Log in / Register
Home arrow Computer Science arrow The InfoSec Handbook
< Prev   CONTENTS   Next >

Correctness of the Inputs

Another important characteristic every application has to ensure and every software developer has to ensure is that the inputs are correct (i.e., accurate). Integrity of any database or data set depends upon the correctness of the inputs. The inputs have to be validated for accuracy. Some of the inputs can only vary between certain values. In applications like banking, medical devices, and aviation, accuracy of master data is critical.

Think of a situation where the cockpit navigation system of an airplane is guided by a map with wrong coordinates for an airport imagine what can go wrong!! Think of a ventilator medical device which senses the flow of oxygen wrongly (e.g., when the oxygen is being supplied slowly, the gauge is showing the oxygen as being pumped fast) and subsequent to this observation, the oxygen input is further reduced, imagine what can happen to a patient whose breathing is already impaired!! Think of a medical device which takes the unit of medication as grams instead of milligrams imagine what can go wrong if a patient is administered a drug which is required to be administered in milligrams instead of in grams! All these can lead to serious implications endangering lives.

All critical data needs to be validated to ensure that they are accurate. One of the ways to ensure the same is to have bound checks on the tolerance for accuracy, another way may be to re-verify or checking of the data through somebody else before the data is accepted. Exceptions have to be handled effectively. Tallying with the control totals is one of the mechanisms to ensure the accuracy. However, in this method there are possibilities of compensatory mistakes.

Inadequate input validation or bounds checking or checks with respect to acceptable values lead to errors related to accuracy or correctness of the inputs.

Completeness of Processing

Another important characteristic every application has to ensure and every software developer has to ensure is that the processing of the information is complete. Integrity of the database or data set also depends upon this. The processing has to be checked to ensure that it was complete. In applications like banking, medical devices, aviation and such other critical applications, this aspect can be well appreciated.

Take a banking example. You have initiated a transaction of transferring USD 2 million from one of your accounts in one bank to your other account in another bank. What if the processing ensures that USD 2 million is debited from your account from where you are transferring the amount and USD 2 million is not credited to your other account?

If the situation was the other way round, that is, my other account got credited with USD 2 million but my account which was to be debited did not get debited, I may be happy but what would happen to the bank? What if an X-ray taken does not show the portion of the bone which is cancerous? What if a brain scan shows the cancerous tissue with a displacement of only half an inch? Possibly, good tissue may be removed instead of the malicious tissue. Again, implications of such errors can be many.

Completeness of processing has to be checked by every critical application and confirmed. If the processing is partially complete, then the partially completed portion has to be reversed and the entire transaction has to be redone or the other portion has to be completed to ensure the integrity of the data. Comparison of earlier data, like the total interest paid for the last quarter when compared with this quarter, would indicate the possible mistake if for example the deposits have reduced and the rate of interests have reduced but the total interest paid for the quarter has increased!! Some of the issues related to completeness of issues can happen if you were in the middle of the processing and the system crashed or because electricity went off, the processing abruptly stopped as we did not have UPS backup.

In a transaction oriented system, the check on the completion of all parts of the transactions is critical to ensure the completeness of the processing.

Found a mistake? Please highlight the word and press Shift + Enter  
< Prev   CONTENTS   Next >
Business & Finance
Computer Science
Language & Literature
Political science