Information and communication technologies (ICE) have been widely adopted and exploited in most educational institutions in order to support e-Learning through different learning methodologies, ICE solutions, and design paradigms. In particular, over the past decade computer-supported collaborative learning (CSCL) has become one of the most influential learning paradigms devoted to improving teaching and learning with the help of modern information and communication technology [1]. In order to support CSCL implementation, many learning management systems (LMSs) have appeared in the marketplace and the e-Learning stakeholders (ie, e-Learning designers and managers, tutors, and students) are increasingly demanding new requirements. Among these requirements, information security (IS) is a significant factor involved in CSCL processes deployed in LMSs, which determines the accurate development of CSCL activities. However, according to Weippl [2] and Eibl [3] CSCL services are usually designed and implemented without much consideration for security aspects.
The lack of security in e-Learning is also supported by practical and real attacks in ICE. As a matter of fact, recent attack reports [4, 5] have demonstrated a significant amount of real-life security attacks experienced by organizations and educational institutions. The CyberSecurity Watch Survey is a cooperative survey research conducted by leading companies and educational institutions [4]. This report reveals that security attacks are a reality for most organizations: 81% of respondents’ organizations have experienced a security event (ie, an adverse event that threatens some aspect of security).
Since LMS are software packages that integrate tools that support CSCL activities, technological vulnerabilities have to be considered. Recent security reports [4, 5] have shown how Web application servers and database management systems, which usually support LMS infrastructure, are deployed with security flaws. Dealing with more technological details related to LMSs, the Trustwave Global Security Report shows how Web application servers and database management systems are deployed with security vulnerabilities [5]. Moreover potential LMS attacks can be studied by analyzing their specific security vulnerabilities. For instance, in Moodle Security Announcements [6], 49 serious vulnerabilities were reported in 2013.
Regarding security in educational institutions in the scope of Spanish universities, the RedIRIS Computer Emergency Response Team is aimed at the early detection of security incidents affecting their affiliated institutions. As stated in [7], the total number of incidents received was 10,028 and this value represents an increase of 74.15% compared to the previous year. In the same context, in [8], the authors stated that only 17% of Spanish universities have adopted the application of the Spanish National Security Framework and only 18% of students use digital certificates. Although it might seem that these plans and initiatives are related to security in e-Learning, they are actually focused on secure e-Administration and management. In contrast, e-Learning security, which can determine these management processes, is not usually considered. For instance, a student who is able to obtain a course certificate following advanced security techniques, such as a digital signature, may find the same security level is not required when performing e-Assessment activities.
One of the key issues in IS is that security drawbacks cannot be solved with technology solutions alone [9]. To date, even the most advanced security technological solutions, such as public key infrastructure (PKI) have drawbacks that impede the development of complete and overall technological security frameworks. Even most advanced PKI solutions have vulnerabilities that impede the development of a highly secure framework. For this reason, this proposal suggests research into enhancing technological security models with functional approaches.
Among functional approaches, trustworthiness analysis, modeling, assessment, and prediction methods are suitable in the context of CSCL. Trustworthiness can be considered as a suitable functional factor in CSCL because most trustworthiness models are based on peer-to-peer (P2P) interactions [10, 11] and CSCL is closely related to students’ interaction. Although some trustworthiness methods have been proposed and investigated, these approaches have been little investigated in CSCL with the aim of enhancing security properties. Therefore this book proposes to conduct research on security in CSCL by enhancing technological security solutions with trustworthiness and through experimenting with methods, techniques, and trustworthiness models, to eventually arrange a trustworthiness methodology approach for collaborative e-Learning.
In addition to security applications based on trustworthiness, other CSCL enhancements related to pedagogical factors can also be considered. According to Hussain et al. [12] the existence of trust reduces the perception of risk, which in turn improves the behavior in the interaction and willingness to engage in the interaction. In the context of CSCL, interaction between students is one of the most relevant factors in learning performance. Therefore trustworthiness is directly related to CSCL and can enhance the performance of collaborative learning activities. In contrast, IS can encourage and endorse trustworthiness, but IS does not directly endow learning enhancement. Another significant difference between IS and trustworthiness, with respect to CSCL, is the dynamic nature of trustworthiness [13]. Student behavior is dynamic and it evolves during the CSCL process. While security is static regarding student behavior, trustworthiness also evolves and its assessment can be adapted to student and group behavior changes.
