(ISC)² CBK Objectives
The 9 official learning areas of Domain 3. Click an objective for detail.
Engineering processes using secure design principles
Foundational principles: Least Privilege, Defense in Depth, Fail-Secure, Security by Design, KISS, Separation of Duties, Complete Mediation, Economy of Mechanism. Applied from design phase.
Key points
- Saltzer & Schroeder: 8 reference principles
- Shift-left: fix early = cheaper
- Zero Trust = modern extension of Least Privilege
Fundamental concepts of security models
Bell-LaPadula (confidentiality, NRU/NWD), Biba (integrity, NRD/NWU), Clark-Wilson (commercial integrity), Brewer-Nash (Chinese Wall, conflict of interest), Graham-Denning, Harrison-Ruzzo-Ullman, Noninterference, Lattice-based.
Key points
- BLP = mouth (no leak); Biba = pen (no corruption)
- Clark-Wilson = TP/CDI/UDI triad + mandatory SoD
- Chinese Wall = dynamic ban after accessing a competitor
Select controls based upon system security requirements
Pick controls from catalogs (NIST 800-53, ISO 27002, CIS Controls, OWASP ASVS). Criteria: effectiveness, cost, compatibility, maintainability. Always tie a control to a requirement.
Key points
- Control without requirement = waste
- Critical: acceptance criteria BEFORE implementation
- Two-way traceability requirement ↔ control
Understand security capabilities of information systems
TPM, HSM, Secure Enclaves, protection rings (kernel, drivers, user), TCB (Trusted Computing Base), process isolation, memory protection, system mode (supervisor/user).
Key points
- Ring 0 = kernel, Ring 3 = apps; lower = more privileged
- TPM = on-board crypto chip
- HSM = key vault (FIPS 140-2/3)
Assess and mitigate architecture vulnerabilities
Threats per architecture: client-server (MitM), web (OWASP Top 10), mobile (leakage, root), cloud (misconfig), IoT (firmware), industrial (ICS/SCADA), virtualization (escape), containers (escape, image poisoning).
Key points
- Cloud shared responsibility: IaaS/PaaS/SaaS differ
- Containers = logical isolation, not hardware
- ICS/SCADA: air-gap + passive IDS (not active)
Select and determine cryptographic solutions
Symmetric (AES): fast, key distribution hard. Asymmetric (RSA, ECC): scalable, slow. Hybrid (TLS): best of both. Hash (SHA-2/3): integrity without a key. Digital signature = private-key-encrypted hash.
Key points
- AES-256: current symmetric standard
- PKI: CA, RA, CRL, OCSP
- Post-Quantum: emerging NIST standards (Kyber, Dilithium)
Understand cryptanalytic attacks
Brute force, dictionary, Rainbow tables, Birthday attack (hash collision), Meet-in-the-middle, chosen/known plaintext, side-channel (timing, power), Padding oracle (POODLE, CRIME), downgrade, implementation bugs.
Key points
- Salt = rainbow table defense
- Birthday attack: find collision easier than preimage
- Crypto usually breaks via implementation, not algorithm
Apply security principles to site and facility design
CPTED (Crime Prevention Through Environmental Design): natural surveillance, natural access control, territorial reinforcement. Concentric security zones (outside → perimeter → building → room).
Key points
- Concentric layers = physical defense in depth
- Critical rooms: innermost ring, MFA + log access
- CPTED = deterrence + detection before containment
Design site and facility security controls
Concrete elements: fences, badges, mantraps, CCTV, locks, detectors (motion, smoke, temperature), proper extinguishers (FM-200 in datacenter, not water), UPS + generators, redundant HVAC.
Key points
- Mantrap: two-door airlock to prevent tailgating
- Datacenter: Tier I → Tier IV (increasing availability)
- Fire: Class A (ordinary), B (liquid), C (electrical), K (kitchen)
Key concepts
Saltzer-Schroeder principles
8 secure design principles (1975): economy of mechanism (simplicity), fail-safe defaults (deny by default), complete mediation (check every access), open design (no security by obscurity), separation of privilege, least privilege, least common mechanism, psychological acceptability. Foundation of modern secure engineering.
Least privilege & separation of duties
Least privilege: grant the strict minimum rights needed for the task, for the time needed. It is not "low privilege". Separation of duties: split a sensitive task across people so none can act alone (anti-fraud).
Defense in depth
Stack independent control layers (network, host, application, data, human) so no single failure compromises the system. Also called layered security.
Fail-safe vs fail-secure
Fail-safe: on failure, prioritize human safety (door unlocks, fail-open). Fail-secure (fail-closed): prioritize asset/data protection (door locks). The choice depends on life-safety vs confidentiality stakes.
Open design / Kerckhoffs
Kerckhoffs's principle: a cryptosystem's security must rest only on key secrecy, never on algorithm secrecy. No security by obscurity. The algorithm can and should be public and peer-reviewed.
