Security Measures in Automated Assessment System for Programming Courses
Security Measures in Automated Assessment System for Programming Courses
Author(s): Jana Šťastná, Ján Juhár, Miroslav Biňas, Martin TomášekSubject(s): Education, ICT Information and Communications Technologies
Published by: Vysoká škola ekonomická v Praze
Keywords: Automated assessment; Programming assignment; Unsafe code; Virtual environment; Docker; System availability
Summary/Abstract: A desirable characteristic of programming code assessment is to provide the learner the most appropriate information regarding the code functionality as well as a chance to improve. This can be hardly achieved in case the number of learners is high (500 or more). In this paper we address the problem of risky code testing and availability of an assessment platform Arena, dealing with potential security risks when providing an automated assessment for a large set of source code. Looking at students' programs as if they were potentially malicious inspired us to investigate separated execution environments, used by security experts for secure software analysis. The results also show that availability issues of our assessment platform can be conveniently resolved with task queues. A special attention is paid to Docker, a virtual container ensuring no risky code can affect the assessment system security. The assessment platform Arena enables to regularly, effectively and securely assess students' source code in various programming courses. In addition to that it is a motivating factor and helps students to engage in the educational process.
Journal: Acta Informatica Pragensia
- Issue Year: 4/2015
- Issue No: 3
- Page Range: 226-241
- Page Count: 16
- Language: English
