Data Integrity and Secure Design: Principles, Costs, and Logging

Name: mod01lec02 - Introduction to Computer Security - Part 2
Uploaded: 2026-03-27T08:05:56.207792+00:00
Duration: 30 min 43 s
Channel: NPTEL-NOC IITM
Description: Summary and key takeaways on mod01lec02 - Introduction to Computer Security - Part 2 — Summary, covering Data Integrity Integrity of data can be lost in

NPTEL-NOC IITM

Mar 27, 2026

•

30 min video

•

3 min read

YouTube video ID: dbxh-HR9mBw

Source: YouTube video by NPTEL-NOC IITM — Watch original video

PDF

Integrity of data can be lost in several ways. Natural phenomena such as hardware bit flips in storage devices or external interference during transmission may corrupt bits without any malicious intent. An adversary can also compromise integrity by intercepting data in transit and altering it before it reaches the intended recipient.

Protection mechanisms overlap with those used for confidentiality. Access controls limit who can read or modify data, while periodic backups provide a recoverable copy if corruption occurs. Checksums and error‑detection‑and‑correction codes add mathematical verification; a checksum function produces a unique output for a given input, so any change in the data yields a different checksum and signals tampering.

Metadata—including owner information, file size, access timestamps, and source IP addresses—must also be safeguarded because attackers may try to erase or forge these traces. As one speaker noted, “if there is any change in this data… by doing that I can actually detect the alterations in the input.”

Availability

Availability means that authorized users can access information or resources when needed. Real‑time services such as banking transactions or stock quotes depend on continuous availability; any delay can erode trust and undermine confidentiality and integrity.

Physical protection of servers, remote backups, and fault‑tolerant storage architectures such as RAID help maintain availability. RAID distributes data across multiple disks so that the failure of a single disk does not interrupt service. Remote backups store copies in a different geographic location, and regular synchronization keeps those copies up to date, ensuring that a local disaster does not cause prolonged downtime.

Cost of Security

Every security mechanism incurs a cost, whether in hardware, software, or staff time. Selecting mechanisms therefore requires a cost‑benefit analysis that treats security as an investment with a measurable return. Decision makers should ask:

What is the financial impact of losing data?
How costly is a breach of confidentiality for personal versus business data?
What are the consequences of system downtime or an active attack?
How much does it cost to staff and maintain security operations?

Reputation damage and direct financial loss often follow downtime, confidentiality breaches, or loss of data facilities. As one comment illustrated, “for protecting some data which is worth of 10 rupees I should not be investing a 100 rupees so that is simply not worth,” emphasizing the need to match security spend to the value of the protected asset.

Golden Principles of Secure System Design

Secure systems are built on a set of timeless design principles:

Economy of Mechanism – Simpler designs reduce the chance of user error and are easier to audit.
Fail‑Safe Defaults – Default configurations should be conservative, granting the minimal necessary access.
Complete Mediation – Every request to any object must be checked for proper authority; “any security mechanism… that system should be mediating this and control that action.”
Open Design – Security should not rely on secrecy of the algorithm; public scrutiny helps mature the system.
Separation of Privileges – Critical privileges are divided among multiple conditions or individuals to limit misuse.
Least Privilege – Applications and processes run with only the privileges required for their tasks; “the application that is running on the system should have the least privilege or the bare minimum privileges which is just sufficient to accomplish… that job.”
Psychological Acceptability – Interfaces must be intuitive for all users, not just the technically skilled, so security controls are used correctly.

Compromise Recording

Even the best‑designed systems can be breached. Recording who logged in, when, and from where creates an immutable audit trail that is vital for post‑mortem analysis. Such logs help establish what happened, who was responsible, and why, and they can serve as evidence in legal proceedings. Preserving log integrity—preventing any manipulation of the recorded data—is therefore a critical security task. As the speaker emphasized, “compromise recording… so that the post‑modem analysis can be taken done.”

Takeaways

Data integrity can be compromised by hardware errors, transmission interference, or active adversaries, and can be protected with access controls, backups, checksums, and error‑correction codes.
Availability ensures timely access to critical information, and is maintained through physical security, remote backups, and fault‑tolerant storage like RAID.
Security investments must be justified with a cost‑benefit analysis that weighs financial loss, reputational damage, and staffing costs against the value of the protected data.
The golden principles—economy of mechanism, fail‑safe defaults, complete mediation, open design, separation of privileges, least privilege, and psychological acceptability—guide the creation of resilient systems.
Compromise recording provides immutable logs that enable accurate post‑mortem analysis and can serve as legal evidence when a breach occurs.

