Final exams are just around the corner (or in some cases may already have been taken if they’re in-class ones)!\u00a0 I figured I’d write a security review about the system of final exams.<\/p>\n
Assets and Goals:<\/strong><\/p>\n Adversaries<\/strong>:<\/p>\n Weaknesses:<\/strong><\/p>\n Potential Defenses:<\/strong><\/p>\n Discussion and Conclusion:<\/strong><\/p>\n There are many different types of cheating which students can do during an exam.\u00a0 First of all, we need to consider what allowance the exam has for outside notes.<\/p>\n Particularly vulnerable to this is a class which is book only–I think I’ve only ever had one of those, but it’s extremely weak by default, as students can easily write in the margins of specific pages and as long as they are not stupidly blatant will not be caught.\u00a0 Solution: make everyone randomly swap books at the start of class.\u00a0 Weakness: time-consuming and difficult to ensure everyone gets their book back.\u00a0 Conclusion: book only exams are annoying to make work properly, better to allow book + notes or neither.<\/p>\n Book + notes only is much easier to patrol.\u00a0 Essentially the only sources disallowed are electronic sources or other people.\u00a0 In this case, a sufficient number of proctors need to be around in order to ensure that students do not use cellphones (laptops are a little blatant for this). Solution: proctor numbers.\u00a0 Conclusion: relatively easy<\/p>\n Book + notes + internet is quite difficult, as the laptop use must be monitored to prevent people from simply feeding the questions to a friend sitting at a computer at home who has already taken the class.\u00a0 As security people, of course, we know that you could monitor network traffic, but this is not very easy and requires specialist knowledge that most professors and proctors are going to lack.\u00a0 Easier is to just patrol the laptops, and require them all to sit in one location, at the front of the room.\u00a0 A few plainclothes proctors sitting near \/ behind them can be a great help here, as alt-tabbing when an obvious proctor is coming is quite easy, but they won’t know the person behind them “taking the exam” is watching their screen.\u00a0 Solution: plainclothes proctors.\u00a0 Conclusion: riskier, but doable<\/p>\n No books\/notes\/internet is also pretty easy–visibility is key here.\u00a0 As long as a proctor can see people without too much effort, large areas can be patrolled, as looking at notes will often cause quite a bit of noise.\u00a0 Additionally, fellow students can easily identify and report the student who is cheating (emphasize the fact that the test is curved so they have a motive to do so \ud83d\ude42 )<\/p>\n Overall conclusion: exams are rife with weaknesses.\u00a0 Some professors post grades online using the last digits of student ID #s as the index.\u00a0 Although these are not going to be unique, with knowledge of which classes a specific student is taking, accessing just a few of these classes will give an extremely high probability of figuring out which student it is.\u00a0 People glancing quickly at another students paper are another large risk (which can be minimized by ensuring spacious seating\/different versions of exams + non-multiple choice).<\/p>\n The lack of security knowledge of many professors means it would be relatively simple to steal into their office during lunch (for example) and grab the graded finals.\u00a0 Doing this would also cause great chaos if the exams hadn’t been entered into the system yet, obviously, but even apart from that would violate the privacy of students to not have their grades plastered all over the internet.<\/p>\n","protected":false},"excerpt":{"rendered":" Final exams are just around the corner (or in some cases may already have been taken if they’re in-class ones)!\u00a0 I figured I’d write a security review about the system of final exams. Assets and Goals: Pre-knowledge of questions After … Continue reading \n
\n
\n
\n