Projektdetaljer
Beskrivelse
Background
Denmark is recognised as one of the most digitalised countries in Europe and the World. The digitalisation landscape has been evolving in public and private sectors. In most of the cases, projects enabling digitalisation in Denmark yielded positive responses from citizens and customers.
However, a recent project concerning the digitalisation of exams at schools (Den Digitale Prøvevagt in Danish), has raised several security and privacy concerns.
Security concerns arised when a high-school student showed how to completely bypass almost all the security measures implemented in the two major candidates exam tools (i.e. Netprøver and ExamCookie). Privacy concerns arised because such tools need to be installed into students machines despite they are neither open-source nor properly documented.
In fact, the only available descriptions of the tools are extremely vague respective to their surveillance capabilities. A week after that the findings were published, the Danish government decided to postpone the adoption of digital exams.
Goals
It is observed that state-of-the-art tools have only focused in providing system functionality, essentially a surveillance system, neglecting security and privacy issues.
This project sets security and privacy challenges as the starting point in designing evaluation tools, hence, it follows that traditional threats and traditional deterrence strategies for evaluation systems need to be reconsidered in the cyberspace environment. It observes that threats may come from any of the roles being played in an evaluation system, including authorities who may be corrupted to various extents. It means that such tools should also implement deterrence mechanisms against malicious authorities. In doing so, evaluation systems begin to look more balanced in terms of threats and benefits.
These concerns are not only relevant to exams but also to procurements, auctions, tenders and other systems that rest on submissions which are to be evaluated and ultimately ranked. Thus, it is a goal of this project to make its findings suitable and available to a large spectrum of evaluation systems.
Research Objectives
The first objective of this project is to identify the security and privacy requirements for evaluation systems. The goals of the projects require to look beyond the classic authentication and confidentiality requirements and to investigate novel requirements such as accountability and verifiability of deterrence mechanisms in order to foster public trust.
The second objective of this project is the design of secure and trustworthy prototypes of evaluation systems that meet the identified requirements. It is of particular interest to develop mechanisms that guarantee contrasting requirements such authentication and anonymity or accountability and privacy. Formal methods will be used to ensure rigorous adherence of the prototypes to the requirement specifications.
The third objective of this project is to validate the project findings mainly within the framework of the digitalisation of exams at schools in Danmark.
Denmark is recognised as one of the most digitalised countries in Europe and the World. The digitalisation landscape has been evolving in public and private sectors. In most of the cases, projects enabling digitalisation in Denmark yielded positive responses from citizens and customers.
However, a recent project concerning the digitalisation of exams at schools (Den Digitale Prøvevagt in Danish), has raised several security and privacy concerns.
Security concerns arised when a high-school student showed how to completely bypass almost all the security measures implemented in the two major candidates exam tools (i.e. Netprøver and ExamCookie). Privacy concerns arised because such tools need to be installed into students machines despite they are neither open-source nor properly documented.
In fact, the only available descriptions of the tools are extremely vague respective to their surveillance capabilities. A week after that the findings were published, the Danish government decided to postpone the adoption of digital exams.
Goals
It is observed that state-of-the-art tools have only focused in providing system functionality, essentially a surveillance system, neglecting security and privacy issues.
This project sets security and privacy challenges as the starting point in designing evaluation tools, hence, it follows that traditional threats and traditional deterrence strategies for evaluation systems need to be reconsidered in the cyberspace environment. It observes that threats may come from any of the roles being played in an evaluation system, including authorities who may be corrupted to various extents. It means that such tools should also implement deterrence mechanisms against malicious authorities. In doing so, evaluation systems begin to look more balanced in terms of threats and benefits.
These concerns are not only relevant to exams but also to procurements, auctions, tenders and other systems that rest on submissions which are to be evaluated and ultimately ranked. Thus, it is a goal of this project to make its findings suitable and available to a large spectrum of evaluation systems.
Research Objectives
The first objective of this project is to identify the security and privacy requirements for evaluation systems. The goals of the projects require to look beyond the classic authentication and confidentiality requirements and to investigate novel requirements such as accountability and verifiability of deterrence mechanisms in order to foster public trust.
The second objective of this project is the design of secure and trustworthy prototypes of evaluation systems that meet the identified requirements. It is of particular interest to develop mechanisms that guarantee contrasting requirements such authentication and anonymity or accountability and privacy. Formal methods will be used to ensure rigorous adherence of the prototypes to the requirement specifications.
The third objective of this project is to validate the project findings mainly within the framework of the digitalisation of exams at schools in Danmark.
Akronym | ENUMEDS |
---|---|
Status | Afsluttet |
Effektiv start/slut dato | 01/07/2021 → 31/07/2023 |
Finansiering
- Villum Fonden: 1.988.652,00 kr.