Frequently Asked Questions

How do checksums detect data alteration?

A checksum function processes data to produce a unique output; any change in the data yields a different checksum, signaling tampering. By recalculating the checksum after transmission or storage, the system can compare it to the original value and detect alterations.

What does the economy of mechanism principle mean in secure design?

Economy of mechanism advises that security designs should be as simple as possible. Simpler mechanisms are easier to understand, audit, and maintain, reducing the likelihood of configuration errors and unintended vulnerabilities.

Who is NPTEL-NOC IITM on YouTube?

NPTEL-NOC IITM is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Data Integrity Checksum Tools Recommended

Checksum calculation is a method to detect alterations in data, which is crucial for maintaining data integrity. Tools that help calculate checksums would assist in verifying data hasn't been tampered with.

Amazon →

Error Detection Correction Codes Book

Error detection and correction codes are discussed as a mechanism to protect data during transmission and storage, ensuring its integrity. A book on this topic would provide in-depth knowledge.

Amazon →

Raid Redundant Array Storage

RAID systems are mentioned as a fault-tolerant mechanism to ensure data availability, even if a disk fails. This directly addresses the availability pillar of the CIA triad.

Amazon →

Remote Backup Storage Solutions

Remote backups are highlighted as a protection mechanism for data availability, ensuring data can be recovered in case of local disasters. This directly supports the availability aspect of information security.

Amazon →

Security System Design Principles Book

The video details several 'Golden Principles of Secure System Design' like least privilege and fail-safe defaults. A book on this subject would offer a comprehensive guide to implementing these principles.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

