Skip to main content
Log in

Formal analysis and offline monitoring of electronic exams

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

More and more universities are moving toward electronic exams (in short e-exams). This migration exposes exams to additional threats, which may come from the use of the information and communication technology. In this paper, we identify and define several security properties for e-exam systems. Then, we show how to use these properties in two complementary approaches: model-checking and monitoring. We illustrate the validity of our definitions by analyzing a real e-exam used at the pharmacy faculty of University Grenoble Alpes (UGA ) to assess students. On the one hand, we instantiate our properties as queries for ProVerif, an automatic verifier of cryptographic protocols, and we use it to check our modeling of UGA exam specifications. ProVerif found some attacks. On the other hand, we express our properties as Quantified Event Automata (QEAs), and we synthesize them into monitors using MarQ , a Java tool designed to implement QEAs. Then, we use these monitors to verify real exam executions conducted by UGA. Our monitors found fraudulent students and discrepancies between the specifications of UGA exam and its implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15

Similar content being viewed by others

Notes

  1. www.side-sante.org.

  2. http://www.proctoru.com.

  3. https://github.com/selig/qea.

  4. https://github.com/selig/qea.

  5. See also http://rv2014.imag.fr/monitoring-competition/results.

References

  1. Abadi M, Blanchet B (2005) Analyzing security protocols with secrecy types and logic programs. J ACM 52(1):102–146

    Article  MathSciNet  MATH  Google Scholar 

  2. Abadi M, Blanchet B, Comon-Lundh H (2009) Models and proofs of protocol security: a progress report. In: Bouajjani A, Maler O (eds) Computer aided verification, 21st international conference, CAV 2009, Grenoble, France, June 26–July 2, 2009. Proceedings, vol 5643 of lecture notes in computer science. Springer, Berlin, pp 35–49

  3. Abadi M, Fournet C (2001) Mobile values, new names, and secure communication. In: Hankin C, Schmidt D (eds) Conference record of POPL 2001: the 28th ACM SIGPLAN-SIGACT symposium on principles of programming languages, London, UK, Jan 17–19, 2001, ACM, pp 104–115

  4. Allamigeon X, Blanchet B (2005) Reconstruction of attacks against cryptographic protocols. In: 18th IEEE Computer Security Foundations Workshop, (CSFW-18 2005), 20–22 June 2005, Aix-en-Provence, France, pp 140–154. IEEE Computer Society

  5. Arapinis M, Bursuc S, Ryan M (2012) Privacy supporting cloud computing: confichair, a case study. In: Degano P, Guttman JD (ed) Principles of security and trust-first international conference, POST 2012, held as part of the European joint conferences on theory and practice of software, ETAPS 2012, Tallinn, Estonia, March 24–April 1, 2012, proceedings, vol 7215 of lecture notes in computer science. Springer, Berlin, pp 89–108

  6. Armando A, Basin DA, Boichut Y, Chevalier Y, Compagna L, Cuéllar J, Drielsma PH, Héam P-C, Kouchnarenko O, Mantovani J, Mödersheim S, von Oheimb D, Rusinowitch M, Santiago J, Turuani M, Viganò L, Vigneron L (2005) The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami K, Rajamani SK (eds) Computer aided verification, 17th international conference, CAV 2005, Edinburgh, Scotland, UK, July 6–10, 2005, proceedings, vol 3576 of lecture notes in computer science. Springer, Berlin, pp 281–285

  7. Backes M, Hritcu C, Maffei M (2008) Automated verification of remote electronic voting protocols in the applied pi-calculus. In: Proceedings of the 2008 21st IEEE computer security foundations symposium, CSF ’08, Washington, DC, USA, 2008. IEEE Computer Society, pp 195–209

  8. Barringer H, Falcone Y, Havelund K, Reger G, Rydeheard DE, Quantified event automata: towards expressive and efficient runtime monitors. In: Giannakopoulou D, Dominique M [45], pp 68–84

  9. Bartocci E, Bonakdarpour B, Falcone Y (2014) First international competition on software for runtime verification. In: Bonakdarpour B, Smolka SA (ed) Runtime verification-5th international conference, RV 2014, Toronto, ON, Canada, Sept 22–25, 2014. Proceedings, vol 8734 of lecture notes in computer science. Springer, Berlin, pp 1–9

