The IEEE Std. 1687 (IJTAG) facilitates access to on-chip instruments in complex system-on-chip designs. However, a major security vulnerability in IJTAG has yet to be addressed. IJTAG supports the integration of tapped and wrapped instruments at the IP provider with hidden test-data registers (TDRs). The instruments with hidden TDRs can manipulate the data that is shifted through them. We propose the addition of shadow test-data registers by the trusted IJTAG integrator to protect the shifted data from illegitimate manipulation by malicious third-party IPs. In addition, we use information-flow tracking to identify the modified bits during the attack and the attacking instruments in an IJTAG network. We present security proofs, simulation results and the overheads associated with these countermeasures for various benchmarks.