[Music]
so that's how you provide the
confidentiality so now next question is
how do we actually
provide the integrity of the data
so
how to provide integrity of the data is
the second
part of the
question but before that let's
understand how exactly integrity can be
compromised as i said in the beginning
there are natural phenomena within such
natural phenomena also sometimes
contribute to the compromise in the
integrity so here are two such examples
so let's say i have a database and i
have stored this data what is this data
0 1
0 1 0 in some either in a file or in a
database
in a table
and something happens to the disk so
this is an electromagnetic device
sometimes by external interference
some of the bits might get flipped and
then the data might be one of the bit if
it flips the third zero which is here if
it turned to one then you end up with
something else on the disk nobody
actually came and tampered with the data
but the the very nature in which that
device operates itself contributed to
such changes so these two happen
although
they might be very rare but in general
such changes are
possible in the
storage device also
so this is one way with which the
integrity of the
s can be
integrity of the data can be compromised
so the second thing is
if i transmit the data over the network
so here in this case let's say the 0 1 0
1 0 1 0 1 this sequence is transmitted
over the network
and by some external interference within
the network when the data is on transit
if some of the blitz gets
get clipped so you might receive
something else which is which you did
not send in the first place so the
received data might look something else
then this is called an erroneous
receive
then
how do we actually detect that so since
i transmitted something and i received
something else there is a compromise in
the integrity something happened in the
middle although this is a natural
phenomenon but still the integrity of
the data is compromised
so we do want to have protection against
such natural
changes either in storage or in during
the transmission
or an adversary sitting in the middle
which the
refer to the diagram that i showed in
the beginning
somebody see sitting in the middle and
then manipulating the data and sending
it to the
recipient so such kind of alterations
also again that also they also
compromise the integrity so we want to
have protection against them
so
as i said hardware bit clips are one way
to
with which the integrity of the data is
compromised
and someone rewriting sitting in the
middle rewriting the data uh
having access to the resources then
manipulating that can also contribute to
the compromise in the integrity you want
to have protection against them
so next question is how do we actually
understood the integrity is compromised
either by natural phenomenon or by some
malicious user sitting
having either access or sitting in the
middle of the transmission
so how do we actually protect them
so in some sense
the techniques that we saw for
protecting the confidentiality in the
previous
case by encrypting the data or by having
the right access control mechanisms
those techniques will also help to
prevent integrity compromises so if i
have the right access control it
it is supposed to block the unauthorized
access to the
resources the data so if that is then
then the chances that the that adversary
or melissa's user doing the
changes in the
data itself is minimized
so
in that sense the mechanisms for
confidential protection will also help
to
achieve the integrity of the data
in addition to that in addition to those
techniques which helps us to provide the
confidentiality something else can also
be taken which are these
i can take the first thing is i can take
the
periodic backup of the data so i have a
primary copy let's say maybe
let me call it as f and a backup copy of
that one is also taken maybe let's call
it this as f add so f hat is a backup
copy if f page compromised what i can do
i can take your fat and then restore
that data that is possible so in that
case
taking the the backup of the data
periodically helps so if i know come to
know that
integrity is compromised the file is
changed then i can actually detect that
and then restore the data
in that sense the taking backup helps
the second technique that you can employ
is taking calculating something called
as the checksum so checksum is
a mechanism so you can understand this
in this way so i have some
data let's maybe the
abc is my
data
i supply this to
a function so let's call that function
maybe
as h
so
by taking abc as input from the file up
it generates
and some piece of output so maybe
one
h y is the output that it generates so
this is called as
some something happens magic happens
inside this function it generates its
output mean because this
is called as the checksum so how does
the checksum help so this is
if there is any change in this data
let's say abc becomes the c is turned
into a d when i supply this data the
tampered data so
i will not be able to regenerate this
one h by whatever is there so by doing
that i can actually detect the
alterations in the input i know that the
checksum value earlier was 1 hy
but since the content of the file is
changed from abc2 to ebd so and then the
instead of 1 inch wide the checksum
value might now know maybe two white
something like this so in that case
so this is not same as the s1 so i'll be
able to detect the changes that has
happened either in the storage or during
the transmission
so
such functions are available so the
checksum calculation methods are
available so those techniques also we
can make use of and the third method is
something called error detection and the
correction codes so you anticipated to
remember in the previous slide
we saw
when i transmit the data
sometimes the bid without any adversary
sitting in the middle also by natural
phenomenon such changes do happen in the
network
so in order to these are
unavoidable so i anticipate such changes
do happen in the network what i do is i
put some kind of error correction
mechanism these error correction
mechanisms uh carry additional bits
during the transmission so i want to
transmit maybe three bits of the data
but i
put additional two bits of the data and
then transmit total
five bits so these two additional bits
will help me to recover the data at the
other end at the recipient so such a
correction code techniques are available
so particularly if you go for wireless
medium the
chances of such changes errors getting
introduced during the transmission is
very high so i can use such
robust
error correction core
methods to protect the integrity of the
trader during the transmission
so
sometimes it is not good enough to
take the backup of the data and provide
the checksum and all appropriate but
also
the
something called as the metadata
protecting the metadata is also
important so what are the metadata
metadata includes the who is the owner
of the file what is the size on the disk
what is the last time the
you some user has either read the
content or written the content
to that particular file
and
if it is remotely accessed from which
geographic location or which ip address
this can file has been accessed so
knowing such details will also help in
protecting the data or else if it is
compromised then who actually did that
in post-partum analysis such
will help so if let's say why
this is important so let's say if i am
the attacker and if i want to gain
illegitimate access i gain access to
some remote
computer i change a file and i know that
such metadata is also written so when
something when i change the file it will
also store i did change this profile at
so and so time
so such
it will leave my trace
on the target system on the target
