Review on Modelling and Verification of Secure Exams

IF 1.4 4区计算机科学 Q3 COMPUTER SCIENCE, SOFTWARE ENGINEERING

Formal Aspects of Computing Pub Date : 2022-06-30 DOI:10.1145/3545182

Diego Marmsoler

{"title":"Review on Modelling and Verification of Secure Exams","authors":"Diego Marmsoler","doi":"10.1145/3545182","DOIUrl":null,"url":null,"abstract":"Exams are an important way for assessing people’s skills and, as such, play a key role in establishing meritocracy in modern societies. To be effective, however, exams need to be fair and secure against tampering which is where Rosario Giustolisi’s book “Modelling and Verification of Secure Exams” [5] comes to a rescue. Over 133 pages, the book describes how to formalize and verify various types of exams. It is best suited for an audience with background in formal methods as well as security wanting to learn more about how formal methods can be used for the design and analysis of secure exam protocols. The book provides a nice overview of key elements of different types of exams, leading to a good understanding of exam protocols in general. To start with, the book introduces basic aspects of an exam, such as roles and principals, phases, and potential threats. In addition, different types of exams, such as traditional, computer-assisted, computer-based, internet-assisted, and internet-based, are identified and briefly discussed. The book even shows how to formally model an exam in the applied pi-calculus [1] as the concurrent execution of different types of processes, such as candidates, examiners, question committee, collector, and remaining authorities. Of particular interest are the various security requirements identified for exams and the way they are formalized. To this end, the book describes three types of security requirements: Authentication is formalized in terms of correspondence properties of the form “if a certain event happens then another event must have happened before”. Privacy requirements are formalized as special kind of bisimilarity requirements. To formalize verifiability requirements, the author first introduces an alternative definition of an exam (compared to the process algebraic one) based on basic set theory. Verifiability is then formulated as a predicate-logic formula over the model. Here, clarity is diminished by the fact that the book uses a mix of two different formalisms: while the applied","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":" ","pages":"1 - 3"},"PeriodicalIF":1.4000,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Formal Aspects of Computing","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3545182","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 0

Abstract

Exams are an important way for assessing people’s skills and, as such, play a key role in establishing meritocracy in modern societies. To be effective, however, exams need to be fair and secure against tampering which is where Rosario Giustolisi’s book “Modelling and Verification of Secure Exams” [5] comes to a rescue. Over 133 pages, the book describes how to formalize and verify various types of exams. It is best suited for an audience with background in formal methods as well as security wanting to learn more about how formal methods can be used for the design and analysis of secure exam protocols. The book provides a nice overview of key elements of different types of exams, leading to a good understanding of exam protocols in general. To start with, the book introduces basic aspects of an exam, such as roles and principals, phases, and potential threats. In addition, different types of exams, such as traditional, computer-assisted, computer-based, internet-assisted, and internet-based, are identified and briefly discussed. The book even shows how to formally model an exam in the applied pi-calculus [1] as the concurrent execution of different types of processes, such as candidates, examiners, question committee, collector, and remaining authorities. Of particular interest are the various security requirements identified for exams and the way they are formalized. To this end, the book describes three types of security requirements: Authentication is formalized in terms of correspondence properties of the form “if a certain event happens then another event must have happened before”. Privacy requirements are formalized as special kind of bisimilarity requirements. To formalize verifiability requirements, the author first introduces an alternative definition of an exam (compared to the process algebraic one) based on basic set theory. Verifiability is then formulated as a predicate-logic formula over the model. Here, clarity is diminished by the fact that the book uses a mix of two different formalisms: while the applied

查看原文本刊更多论文

安全考试的建模与验证研究综述

考试是评估人们技能的一种重要方式，因此在现代社会建立精英政治中发挥着关键作用。然而，为了有效，考试需要公平和安全，防止篡改，这正是Rosario Giustolisi的著作《安全考试的建模和验证》[5]所起的作用。这本书长达133页，描述了如何正式化和验证各种类型的考试。它最适合具有正式方法和安全背景的受众，他们希望了解更多关于如何使用正式方法来设计和分析安全考试协议的信息。这本书对不同类型的考试的关键要素进行了很好的概述，从而使人们对考试协议有了更好的理解。首先，本书介绍了考试的基本方面，如角色和原则、阶段和潜在威胁。此外，还确定并简要讨论了不同类型的考试，如传统的、计算机辅助的、基于计算机的、互联网辅助的和基于互联网的。这本书甚至展示了如何将应用圆周率演算[1]中的考试正式建模为不同类型的过程的并行执行，如考生、考官、问题委员会、收集者和剩余的权威机构。特别令人感兴趣的是为考试确定的各种安全要求以及它们的形式化方式。为此，本书描述了三种类型的安全要求：身份验证是根据表单的对应属性形式化的，“如果某个事件发生了，那么另一个事件必须在之前发生”。隐私要求被形式化为一种特殊的双重性要求。为了形式化可验证性要求，作者首先介绍了基于基本集合论的考试的另一种定义（与过程代数定义相比）。然后，可验证性被公式化为模型上的谓词逻辑公式。在这里，由于这本书混合使用了两种不同的形式主义，清晰度降低了：

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Formal Aspects of Computing 工程技术-计算机：软件工程

CiteScore

3.30

自引率

0.00%

发文量

审稿时长

>12 weeks

期刊介绍： This journal aims to publish contributions at the junction of theory and practice. The objective is to disseminate applicable research. Thus new theoretical contributions are welcome where they are motivated by potential application; applications of existing formalisms are of interest if they show something novel about the approach or application. In particular, the scope of Formal Aspects of Computing includes: well-founded notations for the description of systems; verifiable design methods; elucidation of fundamental computational concepts; approaches to fault-tolerant design; theorem-proving support; state-exploration tools; formal underpinning of widely used notations and methods; formal approaches to requirements analysis.