Integrity Layer

Features Built for
Modern Exam Security

Real capabilities, no marketing fluff. Here's exactly what Integrity Layer does.

Security Detection

Catch modern cheaters with multi-layer threat detection

4-Layer VM Detection
Confidence Scoring

Detects if students are running the browser in a virtual machine to bypass restrictions:

  • System virtual flag (+2 pts - Strong)
  • Hardware signatures (VMware, VirtualBox, QEMU) (+2 pts - Strong)
  • BIOS vendor signatures (+1 pt - Medium)
  • Virtual GPU detection (+1 pt - Medium)
  • • Virtual NICs (info only - too many false positives)

Threshold: 2 points = VM detected

12-Point Hardware Fingerprinting
FERPA Compliant

Creates unique SHA-256 hash from hardware to track devices:

  • • System manufacturer, model, UUID, SKU
  • • BIOS vendor, version, release date
  • • CPU manufacturer, brand, cores
  • • Graphics controllers
  • • Memory size, type, clock speed
  • • Display resolution, scale factor
  • • Audio devices
  • • OS platform, distribution, architecture

Privacy: Only SHA-256 hashes stored, never raw data

Automation Detection
Pattern Analysis

Identifies automation tools through behavioral analysis (Karabiner, Keyboard Maestro, AutoHotkey):

  • Key hold patterns: Statistical analysis of last 20 key holds (flags stddev < 150ms)
  • Trackpad patterns: Mouse/trackpad timing consistency detection
  • Input rate monitoring: Alerts on >500 inputs per minute
  • Process scanning: Identifies known automation tools in background

Threat Score: 40 points for automation tool detection, 35 points for pattern matches

Intelligent Threat Scoring
Time-Decay Algorithm

Dynamic threat scoring with exponential time-decay (5-minute half-life):

  • Low: 0-19 points (clean session)
  • Medium: 20-49 points (monitor actively)
  • High: 50-99 points (intervention recommended)
  • Critical: 100+ points (immediate review required)

Example scoring: VM detection (+50), screenshot tool (+30), automation pattern (+35 base +40 bonus)

Scores decay exponentially over time—recent events weighted more heavily than historical behavior

60+ Blocked Shortcuts
OS-Level Blocking

Global shortcut blocking at OS level:

  • Developer tools: F12, Cmd+Opt+I, Cmd+Shift+I
  • Screenshots: Cmd+Shift+3/4/5, Print Screen
  • App switching: Cmd+Tab, Alt+Tab
  • Launchers: Cmd+Space (Spotlight, Alfred, GPT)
  • Window controls: Cmd+W, Cmd+H, Alt+F4

Copy/paste logged but not blocked (exams may need paste)

VPN & Proxy Detection
GeoIP Tracking

Detects students using VPNs to mask location:

  • • Network interface analysis (detects virtual adapters)
  • • Process detection (OpenVPN, NordVPN, etc.)
  • • DNS leak detection
  • • GeoIP lookup with datacenter flagging

Known VPN ASNs: Digital Ocean, AWS, Google Cloud, etc.

Admin Dashboard

Real-time monitoring with WebSocket updates

Threat-Prioritized Dashboard

Sessions automatically sorted by threat score (Critical → High → Medium → Low). Proctors focus attention on highest-risk students first, with real-time score updates as new events occur.

WebSocket Live Updates

Real-time event streaming with zero refresh latency. Color-coded severity indicators for every security event: blocked shortcuts, VM detection, automation patterns, and process violations.

Remote Session Control

Pause/resume student browsers remotely via admin dashboard. Paused sessions display full-screen red overlay for in-person proctor visibility. Resume with single click when investigation complete.

Risk Profile Visualization

At-a-glance threat indicators: VPN detection, secondary display connections, screen recording tools, automation patterns, keystroke anomalies, and trackpad consistency flags. Each chip links to detailed event log.

Performance Specs

Load Time

<2s

Electron native app vs Respondus's browser-based approach (5-8s)

Heartbeat Monitoring

15s

Client sends heartbeat every 15s. Server flags missing heartbeats after 35s.

Focus Enforcement

100ms

Aggressive focus restoration every 100ms to prevent app switching

Security Scans

60s

Process monitoring, screenshot detection, screen recorder detection every 60s

Technology Stack

Client
  • • Electron 28.1.0
  • • systeminformation
  • • WebSocket client
  • • Native OS hooks
Server
  • • Express.js
  • • PostgreSQL
  • • WebSocket (ws)
  • • geoip-lite
Integration
  • • Canvas LTI 1.1
  • • Deep linking
  • • OAuth signatures
  • • Launch tokens

See It In Action

Request a pilot demo to see the admin dashboard, threat scoring, and real-time monitoring.