IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [integrity]

Integrity is the property of preventing unauthorized modifications of an asset. In other words, integrity protects against the threat of tampering. It is one of the three key security properties of an asset, along with confidentiality and availability.

Integrity is the property of an asset that states that it remains intact. In other words, it requires that only authorized parties are able to modify the data. It is one of the three elements in the classic CIA triad of security properties, alongside and .

Typical measures to enforce integrity include physical protection (e.g. keeping papers in a locked safe, or writing to read-only media). Cryptography can help maintain integrity; in particular, to verify the integrity of some data, it is enough to compare its against a known value (the hash must still be obtained reliably).

307 questions
4
votes
1 answer

In the Clark Wilson models, why can't the TPs be executed in parallel?

I am studying the Clark-Wilson model, I can't exactly understand why the TPs must be executed in serial, is there a way to execute them in parallel? What would happen if I did execute them in parallel? Thanks a lot -- AscaL
AscaL
  • 163
  • 1
  • 1
  • 6
4
votes
3 answers

Why are handheld tape recorders used?

Pardon me for doing the following as I know it is cringed upon (the tv reference) but: Is there any good reason for the usage of 'tape' recorders? Ex. taping a conversation between criminals, this is done digitally nowadays and the signal can be…
Eiyrioü von Kauyf
  • 141
  • 3
4
votes
2 answers

Effective File Integrity Monitoring (FIM)

I have hundreds of windows servers in my environment that I need to monitor using FIM. I am afraid that after every patch (each patch might affect and change the hash of hundreds of sensitive files) I will get tens of thousands of false positive…
BokerTov
  • 539
  • 4
  • 11
4
votes
3 answers

integrity and consistency

This confuses me sometimes, I just need to know what is meant by integrity and consistency just in simple terms or in computer security. will it be wrong to say:- someone who gain an unauthorised access to a computer and then modify files is…
Siduduzo Godfrey Manqele
  • 180
  • 1
  • 7
2
votes
1 answer

For intrusion detection, tripwire, using crypto hash integrity checking - what can be expected?

Intrusion detection using something like Tripwire that conducts integrity checks through crypto'ed hash functions of files requires a scan and to hash the file and save this for later comparison. This process takes time so what files can we expect…
Jesse
  • 123
  • 3
2
votes
1 answer

is it possible to checksum a set of R scripts to ensure code integrity?

This question was inspired to a degree by How secure is R and RStudio? It had a very reasonable answer and looking at the possibilities I thought a small system of R scripts (about 10 scripts) would be reasonably safe if we are reasonably sure that…
r0berts
  • 135
  • 5
2
votes
1 answer

what is the appropriate data integrity check control for the data at rest?

An application does encrypt the data using a secrete key before the data is being written to the database to prevent the disclosure attack. However how do we verify the integrity of such data when application retrieve data from database and decrypt…
user1493834
  • 177
  • 1
  • 10
2
votes
2 answers

Ideas for storing documents and hash values

Scenario is I received documents as a PDF along with an MD5 hash. Problem is how do I store these? Thought is to store the document and MD5 separately so that anyone with access to the document does not also have access to MD5 file? I need to ensure…
Cooper Strong
  • 21
  • 1
2
votes
1 answer

If a message can be repeated, is that confidentiality, availability, or integrity?

In my security course at university, we covered three components of network security, which were confidentiality, availability, or integrity. I'm putting together a presentation based around these 3 components, but my recollection of the course is…
azoundria
  • 753
  • 2
  • 5
  • 7
1
vote
1 answer

Best way to ensure integrity of encrypted data which is kept in a public place

I need to keep sensitive data in a de fact public place (i.e. with a user, e.g. in a cookie) and only there (no copy or hash of that data should be kept on the server). The data was encrypted AES/CBC and the private AES key is kept secret on the…
robert
  • 113
  • 3
1
vote
2 answers

Does Google ensure that a packaged app is not tampered with?

I'm wondering if a chrome app I upload to the Chrome Webstore could potentially be manipulated (even by Google itself) without users downloading the app noticing it. I just downloaded a packaged app to check if I can inspect its source code but it…
Nico
  • 111
  • 2
1
vote
2 answers

Hashing a hard drive before shutdown

Problem: Currently have no way to verify integrity of my offline encrypted system. I would like to ensure the system hasn't been physically tampered with while I've been away from it. (To clarify:while I am aware that the system cannot be modified…
Jay Holister
  • 317
  • 3
  • 8
1
vote
2 answers

Purpose of integrity checking in installers

There are many programs available (like NSIS) that generate installers from a collection of files. One thing that I have noticed is, the installers produced by these programs have some kind of integrity checking built into them. For a moment I…
user22260
1
vote
2 answers

How reliable is rpm --verify when auditing package integrity and what alternatives are there?

Currently to verify package integrity, the command rpm --verify is run. In reading the rpm manual (http://ftp.rpm.org/max-rpm/s1-rpm-verify-output.html), there is no indication as to the veracity of the verification process. It is my understanding…
Motivated
  • 1,523
  • 1
  • 15
  • 30
1
vote
1 answer

What probability of injecting invalid data is considered safe?

I encrypt some sensitive data with AES128 and I use custom method (encrypted CRC) for providing data integrity. I have calculated the probability of successful injection of invalid data that equals 4.54e-13. It means that if an attacker injects one…
Al Bundy
  • 119
  • 4
1
2