Abstract-The advancement of technology brings various changes to numerous
fields, including education. Online exam usages are increasing, since it brings
several benefits, including the possibility of automated grading. However,
online exam also brings new possibilities for a cheating exam taker to access
forbidden resources. Both manual and computer aided mechanisms to prevent
cheating are needed. After conducting preliminary research on cheating in
online exams and its detection and prevention, in this research, we present
virtualization methods for securing online exams from cheating attempts in an
exam client in real time. We analyzed and compared two virtualization methods,
which are hardware level virtualization and operating system level
virtualization, for implementing secure exam sandboxes. Based on our
experiments, hardware level virtualization is the optimal method. The result of
this research is a set of tools that can be used to enhance the existing
proctoring methods used for securing online exam. The benefits of our proposed
system are a better process isolation and low bandwidth usage. Keywords-online exam; virtualization; sandbox; process
isolation; process monitoring; Windows
INTRODUCTION
The advent of Web technologies
introduces a new dimension in examinations. Exams that were once held using pen
and paper are now done with the help of the computer and the internet. On one
side, this enables exam to be conducted remotely. Exam takers may not be
required to come to a designated place to take an exam. On the other side,
however, this also introduces new ways of cheating. An examinee may ask another
person to impersonate him/her for the exam, or use the Internet to access
resources for answers. Relevant control procedures are required to verify the
integrity of the online exam. We have analyzed the features/capabilities,
phases of the exam, and securing online exam from fraud/cheating attempts, as
part of our previous research [1]. A secure online exam, which puts a
student/exam taker in a restricted environment to prevent cheating, is
necessary for protecting the integrity of the exam. Our programming classes at
School of Electrical Engineering and Informatics, Institut Teknologi Bandung
(SEEI ITB) conducts online exam using an auto-grading system. The online exam
is conducted in a managed environment [2], conducted in a local environment. To
take an exam, the examinees are required to present themselves in his/her
designated room. Before entering the examination room, examinees are required
to show valid proof of identification to the proctors. Each room is equipped
with computers, which are sanitized before the exam. These computers are only
installed with exam-related software, checked and cleaned regularly for files
that may be used for seeking answers, can only access allowed directories, and
have their network configured so that they can only access the exam website and
cannot communicate with each other. These mechanisms are enforced and effective
in detecting and preventing cheating. However, these methods cannot be applied
on online exams in which the students are using their computers. For a large
class of 400 students, the online exam cannot be conducted in a single shift,
due to an inadequate number of available computers. On the other hand, it is
not possible to sanitize the students' own devices for the exam. Therefore,
during the exam, each student should only be allowed to access a virtual
machine that functions as a sanitized computer. Web-based software used for
conducting exams can be configured such that examinees can take the exam
remotely. Through a web browser, examinees can access the web browser via
self-provided computers/devices, which acts as the exam client. To prevent
cheating, examiners may inquire thirdparty remote proctoring services for aid,
in form of applications such as ProctorU [3] and RPNow [4]. These apps enable remote administration of the exam
clients. For example, the app can limit the process runing on the device, or
monitor inputs from the device. This exam environment can be defmed as a
managed environment [1], conducted remotely. Besides remote proctoring, other
methods for securing online exam has been researched and implemented, such as
shell sandbox [5] and group cryptography [6]. However, these methods do not offer
a fine level of isolation. The use of virtualization enables the possibility of
conducting the exam with a fmer level of control. Virtualization is one of the
possible methods to achieve a particular level of control to the underlying
resources of a system. In the operating system, a virtual machine, a software
layer that applies virtualization concept, enables a user to control access to
resources of an operating system, such as file system and networking. In an
exam environment, this gives proctors/administrators control over the exam
clients, which can be used to enhance the security of the exam. Therefore, it
may be possible to achieve the same level of control of a managed, local exam
environment, in a managed, remote exam environment. Even though the idea of
conducting online exam remotely is not relatively new [3, 4, 8], most of the
current implementation requires an exam environment equipped with a
high-bandwidth network. Such feature is not available in our current condition,
in which the throughput of our local network is not adequate for deployment of
applications that require
. RESUL
IS AND DISCUSSION
The first part of this section
analyzes and explains the experiment results of Section V. Later, the second
part compares and contrasts both types of virtualization methods. A. Results Based on
our experiments, hardware-level virtualization passes all test cases. It should
be highlighted, however, that the tests conducted may not reflect all possible
ways of detecting cheating on exams, since cheating, in general, may involve
methods beyond of the test cases used to test the abuse cases on IV.C (e.g.
