Security Measures in Automated Assessment System for Programming Courses

A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more). In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students’ programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.

[1]  Peter Ferrie Attacks on More Virtual Machine Emulators , 2007 .

[2]  William Landi,et al.  Undecidability of static analysis , 1992, LOPL.

[3]  Glenn Rowe,et al.  PASS: An automated system for program assessment , 1997, Comput. Educ..

[4]  Petri Ihantola,et al.  Review of recent systems for automatic assessment of programming assignments , 2010, Koli Calling.

[5]  Manuel Menezes de Oliveira Neto,et al.  Photorealistic models for pupil light reflex and iridal pattern deformation , 2009, TOGS.

[6]  Felix C. Freiling,et al.  Toward Automated Dynamic Malware Analysis Using CWSandbox , 2007, IEEE Secur. Priv..

[7]  Tavis Ormandy An Empirical Study into the Security Exposure to Hosts of Hostile Virtualized Environments Tavis , 2007 .

[8]  Tomáš Dulík,et al.  Docker as Platform for Assignments Evaluation , 2015 .

[9]  J. Efrim Boritz,et al.  IS practitioners' views on core concepts of information integrity , 2005, Int. J. Account. Inf. Syst..

[10]  M. Binas Identifying web services for automatic assessments of programming assignments , 2014, 2014 IEEE 12th IEEE International Conference on Emerging eLearning Technologies and Applications (ICETA).

[11]  Radu State,et al.  Malware behaviour analysis , 2008, Journal in Computer Virology.

[12]  Jana Stastna,et al.  Towards automated assessment in game-creative programming courses , 2015, 2015 13th International Conference on Emerging eLearning Technologies and Applications (ICETA).

[13]  Thomas R. Gross,et al.  Safe Loading - A Foundation for Secure Execution of Untrusted Programs , 2012, 2012 IEEE Symposium on Security and Privacy.

[14]  Sergej Chodarev,et al.  Profile-driven source code exploration , 2015, 2015 Federated Conference on Computer Science and Information Systems (FedCSIS).

[15]  Jean-Yves Marion,et al.  Abstraction-Based Malware Analysis Using Rewriting and Model Checking , 2012, ESORICS.

[16]  Edward Ray,et al.  Virtualization security , 2009, CSIIRW '09.

[17]  Victor C. S. Lee,et al.  Learning motivation in e-learning facilitated computer programming courses , 2010, Comput. Educ..

[18]  Christopher Krügel,et al.  A survey on automated dynamic malware-analysis techniques and tools , 2012, CSUR.

[19]  Vreda Pieterse,et al.  Automated Assessment of Programming Assignments , 2013, CSERC.

[20]  M. Binas,et al.  Useful recommendations for successful implementation of programming courses , 2014, 2014 IEEE 12th IEEE International Conference on Emerging eLearning Technologies and Applications (ICETA).

[21]  H. Nishiyama Improved sandboxing for java virtual machine using hybrid execution model , 2012, 2012 6th International Conference on New Trends in Information Science, Service Science and Data Mining (ISSDM2012).

[22]  Engin Kirda,et al.  A View on Current Malware Behaviors , 2009, LEET.

[23]  Lauri Malmi,et al.  A survey of literature on the teaching of introductory programming , 2007, ITiCSE-WGR '07.

[24]  Fu Lee Wang,et al.  Designing Programming Exercises with Computer Assisted Instruction , 2008, ICHL.