There is no one-stop shop protection method that can meet all the security requirements and design specifications of new or existing distributed e-learning systems. However, a novel web engineering security methodology, based on software engineering principles, could help to secure these systems. In this proposed methodology, security needs to be built into all phases of the System Development Life Cycle (SDLC). Many universities now employ e-learning systems, but security is often an afterthought. Their ICT organisations still use ad hoc security tools such as firewalls and anti-virus software that are not capable of offering sufficient security. This is because firewalls and anti-virus cannot distinguish between an original HTTP conversation and faked or compromised connections. Dr Shadi Aljawarneh believes security should be an intrinsic part of the System Development Life Cycle (SDLC), and presents a web engineering security methodology, based on software engineering principles, to secure distributed e-learning systems.
[1]
Yair Levy,et al.
Securing E-Learning Systems: A Case of Insider Cyber Attacks and Novice IT Management in a Small University
,
2006,
J. Cases Inf. Technol..
[2]
Ray Welland,et al.
Web development evolution: the assimilation of Web engineering security
,
2005,
Third Latin American Web Congress (LA-WEB'2005).
[3]
Bob Gehling,et al.
eCommerce security
,
2005,
InfoSecCD '05.
[4]
Christian S. Collberg,et al.
Tamper Detection in Audit Logs
,
2004,
VLDB.
[5]
Matthew Green,et al.
Security Analysis of a Cryptographically-Enabled RFID Device
,
2005,
USENIX Security Symposium.
[6]
Yanchun Zhang,et al.
Effective Collaboration with Information Sharing in Virtual Universities
,
2009,
IEEE Transactions on Knowledge and Data Engineering.
[7]
Niels Provos,et al.
The Ghost in the Browser: Analysis of Web-based Malware
,
2007,
HotBots.