Online user services

There are many instances of using the World Wide Web to provide online reg-istration of data, for instance, as colleges and universities modernize, they are increasingly looking for ways to make use of information technology to simplify the administration of examinations. This presents a somewhat different set of logisti-cal problems than with traditional examinations. It requires users to be managed in a potentially different way for part of the time – during the examination.

In this section, we shall consider the specific example of online examinations, for the sake of concreteness. The idea can be generalized or adapted to apply to other services (see exercises).

We are interested in achieving a number of goals with an online system:

• To cope with large numbers of users (e.g. students),

• To allow more general examination methods (continuous assessment etc.),

• To prevent unnecessary copying, or ‘cheating’, amongst the students,

• To move the bulk of the burden from grading work to pedagogical design,

• To provide an online (distributed) solution, which solves the most pressing security problems adequately.

These are significant challenges at present, since current online technologies are not well standardized in a way that is ideally suited to this task. Until some dedicated software is available for this purpose, it is a task for system administration to make interim solutions possible.

5.7.1 Security perspective

Security is the discipline of protecting interests and things of value. Student evaluation is a security problem at several levels. Security spans a number of issues: reliability, integrity, privacy, authenticity and – the heart of every security problem – how far one is willing to trustthe parts of a system.

Figure 5.1 shows the beginnings of a (potentially very large) ‘cause tree’ for traditional examination failure; it illustrates a point which many teachers take for granted about the evaluation of students – namely, that any system in which points are awarded, or students receive some kind of reward (payoff), is subject to attack by malicious or incidental factors. Let us mention a few of the ways in which the tenets of security apply to the evaluation process.

• Trust: The fundamental issue in any security system is where one places one’s trust; it is about deciding what is an acceptable risk. For example, staff might trust students never to cheat. If that is the case, security is very simple. On the other hand, staff might only trust students not to cheat in a supervised room (with an exam invigilator present). Conversely, students might not trust the course teacher to grade their papers correctly, or to give them a fair hearing; in that case, a quality control protocol can be implemented to offer a level of security to the students.

Fail exam

Bad teacher Bad student

Hangover Just bad Did no work Just bad

Exam correct Exam incorrect Grading error

Careless error

Teacher dislikes student

Incompetence

Figure 5.1:A partial cause tree for examination failure.

In each case, what we are willing to trust guides the security measures which need to be implemented. At no point is any system infallible. If one assumes that students and staff are hostile partners, the worst case would be that both sides would engage in an arms race, each trying to outsmart the other. In practice, only a small fraction of staff and students behaves in this manner, but nevertheless, this is a problem which must be taken seriously, at some level.

• Reliability: The reliability of the examination procedure must be secured against both malicious exploitation and accidental error. In an alternative evaluation scheme, it is natural to eliminate humans from the grading process as far as possible. If a machine can be made to perform the grading, then clearly the only source of error would be a systematic error, perhaps from an error in programming of the system itself. Such an error would not prejudice any one student, and could be corrected in time.

• Integrity: Integrity concerns the ability to transmit information, or intent, without alteration or error. Integrity of evaluation information applies both to the problems posed to students and in the collection of their replies.

With Web-based technologies, this can be a problem unless students are using standardized browsers and operating systems. The disturbing lack of standardization in browser technology means that not all data can be rendered in any browser. Moreover, early Netscape browsers crash often, and Internet Explorer fails to show HTTPS secured pages a significant percentage of the time with an unspecific ‘Page cannot be shown’ error.

• Authenticity and identity: Students need to trust the authenticity of the exam paper, or the problems they are to answer. It would be unacceptable for a malicious party to replace the actual exam with a fake exam, or an exam to which the students already had the written solutions. Similarly, the examiners need to know that the student whose name is on the resulting work, actually did that work. Copying from one another without learning is one way in which students can attack examination and evaluation systems, and undermine the purpose of the educational establishment.

Correctly identifying the author of an examination paper is a subtle task.

In the security sense, one can visually inspect the student ID of a student who shows up for an examination (though ID can be forged). Similarly, one can forge electronic credentials relatively easily. In spite of the dangers to themselves, students regularly swap passwords and loan accounts to their classmates. Thus, when an assignment is submitted without physical supervision (e.g. electronically), there is no guarantee that the person whose name is registered by the receiver is the author of the work. In a written examination, students regularly memorize passages and methods written by others – it just requires a little more concentration to achieve.

The act of confirming one’s identity by use of a secret password or other means is calledauthentication.

• Privacy: Finally, can the process of evaluation be conducted with sufficient respect for individual privacy? The teacher’s privacy is needed to prevent students from cheating by finding the solutions or by gaining knowledge of the problems in advance, and the student’s privacy is needed to pre-vent their identities from compromising the objectivity (reliability) of the process.

Discussing student evaluation in terms of information security is perhaps an unusual point of view, but it is not one to be dismissed lightly. The validity of the university’s conclusions about a student’s performance is precisely what is at stake, both for its reputation and for society at large.

5.7.2 Reconfiguring hosts for electronic exams

Imperial College in London has devised an administrative scheme called Lexis for conducting examinations using specially secured computers [330]. The college chose the GNU/Linux operating system for this purpose and used a separate run-level to configure hosts at startup in a secure environment.

Lexis was designed specifically with programming examinations in mind. It seeks to provide a familiar lab-like environment during exams, with all resources necessary to complete the exam, including a secure environment and means of collecting exam answers. Students should have no access to unauthorized data, no access to other users on the network, and not be distracted by other users or signals from the network.

A similar approach has been examined at Oslo University College, using cfengine to reconfigure computers temporarily.

5.7.3 User identification

At a university, students come and go and login names can be reused over time.

This has potential consequences for the long-term storage and identification of student results online. The use of student numbers or personal identification numbers has been used here in Oslo, since these are unique even over long periods of time.

How should students and their answers be identified during the examination?

The use of usernames and passwords to authenticate users seemed to be the best compromise. The use of digital signatures might also be considered; however, digital signing is deemed too complicated for non-computer science users – even computer science students who were studying security found signatures to be confusing. Also, there is a significant administrative overhead involved in setting up and maintaining signatures in a student environment, where login names and accounts are frequently appearing and disappearing.

The issue of confirming student identity online is called authentication. It works by challenging the user to provide knowledge of some password or private secret which they would not normally divulge to anyone else. This is the most difficult and pressing issue in online services. Students are not afraid to swap passwords to college accounts, because they often have private accounts elsewhere (Hotmail or home accounts etc.), and thus regard their college accounts as ‘disposable’. As long as students are not afraid to lend their secrets to others, there will be no unique way of identifying them, and thus of being certain that they are responsible for their own grades.