A CSCL activity is a general concept that can involve very different cases, actors, processes, requirements, and learning objectives in the complex context of e-Learning [14]. To alleviate this complexity we limit our application scope in specific CSCL activities, namely, we focus on online collaborative assessment (collaborative e-Assessment). General e-Assessment processes offer enormous opportunities to enhance the student learning experience, such as delivering on-demand tests, providing electronic marking, and immediate feedback on tests [15]. In higher education e-Assessment is typically employed to deliver formative tests to the students. In terms of reported unethical conduct occurring during online exam taking [16], an e-Assessment is an e-Exam with most of the common characteristics of virtual exams. In this book we endow collaborative e-Assessment activities with trustworthiness evaluation and prediction to enhance user security requirements.
The topics discussed so far are addressed to improve the security of CSCL activities with trustworthiness models. In addition to the considerations related to security, CSCL, and trustworthiness, we actually need to incorporate analysis and visualization of P2P systems into the security model so that tutors are presented with, and informed regarding, the results of P2P trustworthiness.
To sum up, the target of this research is an e-Learning system formed by collaborative activities developed in an LMS. The system has to provide security support to carry out these activities and to collect trustworthiness data generated by learning and collaboration processes. Both technological frameworks and online collaborative learning are in line with the e-Learning strategies developed in many educational institutions. In particular, our real e-Learning context of the UOC develops full online education based on collaborative learning activities. Following this institutional view, IS becomes an essential issue to be considered in order for distance universities to develop secure e-Assessment processes and activities on which grades, certificates, and many types of evaluation models may be dependent. The research presented in this book follows this direction and provides solid answers to the formulated research questions.
1.1 Objectives
The main challenge of the research presented in this book is to build an innovative trustworthiness methodological approach to enhance IS in online collaborative learning. To this end, we defined the following objectives:
• To define a security model based on IS properties and trustworthiness intended to analyze security in CSCL activities by considering specific security requirements.
• To build a comprehensive trustworthiness methodology offering a guideline for the design and management of CSCL activities based on trustworthiness. This objective is composed of two subobjectives:
• to build e-Assessment P2P activities based on the trustworthiness methodology proposed; and
• to propose P2P visualization methods to manage security events in e-Learning activities.
• To provide decision information in order to discover anomalous student behavior that compromises security through trustworthiness evaluation and prediction.
• To design secure CSCL activities based on trustworthiness approaches in terms of LMS components derived from the previous security model, methodologies and decision information on trustworthiness.
• To develop experimental pilots of the previous LMS components with the aim to validate the enhancement of IS in CSCL activities.
In addition to theoretical and design objectives, experimental activities were conducted in real online courses. In the real learning context of the Open University of Catalonia (Universitat Oberta de Catalunya [UOC]), the collaborative learning processes are an essential part of its pedagogical model. Since this paradigm is massively applied to support UOC courses, security requirements can be widely analyzed in this scenario. Therefore the theoretical models have to be tested, evaluated, and verified by experimental pilots incorporated as a part of several real courses of the university.
The above objectives have motivated research on security in online collaborative learning by enhancing technological security solutions based on trustworthiness. The ultimate aim is to build a solid trustworthiness methodology approach for CSCL devoted to offering secure collaborative e-Assessment for students, tutors, and managers.
1.2 Book Organization
This book is structured as follows. In Chapter 2 we provide an overview of the current developments in the domain of e-Learning, including online collaborative learning, P2P learning, and mobile collaborative systems and applications, which have security as a key requirement. Then, in Chapter 3, we explore trustworthiness and technological security approaches with the aim of establishing security requirements for e-Learning participants and designers. In the next chapter, Chapter 4, we take all the approaches described in the previous chapters one step further and investigate a holistic security approach for online collaborative learning and P2P learning based on an effective trustworthiness model. In Chapter 5 we focus on the issue of handling user trustworthiness information, which involves large amounts of ...