  10. Bartocci E, Falcone Y, Bonakdarpour B, Colombo C, Decker N, Havelund K, Joshi Y, Klaedtke F, Milewicz R, Reger G, Rosu G, Signoles J, Thoma D, Zalinescu E and Zhang Y (2017) First international competition on runtime verification: rules, benchmarks, tools, and final results of CRV 2014. Int J Softw Tools Technol Transf 19(2):1–40

  11. Bartocci E, Majumdar R (eds) (2015) Runtime verification—6th international conference, RV 2015 Vienna, Austria, Sept 22–25, 2015. Proceedings, vol 9333 of lecture notes in computer science. Springer, Berlin

  12. Basagiannis S, Katsaros P, Pombortsis A (2011) Synthesis of attack actions using model checking for the verification of security protocols. Secur Commun Netw 4(2):147–161

    Article  Google Scholar 

  13. Basagiannis S, Katsaros P, Pombortsis A (2007) Intrusion attack tactics for the model checking of e-commerce security guarantees. In: Saglietti F, Oster N (eds) Computer safety, reliability, and security, 26th international conference, SAFECOMP 2007, Nuremberg, Germany, Sept 18–21, 2007, vol 4680 of lecture notes in computer science. Springer, Berlin, pp 238–251

  14. Basin D, Caronni G, Ereth S, Harvan M, Klaedtke F, Mantel H (2014) Scalable offline monitoring. In: Bonakdarpour B, Smolka SA (ed) Runtime verification: 5th international conference, RV 2014, Toronto, ON, Canada, Sept 22–25, 2014. Proceedings, Cham, 2014. Springer, Berlin, pp. 31–47

  15. Bauer AK, Falcone Y (2012) Decentralised LTL monitoring. In: Giannakopoulou D, Méry D (eds) Proceedings of the FM 2012: formal methods–18th international symposium, Paris, France, August 27–31, 2012. Lecture notes in computer science, vol 7436. Springer, New York, pp 85–100

    Google Scholar 

  16. Bella G, Giustolisi R, Lenzini G, Ryan PYA (2015) A secure exam protocol without trusted parties. In: Federrath H, Gollmann D (eds) ICT systems security and privacy protection—30th IFIP TC 11 international conference, SEC 2015, Hamburg, Germany, May 26–28, 2015, Proceedings, vol 455 of IFIP Advances in Information and Communication Technology. Springer, Berlin, pp 495–509

  17. Blanchet B (2001) An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE workshop on computer security foundations, CSFW ’01, p 82, Washington, DC, USA, 2001. IEEE Computer Society

  18. Blanchet B (2002) From secrecy to authenticity in security protocols. In: Hermenegildo MV, Puebla G (eds) Static analysis, 9th international symposium, SAS 2002, Madrid, Spain, Sept 17–20, 2002, proceedings, vol 2477 of lecture notes in computer science. Springer, Berlin, pp 342–359

  19. Blanchet B (2013) Automatic verification of security protocols in the symbolic model: the verifier proverif. In: Aldini A, Lopez J, Martinelli F (eds) Foundations of security analysis and design VII—FOSAD 2012/2013 tutorial lectures, vol 8604 of Lecture Notes in Computer Science. Springer, Berlin, pp 54–87

  20. Blanchet B, Smyth B, Cheval V (2016) ProVerif 1.90: automatic cryptographic protocol verifier, user manual and tutorial, 2016. Originally appeared as Bruno B, Smyth B (2011) ProVerif 1.85: automatic cryptographic protocol verifier, user manual and tutorial

  21. Chadha R, Ciobâcă Ş, Kremer S (2012) Automated verification of equivalence properties of cryptographic protocols. In: Seidl H (ed) Programming languages and systems—21st European symposium on programming, ESOP 2012, held as part of the European joint conferences on theory and practice of software, ETAPS 2012, Tallinn, Estonia, March 24–April 1, 2012. Proceedings, vol 7211 of Lecture Notes in Computer Science. Springer, Berlin, pp 108–127

  22. Colombo C, Pace GJ (2013) Fast-forward runtime monitoring: an industrial case study. In: Qadeer S, Tasiran S (eds) Runtime verification: third international conference, RV 2012, Istanbul, Turkey, Sept 25–28, 2012, Revised Selected Papers. pp 214–228, Springer, Heidelberg

  23. Copeland L (2013) School cheating scandal shakes up atlanta. USA TODAY, April 2013. http://www.usatoday.com/story/news/nation/2013/04/13/atlanta-school-cheatring-race/2079327/

