Acta Informatica Pragensia 2015, 4(3), 226-241 | DOI: 10.18267/j.aip.714121

Security Measures in Automated Assessment System for Programming Courses

Jana Šťastná, Ján Juhár, Miroslav Biňas, Martin Tomášek
Department of Computers and Informatics, Faculty of Electrical Engineering and Informatics, Technical University of Košice, Letná 9, 042 00 Košice, Slovak Republic

A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more). In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students' programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.

Keywords: Automated assessment, Programming assignment, Unsafe code, Virtual environment, Docker, System availability

Received: November 2, 2015; Revised: December 18, 2015; Accepted: December 27, 2015; Published: December 31, 2015  Show citation

ACS AIP APA ASA Harvard Chicago Chicago Notes IEEE ISO690 MLA NLM Turabian Vancouver
Šťastná, J., Juhár, J., Biňas, M., & Tomášek, M. (2015). Security Measures in Automated Assessment System for Programming Courses. Acta Informatica Pragensia4(3), 226-241. doi: 10.18267/j.aip.71
Download citation
  • BibTeX (.bib)
  • Bookends (.ris)
  • EasyBib (.ris)
  • EndNote (.enw)
  • EndNote 8 (.xml)
  • ISI WoS (.isi)
  • Medlars (.medlars)
  • Mendeley (.ris)
  • MODS (.xml)
  • Papers (.ris)
  • RefWorks (.txt)
  • RefManager (.ris)
  • RIS (.ris)
  • MS Word (.xml)
  • Zotero (.ris)
    • Open full article

