Cyber Attacks Against E-Learning Platforms. A Case Study Using Attack Trees
Author(s): PETRICĂ, Gabriel; MIHAI, Ioan-Cosmin
Author(s) keywords: Attack Tree, e-learning, Moodle, software vulnerabilities
Reference keywords: cyber-attacks, e-learning
Abstract:
The global context of the first part of 2020 has led to a change in the way humanity has carried out its professional and educational activity. E-learning platforms have become an interesting target for cyber attackers. This paper presents the evolution of Moodle vulnerabilities and a possible AT (Attack Tree) built around this e-learning platform. The AT highlights software vulnerabilities and physical events that can compromise the security / availability of a Moodle platform.
References:
[1]. Marsh, The Global Risks Report 2020, https://www.marsh.com/content/dam/marsh/Documents/PDF/UK-en/wef-global-risks-report-2020.pdf.
[2]. World Economic Forum, The Global Risks Report 2020, Available: https://www.mmc.com/insights/publications/2020/Jan/the-global-risks-report-2020.html.
[3]. O. Santos, End-to-End Network Security: Defense-in-Depth 1st Edition, Cisco Press, 2007, ISBN 978-1587053320.
[4]. Defense in Depth, Network Access, 2015, Available: https://www.networkaccess.com/defense-in-depth/.
[5]. G. Petrică, I.C. Mihai, An analysis on security of e-learning platforms in Romanian higher education, Proceedings of the 14th International Scientific Conference "eLearning and Software for Education" Bucharest, April 19-20, 2018, Vol. 4, pp. 60-65, ISSN 2360-2198, WOS: 000468620000009.
[6]. M. Dougiamas, Improving the effectiveness of tools for Internet based education, Teaching and Learning Forum 2000, Available: https://litec.curtin.edu.au/events/conferences/tlf/tlf2000/dougiamas.html.
[7]. Releases - MoodleDocs, Available: https://docs.moodle.org/dev/Releases.
[8]. C.T. Duque, Moodle Reaches 200 Million Users - Moodle 3.9, 4.0 Readying For The Next 200, 2020, Available: https://www.lmspulse.com/2020/moodle-reaches-200-million-users-moodle-3-9-4-0-readying-for-the-next-200/.
[9]. G. Petrică, S.D. Axinte, A comparative study on security of e-learning platforms in the Romanian academic field, Considerations on challenges and future directions in cybersecurity, Sitech, 2019, pp. 19-26, ISBN 978-606-11-7004-3.
[10]. NVD - Statistics, Available: https://nvd.nist.gov/vuln/search/statistics?form_type=Basic&results_type=statistics&query=moodle&search_type=all.
[11]. CVE security vulnerabilities, versions and detailed reports, Available: https://www.cvedetails.com/product/3590/?q=Moodle.
[12]. S. Mauw, M. Oostdijk, Foundations of Attack Trees, ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology, Seoul, Korea, December 01 - 02, 2005, pp. 186-198, doi: 10.1007/11734727_17.
[13]. P. Kordy, P. Schweitzer, The ADTool Manual, 2015, https://satoss.uni.lu/members/piotr/adtool/manual.pdf.
Article Title: Cyber Attacks Against E-Learning Platforms. A Case Study Using Attack Trees
Author(s): PETRICĂ, Gabriel; MIHAI, Ioan-Cosmin
Date of Publication: 2020-06-22
Publication: International Journal of Information Security and Cybercrime
ISSN: 2285-9225 e-ISSN: 2286-0096
Digital Object Identifier: 10.19107/IJISC.2020.01.05
Issue: Volume 9, Issue 1, Year 2020
Section: Cyber-Attacks Evolution and Cybercrime Trends
Page Range: 37-42 (6 pages)
Copyright ©2012-2024
The International Journal of Information Security and Cybercrime (IJISC)
All rights reserved
The International Journal of Information Security and Cybercrime is a trademark of the Romanian Association for Information Security Assurance (RAISA).
No part of this publication may be reproduced, stored in a retrieval system, photocopied, recorded or archived, without the written permission from RAISA. When authors submit their papers for publication, they agree that the copyright for their article be transferred to the Romanian Association for Information Security Assurance, if the articles are accepted for publication. The copyright covers the exclusive rights to reproduce and distribute the article, including reprints and translations.