using malicious program that can circumvent the security before the exam). For
the as level
virtualization, kerne132. dll hooks fail to detect accesses to the file system made by Command Prompt and
Windows Explorer, while ntdll. dll hooks successfully detect these accesses. One possible
explanation is that these programs do not reside on the Win32 subsystem since
this subsystem is commonly used by third-party applications. B. Comparing the virtualization methods
From the level of isolation
provided, hardware level virtualization provides better isolation compared to as level virtualization. The hypervisor
executes a separate kernel, on which isolated applications run on top of it.
Since by default the guest as and host as are isolated, no communication between these two OSes can
occur. From the ease of implementation aspect, hardware level virtualization is
better than as level
virtualization. Since the hypervisor used during the test, VirtualBox, can
emulate various x86 instructions, it is easier to use operating systems that
support x86 (e.g. Windows, Linux, *BSD). This enables the examiner in SEEI
ITB to match the virtual image with the computers currently in use during
exams. Moreover, VirtualBox is also cross-platform. This enables it to be used in
different OSes. In addition, VirtualBox
is stable and also provides its
users with well-written documents and flexibility of configurations. This is
contrasted by as level
virtualization, which is OS-specific. A different implementation of this type
of virtualization requires a different analysis of the file systemrelated
system calls used by the as. Furthermore,
as of this writing, the library used for implementing as level virtualization, EasyHook, is still
in beta version. Lack of documentation and stability issues may arise when
developing using this library. Besides, not all of Windows internal functions, especially functions of ntdll. dll, are welldocumented.
Therefore, from our experience, OS-level virtualization requires more effort in
implementation compared to hardware level virtualization. In addition, it
should be highlighted that usage of SEB also aids in isolating the hypervisor
from user-made customizations. SEB adds a protection to VirtualBox, since by
default, VirtualBox allows customization of the guest VM. Since SEB is not
available on Linux (as
of this writing, it is available only on Windows
and OS
X), a similar application should be
used when developing an exam client sandbox for Linux.
From the performance aspect, OS
level virtualization gains an advantage over hardware level virtualization. As
presented by [7, 16], OS-level virtualization causes less overhead compared to
the hardware level. This may be beneficial for online exams that use low-end
hardware. However, performance gain may result in reduced security, since from
a conceptual level, OS level virtualization only isolates the user spaces of
the applications. It cannot detect any cheating attempts that use a
modification of the host OS's kernel. Even though hardware level virtualization
is not fully safe from the same cheating method, such method requires more
effort to be implemented for the hardware level virtualization, since hardware
level virtualization uses a separate kernel to execute the applications.
CONCLUSION
This paper has presented two methods
of virtualization, which is used for securing online exam clients. Based on our
experiment, it can be concluded that hardware level virtualization is a better
solution for securing online exam client than OS-level virtualization. The
advantages include a better level of isolation and ease of implementation. In
order to implement a proper OS-level virtualization solution, further research
on the behavior of OS system calls is necessary. This research only covers
system calls related to file system access. Other system calls is beyond the
scope of this research. A proper OS-level virtualization solution would need to
implement hooks to these other system calls. In addition, development of
OS-level virtualization solutions, especially on Windows,
is an interesting topic for
research. One possible topic that can be explored is how to develop a toolkit
for creating a lightweight sandbox, that can be applied to any binary runtimes.
A particular interesting subject would be a toolkit for doing automated testing
of hooks, that can be used to test the correctness of hooks that modifies an
application from a set of test scenarios.