Please use this identifier to cite or link to this item:
Title: GDPR Security and Confidentiality compliance in LMS’ a problem analysis and engineering solution proposal
Authors: Amo, D.
Alier, M.
García-Peñalvo, F. J.
Fonseca, D.
Casany, M. J.
Keywords: Learning analytics
data privacy
digital identity
data security management
learning management systems
Issue Date: 16-Oct-2019
Publisher: ACM
Citation: D. Amo, M. Alier, F. J. García-Peñalvo, D. Fonseca and M. J. Casany, "GDPR Security and Confidentiality compliance in LMS’ a problem analysis and engineering solution proposal," in TEEM’19 Proceedings of the Seventh International Conference on Technological Ecosystems for Enhancing Multiculturality (Leon, Spain, October 16th-18th, 2019), M. Á. Conde-González, F. J. Rodríguez-Sedano, C. Fernández-Llamas and F. J. García-Peñalvo, Eds. ICPS: ACM International Conference Proceedings Series, pp. 253-259, New York, NY, USA: ACM, 2019. doi: 10.1145/3362789.3362823.
Abstract: We have studied the main Learning Management Systems (LMSs) to comprehend how personal data is processed and stored. We found that all the users' personal information, activity, and logs are stored unencrypted on the server filesystem and databases. A user with access to such resources may have full access to all the personal information and meta-information stored. Therefore, the LMSs are very vulnerable to information leaks in front of targeted hacker attacks due to weak GDPR compliance. In this paper, we analyze this problem from a technical and operational perspective for the open-source market leader LMS Moodle, and we propose a solution and a prototype of implementation.
ISBN: 978-1-4503-7191-9
Appears in Collections:Publications

Files in This Item:
File Description SizeFormat 
Amo-post.pdfArticle509,49 kBAdobe PDFView/Open

Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.