理解和应用安全概念-2.完整性

Integrity is the concept of protecting the reliability and correctness of data. Integrity protection prevents unauthorized alterations of data. Properly implemented integrity protection provides a means for authorized changes while protecting against intended and malicious unauthorized activities (such as viruses and intrusions) as well as mistakes made by authorized users (such as accidents or oversights). 

完整性是指保护数据的可靠性和正确性的概念。完整性保护可以防止对数据进行未经授权的更改。正确实施的完整性保护为授权的改变提供了一种手段，同时防止有意和恶意的非授权活动（如病毒和入侵）以及授权用户所犯的错误（如事故或疏忽）。

Integrity can be examined from three perspectives: 

• Preventing unauthorized subjects from making modifications

• Preventing authorized subjects from making unauthorized modifications, such as mistakes

• Maintaining the internal and external consistency of objects so that their data is a correct and true reflection of the real world and any relationship with any other object is valid, consistent, and verifiable

完整性可以从三个方面来考察。

• 防止未经授权的主体进行修改

• 防止授权主体进行未经授权的修改，如错误的修改

• 保持对象的内部和外部一致性，以便它们的数据是对现实世界的正确和真实的反映，与任何其他对象的任何关系都是有效、一致和可验证的

  
  

For integrity to be maintained on a system, controls must be in place to restrict access to data,objects, and resources. Maintaining and validating object integrity a cross storage, transport, and processing requires numerous variations of controls and oversight. 

为了维护系统的完整性，必须有控制措施来限制对数据、对象和资源的访问。在存储、运输和处理过程中保持和验证对象的完整性需要许多不同的控制和监督。

Numerous attacks focus on the violation of integrity. These include viruses, logic bombs, unauthorized access, errors in coding and applications,malicious modification,intentional replacement, and system backdoors. 

众多的攻击集中在对完整性的侵犯上。这些攻击包括病毒、逻辑炸弹、未经授权的访问、编码和应用程序中的错误、恶意修改、故意替换和系统后门。

Human error, oversight,or ineptitude accounts for many instances of unauthorized alteration of sensitive information. They can also occur because of an oversight in a security policy or a misconfigured security control. 

人为错误、疏忽或无能导致了许多未经授权改变敏感信息的情况发生。它们也可能因为安全政策的疏忽或安全控制的错误配置而发生。

Numerous countermeasures can ensure integrity against possible threats. These include strict access control, rigorous authentication procedures, intrusion detection systems, object/ data encryption,hash verifications (see Chapter 6, “Cryptography andSymmetric Key Algorithms,” and Chapter 7, “PKI and CryptographicApplications”), interface restrictions, input/ function checks, and extensivepersonnel training. 

众多的对策可以确保完整性，防止可能的威胁。这些措施包括严格的访问控制、严格的认证程序、入侵检测系统、对象/数据加密、哈希验证（见第6章 "密码学和对称密钥算法 "和第7章 "PKI和密码学应用"）、接口限制、输入/功能检查以及广泛的人员培训。

Confidentiality and integrity depend on each other. Without object integrity (in other words, the inability of an object to be modified without permission), confidentiality cannot be maintained. 

保密性和完整性是相互依赖的。如果没有对象的完整性（换句话说，一个对象在未经许可的情况下不能被修改），保密性就不能被维持。

Integrity is dependent on confidentiality and access control. Concepts, conditions, and aspects ofintegrity include the following: 

• Accuracy: Being correctand precise 

• Truthfulness: Being a truereflection of reality

• Validity: Being factually or logically sound

• Accountability: Being responsible or obligated for actions and results

• Responsibility: Being incharge or having control over something or someone

• Completeness: Having all necessary components or parts

• Comprehensiveness: Being complete in scope; the full inclusion of all needed elements

完整性依赖于保密性和访问控制。完整性的概念、条件和方面包括以下内容。

• 准确：正确和精确

• 真实性: 真实地反映现实

• 有效性:在事实或逻辑上是合理的

• 责任性:对行动和结果负责或有义务

• 责任:掌管或控制某事或某人

• 完备性:拥有所有必要的组件或部分

• 全面性:在范围上是完整的；完全包括了所有需要的元素

小结

完整性是保护数据可靠性和正确性的概念。完整性保护措施防止了未授权的数据更改。

• 完整性：客体必须保持自身的正确性，只能由被授权的主体进行修改。维护完整性意味着客体本身不会被改变或篡改。

• 维护完整性的措施：对数据、客体和资源的访问进行适当控制。使用活动日志记录，保证只有经过授权的用户方可访问。

• 严密的身份认证过程

• 入侵检测系统

• 对客体/数据进行加密

• 散列（数据完整性）

• 配置管理（系统完整性）

• 变更管理（进程完整性）

• 严格的访问控制（物理和技术的）

• 传输冗余校验（Cyclic Redundancy Check，CRC）功能

• 破坏完整性的因素：

• 病毒

• 逻辑炸弹

• 未授权访问

• 编码和应用程序中的错误

• 恶意修改

• 有企图的替换

• 系统后门

原文始发于微信公众号（网络安全等保测评）：理解和应用安全概念-2.完整性