computer i want to erase that as well so
say my what i can do if i
am an attacker i might want to go and
erase that data also some log
information that is put on the file on
the computer i want to erase that as
well so
in order to avoid such situations so if
you want to have such trace
mechanisms in place you also need to
protect the metadata of the eco
resources or the
so we studied looked into the
confidentiality and the integrity and
the third aspect is the availability as
i said
availability refers to the
timely availability of the information
or the resources
to the right set of people
and some particularly some piece of
information so for example the banking
transactions and the quotations of the
stocks
these
stock codes or real time
value so if there is a delay in some
milliseconds or microseconds then the
stock price might change
so in that situation or in general any
data that is stored if as long as i am
the legitimate user if i am able to
access it's fine
if i am not able to access it then
they i don't know what exactly happened
to the data so if the information is not
available then the other two aspects of
the security what are those
the confidentiality and the integrity i
am not sure about those things as well
so in that
sense availability of the data is very
important
so all the data which is should be
accessible to the legitimate users
so then the question is how do we
actually make the things available the
right information to the right set of
people
so one is
the thing is you can have kind of
physical protection so as i said the
the servers are the computers on which
the data itself is stored if that is if
somebody has got physical access to that
computer then
the availability might be in danger we
do want to avoid such situations
or by natural phenomenon some fire
hack erupts in in the room in which the
computer is stored
so such reason can also happen natural
so we do want to have protection again
mechanisms against such natural
as well so that the information is
available
so what you can do you can take the
backup of the data particularly let's
say the banking transaction details are
stored in the server
so if physical damage happened to the
building on which the servers are stored
then
if the servers in the process are also
damaged you lose the complete data so in
that case what you can do you can take
the backup data not necessarily this
backup is stored in the same place
as the
server the primary servers are stored
but in a remote
place and you try to synchronize the
data from primarily to
remote place maybe let's say
if the banking server the primary server
is in mumbai i might have a backups
in the
chennai and these two servers the
primary and the backup are synchronizing
on regular basis
uh the other thing that i can do is to
build some kind of fault tolerance
systems like the rate code disks so if
one disk fails the other disk can
come up and then the operations can
continue
so such kind of key mechanisms i can
have and then make sure that
this will help the information or the
data is available to the right set of
people at the right time
so
so far what we understood this
the
confidentiality integrity and
availability are three pillars of the
information security or the security we
do want to have these things in place
uh there are bunch of techniques that
help us to
maintain this maintain the
confidentiality and integrity and also
the availability both technical and
non-technical means
and then one you if
i have those many techniques so if i
want to have some kind of protection
every security mechanism with the for
example the confidentiality if i want to
encrypt the the data if i want to have
will redundant system fault tolerance
system they come with some cost because
i want to have remember that example if
the
server primary server is in mumbai and
the backup is in
chennai i need to have two servers so
this comes with the cost in fact every
security protection mechanism that you
can think of all of them come with some
sort of the cost so you need to make
some
kind of investment so in that case can i
make an informed decision so
what conduct the data i am protecting
and trying to protect and
what kind of the security mechanism that
i want to have so how much cost that
involves is it worth employing such kind
of security
mechanism for protecting this data so in
simple terms this is called return on
investment to protect some data which is
worth of 10 rupees i should not be
investing
a 100 rupees so that is simply not worth
so in that case to make an informed
decision you can need to ask some
questions what are the questions
so if i lose some data i have if i lose
the data what is the financial
implication that i am going to have so
keep the data going to the wrong hands
how much loss that i am probably likely
to incur
so if i have
if i have the knowledge of this then i
should be i'll be able to make a
decision it's a good decision to employ
what kind of security mechanism that i
should put in place
and
if the data that is getting compromised
if the confidentiality data
is compromised then
what is the danger how much going to the
if let's say
if i
store some data maybe
a photograph my personal photograph
stored on the computer and the other
thing is some kind of the
core business
the confidential value of a company
these two have a different kind of the
implications so the going the trade
secret of a company going to the wrong
hands or some personal data stored in a
personal computer going to the wrong
hands
may have different uh
implications so in that case you need to
ask this question
if this data is compromised how what is
the implication of that
that data
and the third question that you want to
ask is
if my system is under
threat under the attack
and if my system is going
is down
and if my server is down
then
what is the implication of that so go
think of this situation so if i want to
access some website maybe
railway booking website or i think so if
every time i try to log in or book a
ticket if the server is not accessible i
as a user would be frustrated
and
it also has an implication on the
reputation so
the
company is involved
so every time
if the legitimate user trying to access
if it is not available then it does not
carry a good image
so and the next question is
if
i want to have those three things
confidentiality integrity and
availability
and i assuming i make some choices uh
these are the kind of security
mechanisms that i want to have
and then those security mechanisms
in addition to the cost of procuring
them or installing them
there might be a requirement for stop to
manage those
systems so these stops also you need to
pay them so how much cost is involved in
paying these top members who maintain
those security systems is also another
question so over the long period of time
if large number of staffs are required
or highly skilled manpower is required
who are paid a large sum of the money
then
that is has implications on your runtime
or
during the maintenance time so we need
to ask the we need to be aware of this
as well
and then again the
reputation and damage and financial
implications so this is related to the
first three points
the downtime the competency loss and in
every time there is a loss in the data
or
in the facility your reputation is also
at stake so you need to worry about
the reputation of the organization which
is involved
so if i am aware of all these things
then i can make the right decisions of
what kind of the security mechanisms i
should be putting in place uh
so that the
confidentiality integrity and
availability of the data is maintained
so now
for
the we understood that confidential
integrity availability is important and
second thing there are some mechanisms
