Web-based Learning Management Systems, as in the nature of web-applications, are subject to attacks delivered through Internet, mainly aiming at accessing restricted data for illegal use. Protection from these kinds of threats is studied in the area of web applications and has been steadily improving in the last years. Nonetheless, especially in the area of very popular and easy-to-install web applications, such as Content Managements Systems, Blogs, and open source Learning Management Systems, the usual way to protect an installed system is to wait that weaknesses in the system software are discovered, and "patches" or new system releases are made available for installation. And this can be necessary also in cases in which no new threat technique has been discovered, while just another part of the system software has been detected as "weak" to that type of attack. Here we give an account of the most usual "exploit" techniques, known to be available, and describe a prototype methodology to equip certain Learning Management Systems (namely the open source ones, in particular those based on PHP engines) with a more stable protection, making it unnecessary to patch, or reinstall, a system in a hurry, after that minor weaknesses have been unveiled. The plug-in for a system is supposed to filter the input, sent by the user through a browser, and to avoid execution of server activities on suspect; data. We test the methodology on Moodle, by producing a suitable plug-in, and verifying its success at system run-time.
A Threats Blocking Plug-in for Open Source Learning Management Systems / Gianluca, Braga; Sterbini, Andrea; Temperini, Marco. - 73:(2010), pp. 551-564. (Intervento presentato al convegno 1st International Conference on Reforming Education, Quality of Teaching and Technology-Enhanced Learning: Learning Technologies, Quality of Education, Educational Systems, Evaluation, Pedagogies tenutosi a Athens, GREECE nel MAY 19-21, 2010) [10.1007/978-3-642-13166-0_77].
A Threats Blocking Plug-in for Open Source Learning Management Systems
STERBINI, Andrea;TEMPERINI, Marco
2010
Abstract
Web-based Learning Management Systems, as in the nature of web-applications, are subject to attacks delivered through Internet, mainly aiming at accessing restricted data for illegal use. Protection from these kinds of threats is studied in the area of web applications and has been steadily improving in the last years. Nonetheless, especially in the area of very popular and easy-to-install web applications, such as Content Managements Systems, Blogs, and open source Learning Management Systems, the usual way to protect an installed system is to wait that weaknesses in the system software are discovered, and "patches" or new system releases are made available for installation. And this can be necessary also in cases in which no new threat technique has been discovered, while just another part of the system software has been detected as "weak" to that type of attack. Here we give an account of the most usual "exploit" techniques, known to be available, and describe a prototype methodology to equip certain Learning Management Systems (namely the open source ones, in particular those based on PHP engines) with a more stable protection, making it unnecessary to patch, or reinstall, a system in a hurry, after that minor weaknesses have been unveiled. The plug-in for a system is supposed to filter the input, sent by the user through a browser, and to avoid execution of server activities on suspect; data. We test the methodology on Moodle, by producing a suitable plug-in, and verifying its success at system run-time.| File | Dimensione | Formato | |
|---|---|---|---|
|
VE_2010_11573-226469.pdf
solo gestori archivio
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Tutti i diritti riservati (All rights reserved)
Dimensione
309.9 kB
Formato
Adobe PDF
|
309.9 kB | Adobe PDF | Contatta l'autore |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
