Presentation is loading. Please wait.

Presentation is loading. Please wait.

S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments.

Published byMarjorie Harrison Modified over 8 years ago

Similar presentations

Presentation on theme: "S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments."— Presentation transcript:

1 S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments

2 Outline Introduction Research Purpose M-learning Security M-learning security Framework M-learning security Sub-framework Evaluation & Results Conclusion Security Framework for Mobile Learning Environments

3 Mobile Learning Introduction Non availability of mobile learning security framework Security threats to mobile learning systems A subset of e-learning Group discussion among learners Access to learning content & materials Shortens learning curves and improves students’ performance Advantages Concerns

4 Research Purposes Mobile devices used in m-learning are vulnerable to security flaws The use of m-learning has introduced new threats to the learning environment There is need for security design at development stage Identification of vulnerable points in m-learning environments is important A proposed security framework for m-learning based on CIA dimension Application of the framework at three sub-levels Security Framework for Mobile Learning Environments

5 M-learning Security Are stakeholders security conscious? Do m-learning advocates / developers take security seriously when developing m-learning apps? Is any security framework used in m- learning environment? Is there any security measure to check threats from free WI-FI when learners are accessing m-learning systems on the move?

6 M-learning Security Sharp increase in mobile malware Image obtained from Indiatechonline.com The number of security issues on mobile device has increased exponentially over the years and continued to do so. The high number of malware growth further buttress the need to have sound and reliable security framework for mobile learning.

7 Proposed M-learning Security Framework M-learning Architecture and Requirements Architecture Requirements Three layers design:  Mobile device (client) for m-learning  M-learning servers (app, web & database)  M-learning network infrastructure Triad CIA security dimension:  Confidentiality  Integrity  Availability

8 M-learning Architecture and Requirements contd. Conceptual framework Identifying and safeguarding vulnerable points in the client, server and network infrastructure of an m-learning system which are prone to attacks is the basis of the framework. The framework security policy is based on CIA triad dimension in accordance with ISO/IEC27001 and ISO/IEC17799:2005 standards. Threats and attacks can penetrate the m-learning environment through the mobile device, the server or the network equipment as they are indicated to be the vulnerability points. A threat can spread from one vulnerability point to another and penetrate all other mobile learning systems as the devices are connected to one another. In m-learning context, the database server may be a major target since all students’ personal information, assessment, grades and feedback are centrally stored in it while the mobile device may be a target if the purpose is to have unauthorised access to learning content stored in it. The mobile learning framework can detect any threat and deter any attack before penetrating the system.

9 Proposed M-learning Security Framework The proposed m-learning framework is a generic one having three sections: the threats and attacks, m-learning environments and possible solutions. The m-learning environment is subdivided into CIA triad security requirements and vulnerability points in order to determine threats and attacks that are peculiar to each vulnerable point.

10 Mobile Client Sub-framework This is a mobile device sub-framework designed to detect, prevent and give a solution to any attack or threat to mobile devices. The mobile client comprise of the threat, vulnerability points, security requirements and possible solutions. If a mobile device is lost or stolen, the CIA requirement affected is the availability as the device cannot be available for legitimate use. Regular online data backup can make another copy of data available for immediate use. The location of the mobile device can be tracked and found. Remote wipe can be used clear confidential data if the mobile is lost

11 Server Sub-framework The server sub-framework is developed to protect the m-learning host systems from various threats and attacks. For example, malware and malicious programs (targets poorly designed server) can affect availability, integrity and confidentiality. Putting in place the triad CIA requirements through regular patch updates and installing antivirus/malware can deter threats and attack.

12 Network Sub-framework This is a network infrastructure sub-framework detailing possible threats and attacks, CIA requirements and possible solutions to them. Aside from a physical attack that affects availability and can be prevented with adequate physical security policy, unscheduled down time/ disruption is a major network infrastructure threat.

13 Evaluation & Result Security Framework for Mobile Learning Environments The framework and the sub-frameworks were examined and evaluated during a study on mobile learning security in four universities in Nigeria. The feedback from the study shows that 9 out of ten participants agreed that security issues around confidentiality, integrity and availability are major concerns in implementing and deploying mobile learning successfully in Higher Education Institutions The result from the study further shows that mobile device client is the most common vulnerable point that is prone to attack.

14 Based on the result, efforts on m-learning security framework should be directed to having extremely secured mobile client devices. Conclusion

Download ppt "S. A. Shonola & M. S. Joy Security Framework for Mobile Learning Environments."

Similar presentations

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.

Web Security for Network and System Administrators1 Chapter 1 Introduction to Information Security.
The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.

The Conceptual Framework of mLearning Security for University in Thailand Sarawut Ramjan Department of e-Commerce Management North-Chiang Mai university.
Mobile Security Guide Matt Scofield, Eric Samson, Cong Le.

Mobile Security Guide Matt Scofield, Eric Samson, Cong Le.
Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.

Mobile Devices: Know the RISKS. Take the STEPS. PROTECT AND SECURE Health Information.
A Comprehensive Study for RFID Malwares on Mobile Devices TBD.

A Comprehensive Study for RFID Malwares on Mobile Devices TBD.
SACM Terminology Nancy Cam-Winget, David Waltermire, March.

SACM Terminology Nancy Cam-Winget, David Waltermire, March.
DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) Phase III – Validation Thomas Howard Chris Pierce.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.

Supervision of Production Computers in ALICE Peter Chochula for the ALICE DCS team.
© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.

© 2008 Prentice Hall Business Publishing Accounting Information Systems, 11/e Romney/Steinbart1 of 222 C HAPTER 7 Information Systems Controls for Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.
Consideration for Information Security Issues in Geospatial Information Services of Local Governments Makoto Hanashima Institute for Areal Studies, Foundation.

Consideration for Information Security Issues in Geospatial Information Services of Local Governments Makoto Hanashima Institute for Areal Studies, Foundation.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
Risk Management.

Risk Management.
©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.

©Ian Sommerville 2006Software Engineering, 8th edition. Chapter 30 Slide 1 Security Engineering.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.

Term 2, 2011 Week 3. CONTENTS Network security Security threats – Accidental threats – Deliberate threats – Power surge Usernames and passwords Firewalls.
Network security policy: best practices

Network security policy: best practices
5205 – IT Service Delivery and Support

5205 – IT Service Delivery and Support

Similar presentations

Ads by Google