with which you can achieve these things
and then
we asked what kind of the costs are
involved
we ask some questions so that we can
make informed decisions so now if i am a
designer of a security system
how do i actually go about designing the
such secure systems so that is the next
question that we ask
so the there are some principles which
actually help us
to design the system security systems
uh these are called golden principles of
designing the security systems these are
not from the end users perspective but
the
designers who actually who develop the
secure applications for them these are
applicable
what are those the first will says
economy of mechanism
so meaning that any design choice so if
i am let's say developing a
encryption algorithm
and some application so that encryption
algorithm the usability of that
algorithm should be very detailed the
more simpler the design is the better it
is for the end user so if you think of
this situation if large number of
configurations are required let's say
the system to use 100 parameters need to
be
configured then
the
larger the number of configurations need
to make then the the larger the chance
that the end user does not do that job
perfectly even if one configuration
parameter is actually not done well then
that might have implication on the
security of the system
so in that case having the
security
which is actually simpler in design by
fundamental
principles
is very
helpful
and the second
golden rule is when i design a secure
system the default configuration should
be very conservative so meaning
so think of this
if
all of us have used web browsers web
browsers normally have this
configuration so which is that strict
security medium security or low security
and then
by default it might be opening you to
the strict security where the
the by default the tracking and user is
disabled
or some analysis application which you
download from the web is actually by
default quarantined it's not allowed to
log in
such whatever configuration when i
start to use a system
the default configuration should be very
conservative it should give very minimal
amount of access to the system
so
by that by having such safe
mechanic
mechanism configurations we can actually
protect the security of the system or
the resource
and the third principle says
complete mediation meaning
any security mechanism assuming i have
one security mechanism which is in place
uh
which is in charge of protecting the
system
that system
should we media completely in charge of
mediating the use of
between act as a mediator between the
user and the system so if the user
action is legitimate and if he is not
doing anything which is beyond his
permitted
or access level then only we should
provide the access to the user or permit
the user to do that action so that
system which is in charge of the
security should be mediating this and
control that action
and the fourth golden principle says
the security system that i am designing
should by nature should be open anything
that is open
anything which is made public
receives the public scrutiny over a
period of time many people might
scrutinize that application or the
system
and then it matures and it will also
help you to identify the bugs and also
fix it so
keeping the algorithm or mechanism
secret itself is not the best way to
design the mechanism so in that case
open design is
is helpful to achieve the
confidentiality integrity and the
availability
and the fifth golden rule says
suppression of the privileges should be
there if multiple users are there
accessing the system
these one user to another user if their
role changes these suppress separation
should be well defined who is allowed to
access what that should be very well
defined in the system
and the next golden rule says
any application the application that is
running on the system should have the
least privilege or
the bare minimum privileges which is
just sufficient to accomplish or do that
job
so
let's say i develop an application which
does not require a root access
in that case running that or providing
the access to the root access to that
application does not make
good sense so we should be
at the time of designing itself i should
be deciding
what is the
application that i am designing and what
kind of the access or privileges that
application requires you just provide
that bare minimum
amount of the access to that application
or the process or a program so that it
runs and it does its job
and if the application is used by
multiple
users
then
the sharing among the between the users
should also be at the minimum which is
just sufficient to do the
operation
so for example if you go back to the
railway ticket booking example that i
told in the previous case so if i am the
user if somebody else x is also the user
there is no reason why i should be
accessing person x certificates again so
in that case although i and x might be
using the same system
the
amount
between two users the sharing is excel
should not be there the
data the reservation data and other
details is not be said but there are
some information which is common to
maybe i
i and person x might be
looking for a booking on the same trend
then the availability of the seats on
that seat may be said between
given to me and as well so when i do the
booking so or the person next does the
booking then the updated information
should be coming to me so one seat less
than when the ticket is booked the
automatically the system should detect
one seat and then it should show the
updated
number of the seats to
either me or to the person x
and the next golden rule of secure
system design is
uh it says that the psychological
acceptability should be there meaning
uh if the by designer system and the
user interface that is there
by principle should be very intuitive to
you use so the user should not be thrown
with too much of information on the
screen or he should not be asked to
configure too many things select too
many things those are all very bad
choices
the minimal amount of the information
that you
show
and looking at the interface what the
user what action the user should take
that should be intuitive so
i think
not all users are tech savvy even
users who are
common users
who are not
engineers doctors will also be if they
are trying to access their system or to
access your application for them also it
should be accessible in an intuitive
fashion
after
these are all the golden principles even
if you follow all of these golden
principles and design secure systems
then also
sometimes your system might be
compromised
if assuming such compromises are there
if you are a system administrator who is
in charge of protecting those
systems then
at as a post for a post matter analysis
you must have some data or some way to
look into the what exactly happened to
your system who logged in what time when
from where so such information will be
there so if in order to have such
information so you should have a
mechanism for something called a
compromise recording these keeping the
log information in the system is also
required so that is also part of the
secure system design any system which is
actually secure
and should also have this compromise
recording also in place so that
the post modem analysis can be taken
done so certainly we can establish the
truth of who exactly did the
changes and why and when
such question can be answered even in
some cases if this can evidence can be
taken to the court and then the
culprits can be prosecuted
so
having the this information and
preserving this information
without manipulation this
is also an important aspect of the
secure system design
so in a nutshell if you follow all these
golden principles then you will be able
to design a system which is secure