Integrity: What You See Is What You Get

Integrity is the second fundamental principle of software security. Integrity is about ensuring that data is trustworthy. To be trustworthy, the data must be accurate and complete. There is a this notion that type of application matters when it comes to data integrity. The truth is, it doesn’t matter. All systems need to be ensure data is accurate and complete.

A lack of integrity at the educational software package could lead to: a teacher grades a project submitted by the student which doesn’t have the latest version, a student’s grades get updated with the wrong grade, or when collaborating on a project a group of students work is not saved and they are unaware. This isn’t to say that data has to be “instantly” accurate and correct. In a distributed system there will almost always be “eventual consistency”. That is to say, there will be time where data is propagating through out the system. For instance, if you look at a bank account, the transaction time for one back to confirm the funds are available at another bank and transfer the funds will take some time. How long will depend on the implementation.

Ensuring integrity in software security can be challenging due to the why data can be corrupted. Data can be corrupted due to system errors, unauthorized modification, and data tampering. data validation and error checking, and regularly auditing and monitoring systems, software developers and security professionals can help ensure the integrity of data and protect against data corruption, unauthorized modification, and other forms of tampering.

Integrity requires a system that relies on confidentiality controls as well as strong error handling, proper data handling (for example: data backups/restore, event processing), and digital signatures. Each of the confidentiality methods (authentication, authorization, data access, data hiding) limit who can access the data. By limiting the access to the data, there’s a lower number of ways the data can be corrupted. Error handling ensures data is reverted back to a clean state when an error occurs when the system is executing some process. Ensuring data is handled properly limits where complicated systems can lead to unintentionally inconsistent data. If a system errors out and there is poor error handling, the state of the data will be uncertain and may or may not be valid. Digital signatures provide a mechanism for ensuring that the person sending the data is the one who actually sent the data. The technical implementation of digital signatures will occur later.

Here is how the strategies improve the integrity of the our learning platform:

Confidentiality: Only those assigned to work on a given piece of work are able to edit it and only the teacher can review and grade it when the time is appropriate. These permissions limit the possibility of someone accessing the files who should not and altering it in a way they are not supposed to.

System Processing: Here is a hypothetical process for submitting an assignment for grading. First, the work is locked for edit. Next, a notification is set to the teacher that the student has submitted the assignment. Followed by allowing the teacher to review and grade. Lastly, the student receives a notification that the teacher has opened it for grading. It is important that the system is able to track the steps of the process and the current steps. Failing to do so could result in notifications being missed. It is also important that the transition from being worked on to being ready for grade is maintained. Allowing a teacher to grade a paper that hasn’t been submitted is a recipe for disaster and mistrust of the system.

Error Handling: During the work submission process a notification is unable to be sent to the teacher. The system could keep the state with the submission being locked and not send the notification. This would of course, only responded to if either the teacher or the student followed up with the other about the submission. The system could continue to retry and may or may not have success. Or the system could unlock the assignment and log a note against the assignment that the submission process failed and why.

Digital Signatures: A digital signature in the educational software could be used in the case of submitting collaboration results in the same file. By submitting signatures for the individual components (even if merged), each student is proving the submitted the work and it has not been tampered with.

A final thought on the integrity of system. It is a said that a system with high integrity is one provides non-repudiation. That is, the system knows who logged in, what actions they took, and what data they produced. This is imperative when it comes to digital forensics and legal processes. If a system is unable to show with certainty who took what action, the system is not a trustworthy source at the highest levels. This doesn’t mean it is not a worthwhile system. It just means that it won’t hold up under investigations.

In order to be a usable system, the system must remain available when needed.

Posted in Security and tagged .