  24. Cortier V, Kremer S (2016) Formal models for analyzing security protocols: some lecture notes. In: Esparza J, Grumberg O, Sickert S. (eds) Dependable software systems engineering, vol 45 of NATO Science for Peace and Security Series D: Information and Communication Security. IOS Press, pp 33–58

  25. Cremers CJF (2008) The scyther tool: verification, falsification, and analysis of security protocols. In: Gupta A, Malik S (eds) Computer aided verification, 20th international conference, CAV 2008, Princeton, NJ, USA, July 7–14, 2008, proceedings, vol 5123 of lecture notes in computer science. Springer, Berlin, pp 414–418

  26. Cremers CJF (2008) Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In: Ning P, Syverson PF and Jha S (eds) Proceedings of the 2008 ACM conference on computer and communications security, CCS 2008, Alexandria, Virginia, USA, Oct 27–31, 2008. ACM, pp 119–128

  27. Cremers CJF, Lafourcade P, Nadeau P (2009) Comparing state spaces in automatic security protocol analysis. In: Cortier V, Kirchner C, Okada M, Sakurada H (eds) Formal to practical security—papers issued from the 2005–2008 French-Japanese collaboration, vol 5458 of lecture notes in computer science. Springer, Berlin, pp 70–94

  28. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2):198–208

    Article  MathSciNet  MATH  Google Scholar 

  29. Donzé A (2010) Breach, a toolbox for verification and parameter synthesis of hybrid systems. In: Touili T, Cook B, Jackson P (eds) Computer aided verification, 22nd international conference, CAV 2010, Edinburgh, UK, July 15–19, 2010. Proceedings, vol 6174 of lecture notes in computer science. Springer, Berlin, pp 167–170

  30. Dreier J, Giustolisi R, Kassem A, Lafourcade P, Lenzini G (2015) A framework for analyzing verifiability in traditional and electronic exams. In: Lopez J, Wu Y (eds) Information security practice and experience—11th international conference, ISPEC 2015, Beijing, China, May 5–8, 2015. Proceedings, vol 9065 of lecture notes in computer science. Springer, Berlin, pp 514–529

  31. Dreier J, Giustolisi R, Kassem A, Lafourcade P, Lenzini G, Ryan PYA (2014) Formal analysis of electronic exams. In: Obaidat MS, Holzinger A, Samarati P (eds) SECRYPT 2014—proceedings of the 11th international conference on security and cryptography, Vienna, Austria, 28–30 Aug, 2014. SciTePress, pp 101–112

  32. Dreier J, Giustolisi R, Kassem A, Lafourcade P, Lenzini G, Ryan PYA (2014) Formal security analysis of traditional and electronic exams. In: Obaidat MS, Holzinger A, Filipe J (eds) E-business and telecommunications—11th international joint conference, ICETE 2014, Vienna, Austria, Aug 28–30, 2014, Revised Selected Papers, vol 554 of Communications in Computer and Information Science, Springer, Berlin, pp 294–318

  33. Dreier J, Jonker H, Lafourcade P (2013) Defining verifiability in e-auction protocols. In: Chen K, Xie Q, Qiu W, Li N, Tzeng W-G (eds) 8th ACM symposium on information, computer and communications security, ASIA CCS ’13, Hangzhou, China—May 08–10, 2013, ACM, pp 547–552

  34. Dreier J, Kassem A, Lafourcade P (2015) Automated verification of e-cash protocols. In: E-business and telecommunications—12th international joint conference, ICETE 2015, Colmar, France, July 2022, 2015, Revised Selected Papers, pp 223–244

  35. Dreier J, Kassem A, Lafourcade P (2015) Formal analysis of e-cash protocols. In: Obaidat MS, Lorenz P, Samarati P (eds) SECRYPT 2015—proceedings of the 12th international conference on security and cryptography, Colmar, Alsace, France, 20–22 July, 2015. SciTePress, pp 65–75

  36. Falcone Y (2010) You should better enforce than verify. In: Barringer H, Falcone Y, Finkbeiner B, Havelund K, Lee I, Pace GJ, Rosu G, Sokolsky O, Tillmann N (eds) Runtime verification—first international conference, RV 2010, St. Julians, Malta, Nov 1–4, 2010. Proceedings, vol 6418 of lecture notes in computer science. Springer, Berlin, pp 89–105

