At the end of each semester, Management Information Technology and Systems Office (MITS) receives requests from various schools for arranging exams in the computer labs. To meet the exam requirements, the necessary software and tools are usually installed in advance, with certain network access restriction implemented, and technical support provided by MITS engineers on-site during the exam weeks. However, in some cases, making modifications at the network level may adversely affect regular user access, posing significant risks. Additionally, the process of individually configuring policies for each lab is complex. How to impose restrictions from the host end to meet exam requirements is a challenge we were facing.
To address these pain points, MITS experimented with the use of Safe Exam Browser (SEB) in this semester's final exams. This browser allows configuring parameters such as permitted applications and network environment to ensure a secure exam environment for students in the lab rooms.

 

 

 

In the first semester of AY23/24, MITS received requirements from the School of Advanced Technology regarding the final exam for the CPT111 Java Programming course in the computer labs. This exam involved approximately 500 students taking the exam simultaneously in six labs. The exam necessitated restricting only access to the Learning Mall (XJTLU Learning Management Platform) at core.xjtlu.edu.cn, blocking external internet access, and prohibiting access to internal addresses such as XJTLU AI (Junmou), email systems, and Box (XJTLU file cloud storage platform) to prevent academic misconduct by students during the exam. In the past, most of the requests received by MITS were to disconnect external internet connections during exams, which was relatively straightforward to implement at the network level. However, for this exam, access to the Learning Mall was needed, which is hosted on an external server. Configuring network policies separately would not only be cumbersome but also potentially pose unknown risks.

 

 

First, we attempted to set policies on the core network devices to restricting candidates from accessing XIPU AI, email systems, and Box. However, due to the complexity of access control policy settings, we found that this method caused disruptions to regular user access and slow loading of Core after testing. After internal discussions, it was determined that this approach could not fully meet the exam requirements.

 

Subsequently, after studying and researching, we opted for the currently open-source tool, Safe Exam Browser. After deploying it in the labs, extensive testing was conducted in collaboration with Erick, the module leader for CPT111, to ensure that all functions met the exam requirements.

 

 

SEB locks the computer into kiosk mode and runs in a web browser window without navigation elements, preventing users from switching to other applications or accidentally exiting. This allows SEB to facilitate secure exams on the lab computers or students' own laptops in lab environments.

 

SEB can be used with other third-party applications during exams. Candidates can download and open files linked in online exams, edit them in third-party applications, and then upload the results to the exam systems, such as the answer submission page on Learning Mall.

 

SEB uses encrypted .seb settings files, enabling separate configurations for each exam and supporting customization of disable shortcuts, right-click menus, etc.

 

 

 

The homepage is set to Learning Mall Core, and students can double-click to open this file to directly access LM during the exam.

 

 

During the exam, students can only access the SSO page for login and the Learning Mall Core (internal learning management platform) for the exam. If they attempt to click on external hyperlinks, the following message will pop up: 

 

This function restricts students from accessing irrelevant links during the exam, such as XIPU AI, BOX, Online Email, etc.

 

 

Using this menu to set the third-party applications and processes that are allowed to run during the exam. The permitted applications are displayed in the application selector.

 

Other settings, such as shortcut key settings, download settings, etc., are kept at their default configurations.

 

 

In the practical application of SEB, students are required to manually download and open the configuration file when entering the exam. Not only is this operation cumbersome, but it also increases the probability of errors. In future exams, it may be considered to integrate deeper support for SEB within Learning Mall. A "Enter Exam with SEB" hyperlink could be directly generated on the exam menu page. This approach would reduce the difficulty of operation, as well as ensure that students use the correct SEB configuration.

 

 

In future exams, the Browser Exam Key feature can be used to restrict students, ensuring they use the correct configuration for the exam. Each SEB configuration has a unique key, which remains unchanged after configuration. By pasting this random key into the "exam" settings on Learning Mall, the exam link will be restricted to only open with the .seb configuration specified by the exam. Attempting to access the exam link with other .seb configurations will result in an error, preventing students from using unauthorized configurations during the exam. 

 

This semester, MITS successfully met the requirements for secure exams in the computer labs for the CPT111 course by leveraging the SEB tool. The technical solution and security measures of restricting network access for different exam requirements has been validated and can be used to support various similar on-campus final exams.
In the future, MITS will engage in closer communication and collaboration with the academic affairs office and Learning Mall to provide more secure and stable exam support for various schools.

 

1.    https://safeexambrowser.org/windows/win_usermanual_en.html#introduction
2.    https://docs.moodle.org/28/en/Safe_exam_browser