TY - GEN
T1 - GDPR security and confidentiality compliance in LMS' a problem analysis and engineering solution proposal
AU - Amo, Daniel
AU - Alier, Marc
AU - García-Pẽalvo, Francisco José
AU - Fonseca, David
AU - Casany, María José
N1 - Publisher Copyright:
© 2019 ACM.
PY - 2019/10/16
Y1 - 2019/10/16
N2 - We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have full access to all the personal information and meta-information stored. Therefore, the LMSs are very vulnerable to information leaks in front of targeted hacker attacks due to weak GDPR compliance. In this paper, we analyze this problem from a technical and operational perspective for the open-source market leader LMS Moodle, and we propose a solution and a prototype of implementation.
AB - We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have full access to all the personal information and meta-information stored. Therefore, the LMSs are very vulnerable to information leaks in front of targeted hacker attacks due to weak GDPR compliance. In this paper, we analyze this problem from a technical and operational perspective for the open-source market leader LMS Moodle, and we propose a solution and a prototype of implementation.
KW - Confidentiality
KW - Data privacy
KW - Data security management
KW - Digital identity
KW - GDPR
KW - Learning analytics
KW - Learning management systems
UR - http://www.scopus.com/inward/record.url?scp=85075441469&partnerID=8YFLogxK
U2 - 10.1145/3362789.3362823
DO - 10.1145/3362789.3362823
M3 - Conference contribution
AN - SCOPUS:85075441469
T3 - ACM International Conference Proceeding Series
SP - 253
EP - 259
BT - Proceedings - TEEM 2019
A2 - Conde-Gonzalez, Miguel Angel
A2 - Rodriguez-Sedano, Francisco Jesus
A2 - Fernandez-Llamas, Camino
A2 - Garcia-Penalvo, Francisco Jose
PB - Association for Computing Machinery
T2 - 7th International Conference on Technological Ecosystems for Enhancing Multiculturality, TEEM 2019
Y2 - 16 October 2019 through 18 October 2019
ER -