  37. Falcone Y, Fernandez J-C, Jéron T, Marchand H, Mounier L (2012) More testable properties. STTT 14(4):407–437

    Article  Google Scholar 

  38. Falcone Y, Fernandez J-C, Mounier L (2012) What can you verify and enforce at runtime? STTT 14(3):349–382

    Article  Google Scholar 

  39. Falcone Y, Fernandez J-C, Mounier L (2009) Runtime verification of safety-progress properties. In: Bensalem S, Peled DA (eds) Runtime verification, 9th international workshop, RV 2009, Grenoble, France, June 26–28, 2009. Selected papers, vol 5779 of lecture notes in computer science. Springer, Berlin, pp 40–59

  40. Falcone Y, Havelund K, Reger G (2013) A tutorial on runtime verification. In: Broy M, Peled DA, Kalus G (eds) Engineering dependable software systems, vol 34 of NATO science for peace and security series, D: information and communication security. IOS Press, pp 141–175

  41. Falcone Y, Nickovic D, Reger G, Thoma D (2015) Second international competition on runtime verification CRV 2015. In: Bartocci E, Majumdar R [11], pp 405–422

  42. Figaro. Etudiants: les examens sur tablettes numériques appellés à se multiplier. Press release, Jan 2015. goo.gl/ahxQJD

  43. Foley SN, Jacob JL (1995) Specifying security for computer supported collaborative working. J Comput Secur 3(4):233–254

    Article  Google Scholar 

  44. Francalanza A, Aceto L, Ingólfsdóttir A, On verifying hennessy-milner logic with recursion at runtime. In: Bartocci E, Majumdar R [11], pp 71–86

  45. Giannakopoulou D, Dominique M (eds) (2012) FM 2012: formal methods—18th international symposium, Paris, France, Aug 27–31, 2012. Proceedings, vol 7436 of lecture notes in computer science. Springer, Berlin

  46. Havelund K (2015) Rule-based runtime verification revisited. Int J Softw Tools Technol Transf 17(2):143–170

    Article  Google Scholar 

  47. Havelund K, Goldberg A (2005) Verify your runs. In: Meyer B, Woodcock J (eds) Verified software: theories, tools, experiments, first IFIP TC 2/WG 2.3 conference, VSTTE 2005, Zurich, Switzerland, Oct 10–13, 2005, revised selected papers and discussions, vol 4171 of lecture notes in computer science. Springer, Berlin, pp 374–383

  48. Jin D, Meredith PON, Lee C, Rosu G (2012) Javamop: efficient parametric runtime monitoring framework. In: Glinz M, Murphy GC and Pezzè M (eds) 34th International conference on software engineering, ICSE 2012, June 2–9, 2012, Zurich, Switzerland. IEEE, pp 1427–1430

  49. Kassem A, Falcone Y, Lafourcade P (2015) Monitoring electronic exams. In: Bartocci E, Majumdar R (eds) Runtime verification—6th international conference, RV 2015 Vienna, Austria, Sept 22–25, 2015. Proceedings, vol 9333 of lecture notes in computer science. Springer, Berlin, pp 118–135

  50. Kassem A, Lafourcade P, Lakhnech Y (2014) Formal verification of e-reputation protocols. In: Cuppens F, García-Alfaro J, Heywood NZ, Fong PWL (eds) Foundations and practice of security—7th international symposium, FPS 2014, Montreal, QC, Canada, Nov 3–5, 2014. Revised selected papers, vol 8930 of lecture notes in computer science. Springer, Berlin, pp 247–261

  51. Katsaros P (2009) A roadmap to electronic payment transaction guarantees and a colored petri net model checking approach. Inf Softw Technol 51(2):235–257

    Article  MathSciNet  Google Scholar 

  52. Kim M, Kannan S, Lee I, Sokolsky O, Viswanathan M (2002) Computational analysis of run-time monitoring: fundamentals of java-mac. Electron Notes Theor Comput Sci 70(4):80–94

    Article  Google Scholar 

  53. Kremer S, Ryan M, Smyth B (2010) Election verifiability in electronic voting protocols. In: Gritzalis D, Preneel B, Theoharidou M (eds) Computer security – ESORICS 2010: 15th European symposium on research in computer security, Athens, Greece, Sept 20–22, 2010. Proceedings, Springer, Berlin, pp 389–404

  54. Lafourcade P, Puys M (2015) Performance evaluations of cryptographic protocols verification tools dealing with algebraic properties. In: García-Alfaro J, Kranakis E, Bonfante G (eds) Foundations and practice of security—8th international symposium, FPS 2015, Clermont-Ferrand, France, Oct 26–28, 2015, revised selected papers, vol 9482 of lecture notes in computer science. Springer, Berlin, pp 137–155

