Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications

Survey of Vulnerabilities and Mitigation Techniques for Mooc-Based Applications

Hossain Shahriar (Department of Information Technology, Kennesaw State University, Marietta, Georgia, USA), Hisham M. Haddad (Department of Computer Science, Kennesaw State University, Marietta, Georgia, USA), David Lebron (Department of Computer Science, Kennesaw State University, Marietta, Georgia, USA) and Rubana Lupu (Department of Information Technology, Kennesaw State University, Marietta, Georgia, USA)
Copyright: © 2016 |Pages: 18
DOI: 10.4018/IJSSE.2016100101
OnDemand PDF Download:
No Current Special Offers


Massive Open Online Courses (MOOCs) are commonly hosted as web servers for learners worldwide to access education and learning materials at low cost. Many of the well-known MOOCs have adopted open source software and database technologies and frequently operate within cloud environments. It is likely that the well-known software security vulnerabilities may manifest to MOOC-based applications. Unfortunately, few studies have identified a set of common vulnerabilities applicable to MOOC-based applications. This paper1 presents an exploratory study of potential security vulnerabilities and challenges for MOOC platforms, and it provide some guidelines and suggestions to mitigate these concerns. This study helps practitioners (educators and developers) to adopt MOOC applications while considering potential vulnerabilities and be prepared to deal with these risks.
Article Preview


Massive Open Online Courses (MOOCs) have gained popularity in higher education and currently thousands of learners worldwide rely on MOOC platforms (or applications) to access learning materials either free or at low cost (Emma and Pro, 2014). These MOOC applications come with features to capture sensitive information of the learners (e.g., birth dates, addresses) and offer analytics functionality so learners can monitor their performance and educators can improve learning experiences by mining data logged by these platforms.

Among several MOOC providers, currently, Coursera (2016), EdX (2016) and Udacity (2016) are the most popular. It is estimated that these three platforms currently account for over 15 million users. Earlier study indicates that over 7 million students in the United States alone have taken a minimum of one online course (Daries et al., 2014). This user base generates enormous amounts of logged data. The data contains valuable information regarding student-learning behaviors, student interactions, use of learning resources and other interests.

Researchers have already studied user behavior while accessing learning materials (Brinton et al., 2016; Lebron and Shahriar, 2015) such as mouse click pattern mining during video watching. Recent MOOCs research focuses on analyzing its logged data to improve the student learning experience through analytics (Coffrin et al., 2014; Guo et al., 2014), enhance technology support by performing data gathering for student performance and behavior analysis (Ruiz et al., 2014), or, in comparing MOOCs platforms in terms of their pedagogical framework and capabilities (Lebron et al., 2015). However, there is a lack of studies explaining possible security and privacy breaches when applying or adopting MOOCs platforms for students.

Recently, an analysis of student behavior based on 100 gigabytes (GB) of time-stamped log data for a specific MIT course was realized (Seaton et al., 2014). Protecting this data while enabling robust computations warrants specialized expertise and resources not readily available to a majority of application developers (Song et al., 2012). Much of this data is actively sought by private companies for commercial interests, which may lead to a violation of federal privacy laws (FERPA Act (Daries et al., 2014)). Promises not to release and carefully secure such data has been utterly ineffective, and of late, been laden with security breaches. These security breaches compound with the use of Cloud technologies.

We believe that security and privacy concerns are founded based on the basic building blocks (see Figure 1) of MOOCs that typically include web (browser, server application), database (both relational and non-relational), and cloud technology as the delivery platform. Thus, traditional software vulnerabilities (e.g., arbitrary code injection, session hijacking) are applicable for MOOC applications.

Figure 1.

MOOC building blocks: web, database and cloud technologies


Complete Article List

Search this Journal:
Open Access Articles: Forthcoming
Volume 8: 4 Issues (2017)
Volume 7: 4 Issues (2016)
Volume 6: 4 Issues (2015)
Volume 5: 4 Issues (2014)
Volume 4: 4 Issues (2013)
Volume 3: 4 Issues (2012)
Volume 2: 4 Issues (2011)
Volume 1: 4 Issues (2010)
View Complete Journal Contents Listing