Quantitative Risk Assessment in Moodle Learning Management System

For the past decade, in many educational institutes, learning management systems have become essential parts to deliver class materials and to provide communicational channels between course instructors and students. When institutes are adopting a learning management system, perhaps the two most concerning points would be how much a system costs to deploy and how secure a system is. Moodle, which is the most popular open software learning management system, satisfies a budget-related issue. Thus, as a low-cost solution, educational institutes often adopt Moodle. However, there have been few studies investigating the security aspects of Moodle, which might be more important than a budget problem. Here, we quantitatively investigate how secure Moodle system is. First, vulnerabilities discovered in Moodle are speculated with respect to the CVSS score. Then we apply a well-known vulnerability discovery model into the vulnerability discovery process. Also, we investigate whether there are seasonal variations in the discovery process. The result shows that a reasonably modified datasets are well followed the discovery model, and there is indeed a seasonal pattern in the Moodle vulnerability dataset.

[1]  Ajantha Herath,et al.  Intrusion detection using the chi-square goodness-of-fit test for information assurance, network, forensics and software security , 2007 .

[2]  HyunChul Joh,et al.  Assessing Web Browser Secur ity Vulnerabilities with respect to CVSS , 2015 .

[3]  Yashwant K. Malaiya,et al.  Modeling vulnerability discovery process in Apache and IIS HTTP servers , 2011, Comput. Secur..

[4]  Albert L. Harris,et al.  The impact of information richness on information security awareness training effectiveness , 2009, Comput. Educ..

[5]  Anas N. Al-Rabadi,et al.  A comparison of modified reconstructability analysis and Ashenhurst‐Curtis decomposition of Boolean functions , 2004 .

[6]  Andrew M. St. Laurent Understanding Open Source and Free Software Licensing , 2004 .

[7]  A. K. M. Najmul Islam,et al.  Investigating e-learning system usage outcomes in the university context , 2013, Comput. Educ..

[8]  Charles P. Pfleeger,et al.  Security in computing , 1988 .

[9]  Gregorio Robles,et al.  Preliminary lessons from a software evolution analysis of Moodle , 2013, TEEM '13.

[10]  HyunChul Joh,et al.  Modeling Security Vulnerabilities in Learning Management Systems , 2013 .

[11]  Yashwant K. Malaiya,et al.  Application of Vulnerability Discovery Models to Major Operating Systems , 2008, IEEE Transactions on Reliability.

[12]  Burce L Bowerman,et al.  Time series forecasting: unified concepts and computer implementation , 1986 .

[13]  M. F. Hilmi,et al.  Exploring security perception of learning management system (LMS) portal , 2011, 2011 3rd International Congress on Engineering Education (ICEED).

[14]  Y.K. Malaiya,et al.  Prediction capabilities of vulnerability discovery models , 2006, RAMS '06. Annual Reliability and Maintainability Symposium, 2006..