  55. Lafourcade P, Terrade V, Vigier S (2009) Comparison of cryptographic verification tools dealing with algebraic properties. In: Guttman J, Degano P (eds) Sixth international workshop on formal aspects in security and trust, (FAST’09). Eindhoven, Netherlands

  56. Leucker M, Schallhart C (2009) A brief account of runtime verification. J Log Algebr Program 78(5):293–303

    Article  MATH  Google Scholar 

  57. Meier S, Schmidt B, Cremers C, Basin DA (2013) The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina N, Veith H (eds) Computer aided verification—25th international conference, CAV 2013, Saint Petersburg, Russia, July 13–19, 2013. Proceedings, vol 8044 of lecture notes in computer science. Springer, Berlin, pp 696–701

  58. Navabpour S, Joshi Y, Wu CWW, Berkovich S, Medhat R, Bonakdarpour B, Fischmeister S (2013) Rithm: a tool for enabling time-triggered runtime verification for C programs. In: Meyer B, Baresi L, Mezini M (eds) Joint meeting of the european software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering, ESEC/FSE’13, Saint Petersburg, Russian Federation, Aug 18–26, 2013, ACM, pp 603–606

  59. Pnueli A, Zaks A (2006) PSL model checking and run-time verification via testers. In: Misra J, Nipkow T, Sekerinski E (eds) FM 2006: formal methods, 14th international symposium on formal methods, Hamilton, Canada, Aug 21–27, 2006, proceedings, vol 4085 of lecture notes in computer science, Springer, Berlin, pp 573–586

  60. Ray S (2010) Scalable techniques for formal verification. Springer, Berlin

    Book  MATH  Google Scholar 

  61. Reger G (2014) Automata based monitoring and mining of execution traces. Ph.D. thesis, University of Manchester

  62. Reger G, Cruz HC, Rydeheard D (2015) Marq: monitoring at runtime with QEA. In: Baier C, Tinelli C (eds) Tools and algorithms for the construction and analysis of systems: 21st international conference, TACAS 2015, held as part of the european joint conferences on theory and practice of software, ETAPS 2015, London, UK, April 11–18, 2015, proceedings. Springer, Berlin, pp 596–610

  63. Reger G, Hallé S, Falcone Y (2016) Third international competition on runtime verification—CRV 2016. In: Falcone Y, Sánchez C (eds) Runtime verification—16th international conference, RV 2016, Madrid, Spain, Sept 23–30, 2016, proceedings, vol 10012 of lecture notes in computer science. Springer, Berlin, pp 21–37

  64. Schmidt B, Meier S, Cremers CJF, Basin DA (2012) Automated analysis of Diffie–Hellman protocols and advanced security properties. In: Chong S (ed) 25th IEEE computer security foundations symposium, CSF 2012, Cambridge, MA, USA, June 25–27, 2012. IEEE, pp 78–94

  65. Watson R (2014) Student visa system fraud exposed in BBC investigation. http://www.bbc.com/news/uk-26024375

Download references

Acknowledgements

The authors would like to thank François Géronimi from THEIA, Daniel Pagonis from TIMC-IMAG, and Olivier Palombi from LJK for providing us with a description of e-exam software system, for sharing with us the logs of some real french e-exams, and for validating and discussing the properties presented in this paper. The authors also thank Giles Reger for providing us with help on using MARQ. Finally, we thank Jannik Dreier from LORIA for his help with ProVerif. This research was conducted with the support of the Digital trust Chair from the University of Auvergne Foundation. This article is based upon work from COST Action ARVI IC1402, supported by COST (European Cooperation in Science and Technology).

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Yliès Falcone.

Appendices

Appendix A: Auditing QEAs

For each property, we provide an auditing QEA except for Candidate Registration (which is given in Sect. 4) and Cheater Detection (which is auditing by itself). An auditing QEA reports some data in case of failure.

Fig. 16
figure 16

A QEA for Candidate Eligibility with Auditing

Candidate Eligibility with Auditing An auditing QEA that expresses Candidate Eligibility is depicted in Fig. 16. It collects in a set \( F \) all the candidates from which an answer is accepted without being registered to the exam.