    References

    1. Bayer, U., Habibi, I., Balzarotti, D., Kirda, E., & Kruegel, C. (2009). A view on current malware behaviors. In Proceedings of the 2nd USENIX conference on Large-scale exploits and emergent threats: botnets, spyware, worms, and more (p. 8). Berkeley: USENIX Association Berkeley.
    2. Beaucamps, P., Gnaedig, I., & Marion, J. Y. (2012). Abstraction-based malware analysis using rewriting and model checking. In Proceedings of the 17th European Symposium on Research in Computer Security (pp. 806-823). Berlin: Springer. doi: 10.1007/978-3-642-33167-1_46 Go to original source...
    3. Biňas, M., & Pietriková, E. (2014). Useful recommendations for successful implementation of programming courses. In Proceedings of the 12th International Conference on Emerging eLearning Technologies and Applications (pp. 397-401). New York: IEEE. doi: 10.1109/ICETA.2014.7107618 Go to original source...
    4. Biňas, M. (2014). Identifying web services for automatic assessments of programming assignments. In Proceedings of the 12th International Conference on Emerging eLearning Technologies and Applications (pp. 45-50). New York: IEEE. doi: 10.1109/ICETA.2014.7107547 Go to original source...
    5. Boritz, J. E. (2005). IS practitioners' views on core concepts of information integrity. International Journal of Accounting Information Systems, 6(4), 260-279. doi: 10.1016/j.accinf.2005.07.001 Go to original source...
    6. Docker Inc. (2015). What is Docker. Retrieved from https://www.docker.com/what-docker
    7. Egele, M., Scholte, T., Kirda, E., & Kruegel, C. (2012). A survey on automated dynamic malware-analysis techniques and tools. ACM Computing Surveys, 44(2), 6. doi: 10.1145/2089125.2089126 Go to original source...
    8. Ferrie, P. (2007). Attacks on more virtual machine emulators. Retrieved from https://www.symantec.com/avcenter/reference/Virtual_Machine_Threats.pdf
    9. Ihantola, P., Ahoniemi, T., Karavirta, V., & Seppälä, O. (2010). Review of recent systems for automatic assessment of programming assignments. In Proceedings of the 10th Koli Calling International Conference on Computing Education Research (pp. 86-93). doi: 10.1145/1930464.1930480 Go to original source...
    10. Landi, W. (1992). Undecidability of Static Analysis. ACM Letters on Programming Languages and Systems, 1(4), 323-337. doi: 10.1145/161494.161501 Go to original source...
    11. Law, K. M.Y., Lee, V. C.S., & Yu Y.T. (2010). Learning motivation in e-learning facilitated computer programming courses. Computers & Education, 55 (1), 218-228. doi: 10.1016/j.compedu.2010.01.007 Go to original source...
    12. Makai, M. (2015). Task Queues - Full Stack Python. Retrieved from http://www.fullstackpython.com/task-queues.html
    13. Nishiyama, H. (2012). Improved sandboxing for java virtual machine using hybrid execution model. In Proceedings of the 6th International Conference on New Trends in Information Science and Service Science and Data Mining (pp. 173-178). New York: IEEE.
    14. Ormandy, T. (2007). An empirical study into the security exposure to hosts of hostile virtualized environments. Retrieved from http://taviso.decsystem.org/virtsec.pdf
    15. Payer, M., Hartmann, T., & Gross, T.R. (2012). Safe Loading - A Foundation for Secure Execution of Untrusted Programs. In Proceedings of the IEEE Symposium on Security and Privacy (pp. 18-32). New York: IEEE. doi: 10.1109/SP.2012.11 Go to original source...
    16. Pears, A., Seidman, S., Malmi, L., Mannila, L., Adams, E., Bennedsen, J., Devlin, M., & Paterson, J. (2007). A survey of literature on the teaching of introductory programming. ACM SIGCSE Bulletin, 39(4), 204-223. doi: 10.1145/1345375.1345441 Go to original source...
    17. Petazzoni, J. (2014). Containers & Docker: How Secure Are They? Retrieved from http://blog.docker.com/2013/08/containers-docker-how-secure-are-they/
    18. Pieterse, V. (2013). Automated Assessment of Programming Assignments. In Proceedings of the 3rd Computer Science Education Research Conference on Computer Science Education Research (pp. 45-56). New York: ACM. doi: 10.1145/1559755.1559763 Go to original source...
    19. Pietriková, E., & Chodarev, S. (2015). Profile-driven Source Code Exploration. In Proceedings of the IEEE Federated Conference on Computer Science and Information Systems (pp. 929-934). New York: IEEE. doi: 10.15439/2015F238 Go to original source...
    20. Pietriková, E., Juhár, J., & Šťastná, J. (2015). Towards Automated Assessment in Game-Creative Programming Courses. Proceedings of the 13th International Conference on Emerging eLearning Technologies and Applications (pp. 307-312). Košice: TUKE. Go to original source...
    21. Ray, E., & Schultz, E. (2009). Virtualization Security. In Proceedings of the 5th Annual Workshop on Cyber Security and Information Intelligence Research: Cyber Security and Information Intelligence Challenges and Strategies (pp. 42:1-42:5). New York: ACM. doi: 10.1145/1558607.1558655 Go to original source...
    22. Špaček, F., Sohlich, R., & Dulík, T. (2015). Docker as Platform for Assignments Evaluation. Procedia Engineering, 100, 1665-1671. doi: 10.1016/j.proeng.2015.01.541 Go to original source...
    23. Thorburn, G., & Rowe, G. (1997). PASS: An automated system for program assessment. Computers & Education, 29 (4), 195-206. doi: 10.1016/S0360-1315(97)00021-3 Go to original source...
    24. Wagener, G., State, R., & Dulaunoy, A. (2008). Malware behaviour analysis. Journal in Computer Virology, 4(4), 279-287. doi: 10.1007/s11416-007-0074-9 Go to original source...
    25. Wang, F.L., & Wong, T.-L. (2008), Designing Programming Exercises with Computer Assisted Instruction. In J. Fong, R. Kwan, & F.L. Wang (Eds.), Lecture Notes in Computer Science: Hybrid Learning and Education (pp. 283-293). Berlin: Springer. doi: 10.1007/978-3-540-85170-7_25 Go to original source...
    26. Willems, C., Holz, T., & Freiling, F. (2007). Toward automated dynamic malware analysis using CWSandbox. IEEE Security & Privacy, (2), 32-39. Go to original source...
    27. Wögerer, W. (2005). A Survey of Static Program Analysis Techniques. Retrieved from http://www.ics.uci.edu/~lopes/teaching/inf212W12/readings/Woegerer-progr-analysis.pdf
    28. Zeltser, L. (2015). Security Risks and Benefits of Docker Application Containers. Retrieved from https://zeltser.com/security-risks-and-benefits-of-docker-application/

    This is an open access article distributed under the terms of the Creative Commons Attribution 4.0 International License (CC BY 4.0), which permits use, distribution, and reproduction in any medium, provided the original publication is properly cited. No use, distribution or reproduction is permitted which does not comply with these terms.


    Return to the content