David Argles

Towards security goals in summative e-assessment security

The general security goals of computer a system are known to include confidentiality, integrity and availability (C-I-A) which prevent critical assets from potential threats. The C-I-A security goals are well researched areas; however they may be insufficient to address all the needs of the summative e-assessment. In this paper, we do not discard the fundamental C-I-A security goals; rather we define security goals which are specific to summative e-assessment security.

The Same, But Different: The Educational Affordances of Different Gaming Genres

As research continues into the use of computer games for educational purposes, the differences between different gaming genres become increasingly more important. These differences, however, appear to have been largely overlooked by the academic community, potentially resulting in incomplete results when considered against computer gaming as a whole. This paper studies a selection of games from several different genres, assessing each one in its ability to fulfill a set of previously identified requirements for a good educational resource. The results of the investigation showed that there were indeed differences between the genres, allowing for some suggestions to be made regarding their use, as well as leaving room for some interesting future work.

Agile security issues: an empirical study

In this poster we introduce an ongoing empirical study on the effects of using predominant security issues along with agile methodologies. As part of this empirical study, current security issues related to and applicable to agile methodologies such as Scrum, XP, and FDD and their effects are discussed. The purpose of this poster is to present an introduction to this ongoing effort and to present our analysis of the issues which are important factors in our forthcoming results which underscores the gap in the literature. The analysis will include experiments, semi-structured interviews, and surveys that seek to gather relevant objective and subjective information about projects and experiments in order to arrive at a consensus on which issues need to be included or emphasized as part of agile to provide adequate security assurance.

An Improved Approach to Secure Authentication and Signing

We know how to build secure systems but for security measures to be truly effective it is necessary to use keys which are far too large for people to commit to memory. The consequence is that people avoid using security measures or they resort to recording their key information somewhere which they find convenient to access. If any kind of barrier to unauthorised access to this store is used, it is invariably a username and short password or PIN combination. This compromises the effectiveness of primary schemes by presenting an intruder with a weak point to attack. This paper describes a hybrid scheme incorporating an electronic token and biometric verification. The scheme eliminates the need to rely on the users memory so it can use keys which are long enough to be effective, yet it is also quick and convenient in use and could be adopted anywhere that presently uses username-password arrangements.

Plagiarism in e-Learning Systems: Identifying and Solving the Problem for Practical Assignments

A big part of life long learning is the move from residential lectures to distance education. Distance education falls under the multi-modal policy of the teaching institution and thereby a change in student contact. The lecturer facilitating the distance education course is also faced with a problem where the quality and originality of submitted assignments need to be checked. This has always been a difficult task, as going through practical assignments and looking for similarities is a tedious job. Software checkers are available, but as yet, have not been integrated into popular online e-learning systems. If closer contact and warning to students are given at an early stage the problem is minimized as they know they are being closely monitored. As will be shown in this article, plagiarism is a current problem with online practical submissions. We will also show how this problem can be minimized through the integration of plagiarism checking tools and other checking methods into e-learning systems.

Electronic Integrity Issues in E-Assessment Security

This paper describes electronic integrity in the context of curbing double submissions during e-assessments. Submission of examination answers is an important part of assessment whether paper or electronic based. As will be discussed in this paper, double submission of an assessment test by one student is a breach in electronic integrity and it breeds electronic corruption. The proposed solutions will present a method to reduce this problem, by combining studentspsila login ID with static IP addresses for the duration of an e-assessment. This technique will ensure single submission of tests per student in e-learning systems.

FingerID: A new security model based on fingerprint recognition for personal learning environments (PLEs)

The current practice of password based security for PLEs in general and the Internet in particular is inadequate. The widespread authentication mechanism of username and password is out-dated, and does not meet current needs. Intruders and hackers have also learnt, and become more tech savvy. Besides, remembering a plethora of long passwords and passphrases, sometimes as many as 15 or 20, is cumbersome. This raises the need to introduce a better and more reliable authentication mechanism which is not dependent on a series of characters, but rather on a technology that is unique and only possessed by the individual. Similar services already exist, and they are good in some situations, but prove to be inadequate under other circumstances. In this paper, we propose a one-stop solution to eliminate all these problems, named FingerID. This solution will make the experience of access to distributed web accounts a more secure, accessible and usable one. This solution has been developed, tested, and proven. The findings of this paper will revolutionise the entire authentication mechanism on the web, and thereby enable the user access to distributed accounts at a single point.

Towards a Framework of a Secure E-Qualification Certificate System

we all receive paper based certificates during our study journey, but they are hard to manage to avoid damage or loss. The field of e-Learning provides technological developments, such as e-portfolios, which enable greater power and flexibility in displaying achievements. These may include on-line versions of certificates of the applicants attainment which overcome the limitations of paper-based versions. However, these “e-certificates” present a number of practical challenges, which so far have not been addressed, such as the validation of claimed e-qualification certificates. This paper addresses the issues, and explores the gap between current e-portfolio tools and the desired e-qualification certificate system. Through analysis of the existing systems and e-certificate use cases, we have identified existing services that can be reused and the services that require further development, thereby presenting an approach which solves the above problems. Preliminary results indicate that the recommendation from this research meets the design requirements, and could form the foundation of future e-certificate implementations.

Anomaly detection system: Towards a framework for enterprise log management of security services

In recent years, enterprise log management systems have been widely used by organizations. Several companies such as (IBM, MacAfee and Splunk etc.) have brought their own log management solutions to the market. However, the problem is that these systems often require proprietary hardware and do not involve web usage mining to analyze the log data. The purpose of this paper is to investigate an approach towards a framework for managing security logs in enterprise organizations called of the anomaly detection system (ADS), built to detect anomalous behavior inside computer networks that is free from hardware constraints and benefits from web usage mining to extract useful information from the log files.

AGILE SECURITY METHODS: AN EMPIRICAL INVESTIGATION

This paper provides an in-depth investigation into the various security issues in Agile software development methodologies currently in use. We have as part of our research identified a number of issues from multiple perspectives and points of view throughout the literature and from industrial sources. These shed light into what the most important issues are and what is the best way forward in assessing each proposal and deciding whether to adopt it or not. We have conducted a number of empirical interviews with practitioners from various parts of the world who actively work in high risk projects which puts them in a position to shed light into these topics in a more detailed fashion. We present our findings and analysis in the following paper for the topics of combining security and agility. We assess whether changing Agile methods for the sake of security is really necessary, and present recommendations for future work and conclusions.