Answer Authentication with Auditing An auditing QEA that expresses Answer Authentication is depicted in Fig. 17. It collects in a set \( F \) all the unsubmitted answers that are accepted together with the corresponding candidates and questions. Note that A in the QEA in Fig. 5 is a multi-set.

Fig. 17
figure 17

A QEA for Answer Authentication with Auditing

Fig. 18
figure 18

A QEA for answer singularity with auditing

Fig. 19
figure 19

A QEA for acceptance assurance with auditing

Fig. 20
figure 20

A QEA for questions ordering with auditing

Answer singularity with auditing

An auditing QEA that expresses Answer Singularity is depicted in Fig. 18. It collects in a set F all further answers (after the first one) that are accepted to the same question from the same candidates.

Fig. 21
figure 21

A QEA for Exam Availability with Auditing

Acceptance assurance with auditing An auditing QEA that expresses Acceptance Assurance is depicted in Fig. 19. It collects in a set \( F \) all candidates who submit an answer to a question but no answer from them is accepted for this question.

Questions ordering with auditing An auditing QEA that expresses Question Ordering is depicted in Fig. 20. It collects in a set \( F \) all candidates who get a higher-order question before their answer to the current question is accepted.

Exam Availability with Auditing An auditing QEA that expresses Exam Availability is depicted in Fig. 21. It collects in a global set \( F \) all the answers (together with the corresponding questions and candidates) that are accepted before the event \( start \) or after the event \( finish \).

Answer-score integrity with auditing An auditing QEA that expresses Answer-Score Integrity is depicted in Fig. 22. It collects in a set \( F \) all the triplets (qas) where \( corrAns (q,a,s)\) comes after the event \( start \).

Fig. 22
figure 22

QEA for answer-score integrity with auditing

Fig. 23
figure 23

A QEA for marking correctness with auditing

Marking correctness with auditing An auditing QEA that expresses Marking Correctness is depicted in Fig. 23. It collects in a global set \( F \) all the answers that are marked incorrectly. We relax the constraint stating that, for a question q, no event \( corrAns (q, a,b)\) can be emitted after the marking phase has started. More simply, an answer that is not declared as a correct answer yet is considered as a wrong answer.

Mark integrity An auditing QEA that expresses Mark Integrity is depicted in Fig. 24. It collects 1) in a set \( F_1 \) all the candidates who have their first assigned marked incorrectly, and 2) in a set \( F_2 \) all further marks assigned to the candidates regardless if they are correct or not.

Fig. 24
figure 24

A QEA for mark integrity with auditing

Appendix B: Flexible exam duration

We define another variant of Exam Availability that supports exam s with flexible starting and duration times, we call it Exam Availability with Flexibility. To define it, we extend the exam model defined in Sect. 3.2 with event \( begin(i,t) \), which is emitted when candidate \( i \) begins his examination phase, at time t. We also define a function \( dur(i) \) which specifies exam duration of candidate i and thus also his exam ending time.

Definition 14

(Exam Availability with Flexibility) Let \( dur(i) \) be the exam duration for candidate i. An exam run satisfies Exam Availability with Flexibility if

  • event \( begin (i,t_s)\) is preceded by event \( start(t) \); and

  • event \( accept (i,t)\) is preceded by event \( begin (i,t_b)\), and is followed by event \( finish(t) \) where \(t - t_b \leqslant dur(i) \).

A candidate can validate answers till the end of his allocated duration unless he exceeds the global ending time specified by event \( finish(t) \). Similarly to event \( start(t) \), event \( begin (i)\) has to occur only once per candidate.

We express Exam Availability with Flexibility in ProVerif using events \( begin(i,t) \) and \( end(i,t) \). The ProVerif queries are parameterized now with the candidate identity as follows:

  • query i:ID; event(accept(i)) ==> event(begin(i)).

  • query i:ID; event(end(i)) ==> event(begin(i)).

A verification QEA and an auditing QEA that express Exam Availability with Flexibility are depicted in Figs. 25 and 26, respectively. The auditing QEA collects in a set \( F \) all the candidates from which an answer is accepted outside the allowed duration.

Fig. 25
figure 25

A QEA for Exam Availability with Flexibility

Fig. 26
figure 26

A QEA for Exam Availability with Flexibility Auditing

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kassem, A., Falcone, Y. & Lafourcade, P. Formal analysis and offline monitoring of electronic exams. Form Methods Syst Des 51, 117–153 (2017). https://doi.org/10.1007/s10703-017-0280-0

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-017-0280-0

Keywords

Navigation