/2022.

LAUTENBACH, ALJOSCHA; ALMGREN, MAGNUS & OLOVSSON, TOMAS.Proposing HEAVENS 2.0 – an automotive risk assessment model. CSCS ’21, November 30, 2021, Ingolstadt, Germany

LUCA ALLODI, LUCA; MARCO CREMONINI, MARCO;MASSACCI, FÁBIO; SHIM, WOOHYUN. Measuring the accuracy of software vulnerability assessments: experiments with students and professionals. Empirical Software Engineering (2020) Springer 25:1063–1094. https://doi.org/10.1007/s10664-019-09797-4

MACHER, G.; SCHMITTNER, C., et al. ISO/SAE DIS 21434 Automotive Cybersecurity Standard - In a Nutshell. In: CASIMIRO, António et al. (Eds.). Computer Safety, Reliability, and Security. SAFECOMP 2020 Workshops. Cham: SpringerInternational Publishing, 2020. P. 123–135. ISBN 978-3-030-55583-2.

MARTINS, G. ; VEIGA, W. ; Campos, F. ; STRÖELE, VICTOR ; DAVID, JOSÉ MARIA N. ; Braga, Regina . Construção de Jogos Educacionais através de Modelo de Features. In: Simpósio Brasileiro de Sistemas de Informação (SBSI),, 2018, Caxias do Sul. Porto Alegre: SBC, 2018. p. 1-8.

MESA, Oslien et alli. Understanding vulnerabilities in plugin-based web systems: an exploratory study of wordpress. SPLC '18: Proceedings of the 22nd International Systems and Software Product Line Conference - Volume 1. September 2018Pages 149–159.

MORENO-MARCOS, P. M. et al. Prediction in moocs: A review and future research directions. IEEE Transactions on Learning Technologies, IEEE, v. 12, n. 3, p.384–401, 2018.

NERY, T. ; COELHO, G. ; Campos, F. ; Braga, Regina ; STRÖELE, VICTOR ; David, J. M. N. Uso de Proveniência de Objetos de Aprendizagem para Identificação do Estilo Preferencial de Aprendizagem. In: VIII Congresso Brasileiro de Informática na Educação (CBIE 2019),, 2019, Brasilia. Anais do XXX Simpósio Brasileiro de Informática na Educação (SBIE 2019). Porto Alegre: SBC, 2019. v. 1. p. 109-118.

NEVES, F. ; Campos, F. ; STROELE, V. ; DANTAS, MARIO ; Braga, Regina ; David, J. M. N. Assisted education: using predictive model to avoid school dropout in e-learning systems. In: Santi Caballé, Stavros Demetriadis and more. (Org.). Intelligent Systems and Learning Data Analytics in Online Education. 1ed.: Elsevier, 2021, v. 1, p. 1-.

OLIVEIRA, André Luiz de; BRAGA, Rosana; MASIERO, Paulo; PARKER, David, et al. Variability management in safety-critical systems design and dependability analysis.Journal of Software: Evolution and Process, v. 31, n. 8, e2202, Aug. 2019. ISSN 20477473. Available from: <http://doi.wiley.com/10.1002/smr.2202>.

RASCHKA, S.; PATTERSON, J.; NOLET, C. Machine learning in python: Main developments and technology trends in data science, machine learning, and artificial intelligence.Information, Multidisciplinary Digital Publishing Institute, v. 11, n. 4, p. 193, 2020.

ROSSI, DIEGO ; STRÖELE, VICTOR ; SOUZA, JAIRO ; Campos, Fernanda . Automatic classification of subjective attributes from student messages in virtual learning environments. In: Simpósio Brasileiro de Informática na Educação, 2022, Brasil. Anais do XXXIII Simpósio Brasileiro de Informática na Educação (SBIE 2022), 2022. p. 871.

ROSSI, D. ; STROELE, VICTOR ; BRAGA, REGINA ; CABALLE, S. ; CAPUANO, N. ; Campos, F. ; DANTAS, MARIO ; LOMASCO, L. ; TOTI, D. . CAERS: A Conversational Agent for Intervention in MOOCs? Learning Processes.. In: Innovations in Learning and Technology for the Workplace and Higher Education, 2021. TLIC 2021., 2021. Lecture Notes in Networks and Systems, 2021. v. 349.

ROSSI, D. ; STROELE, V. ; Campos, F. ; BRAGA, REGINA ; DAVID, JOSE M. . Identifying pedagogical intervention in MOOCs learning processes: a conversational agent proposal. In: X Congresso Brasileiro de Informática na Educação (CBIE 2021), 2021. Anais do XXXII Simpósio Brasileiro de Informática na Educação (SBIE 2021), 2021. p. 849-860.

SCHNEIDER, Daniel et al. WAP: Digital Dependability Identities. In: PROCEEDINGS of the 2015 IEEE 26th International Symposium on Software Reliability Engineering (ISSRE). USA: IEEE Computer Society, 2015. (ISSRE ’15), p. 324–329. ISBN 9781509004065. DOI: 10.1109/ISSRE.2015.7381825. Available from:<https://doi.org/10.1109/ISSRE.2015.7381825>.

BASILI, V. AND ROMBACH, D. 1988. The TAME project: Towards improvement-oriented software environments. IEEE Transactions on software engineering 14, 6 (1988), 758–773.

SOMMERVILLE, I. (2015) Software Engineering. 10th Edition, Pearson, London.