Trust but verify & Zero Trust
Trust but verify grants trust then checks it. Zero Trust goes further: "never trust, always verify", no implicit network-based trust, continuous verification of every request (identity, device, context). Reference: NIST SP 800-207.
Trusted Computing Base (TCB)
The set of all hardware, firmware and software critical to a system's security. The smaller the TCB, the more verifiable and trustworthy. The boundary between TCB and the rest is the security perimeter.
Reference monitor & security kernel
Reference monitor: abstract concept mediating all subject-object access. It must be tamperproof, always invoked (complete mediation) and small enough to verify. The security kernel is its concrete implementation (hardware + software).
Protection rings & processor states
Intel rings: Ring 0 = kernel (most privileged), Ring 3 = user applications. The lower the ring, the more privileged. The CPU switches between supervisor mode (kernel) and user mode (problem state) to isolate privileged code.
Bell-LaPadula (Confidentiality)
No Read Up (simple security property), No Write Down (*-property). State-machine model for confidentiality. Goal: prevent information leak to a lower level.
Biba (Integrity)
No Read Down (simple integrity), No Write Up (*-integrity property). Opposite of BLP. Goal: preserve integrity by stopping a low level from corrupting a high level.
Clark-Wilson (Commercial integrity)
Data accessed only through certified Transformation Procedures (TPs). Constrained Data Items (CDI) vs Unconstrained Data Items (UDI). Subject-program-object access triple, separation of duties and mandatory audit.
Brewer-Nash (Chinese Wall)
Dynamic access control: rights change with the subject's access history to prevent conflicts of interest (audit firms, competing banks).
Graham-Denning, HRU & Take-Grant
Graham-Denning: 8 primitive commands to create/delete subjects and objects and manage rights. HRU (Harrison-Ruzzo-Ullman): proves that the safety of a rights system is undecidable in general. Take-Grant: models rights propagation via a graph (take, grant, create, remove).
Lattice, information flow & non-interference
Lattice model: lattice of security levels with a least upper bound and greatest lower bound (basis of BLP/Biba). Information flow model: controls flows between levels. Non-interference: high-level actions must not be observable by a low level (counters covert channels).
State machine model
A system is secure if every possible state is secure (secure state machine). Every state transition must move from one secure state to another. Concept underlying BLP and Biba.
PAIN - crypto goals
Privacy (confidentiality), Authentication, Integrity, Non-repudiation. The 4 services a cryptosystem can provide.
Symmetric vs asymmetric
Symmetric: 1 shared key, fast, not scalable (n(n-1)/2 keys), bulk confidentiality. Asymmetric: public/private pair, slow, scalable (2n keys), key exchange + signature. Hybrid (TLS) = asymmetric to exchange a symmetric session key.
Symmetric algorithms: DES, 3DES, AES, ChaCha20
DES: 56 effective bits, obsolete (brute-forceable). 3DES: three DES passes, deprecated. AES (Rijndael): current standard, 128-bit blocks, 128/192/256-bit keys. ChaCha20: modern stream cipher, fast without hardware acceleration. One-time pad: the only theoretically unbreakable cipher if the key is truly random, as long as the message and never reused.
Block cipher modes: ECB, CBC, CTR, GCM
ECB: each block encrypted independently, patterns leak (avoid). CBC: chaining via XOR with the previous block + IV. CTR: turns a block cipher into a stream cipher, parallelizable. GCM: CTR + built-in authentication (AEAD), provides confidentiality AND integrity.
Asymmetric algorithms: RSA, ECC, DH, ECDHE
RSA: factoring large numbers (2048+-bit keys). ECC: elliptic curves, higher strength per bit so shorter keys (ideal for mobile/IoT). Diffie-Hellman: key exchange over a public channel. ECDHE: ephemeral elliptic-curve variant providing forward secrecy.
Hashing: MD5, SHA, collision, preimage
One-way function producing a fixed-size message digest. MD5 and SHA-1 are broken (collisions). Use SHA-2 / SHA-3. Collision = two inputs giving the same hash. Preimage = recovering an input from the hash. Hashing provides integrity, not confidentiality.
Digital signature & non-repudiation
Signing = encrypting the message digest (hash) with YOUR private key. The recipient decrypts with the sender's public key and recomputes the hash. Provides integrity, origin authentication and non-repudiation. Does NOT provide confidentiality.
PKI: X.509, CA, RA, VA, CRL, OCSP
PKI binds an identity to a public key via a signed X.509 v3 certificate. RA registers/validates the request, CA signs the certificate, VA validates its status. Revocation: CRL (periodic list) or OCSP (real-time check). Chain of trust up to the root CA.
Key lifecycle, escrow & recovery
Generation, distribution, storage, rotation, revocation, destruction. Key escrow: a third party holds a copy of keys (lawful access). Key recovery: rebuild a lost key. A recovery backdoor weakens the cryptosystem. Keys ideally stored in an HSM.
Cryptographic attacks
On key/algorithm: brute force, known/chosen plaintext, birthday attack (hash collisions), meet-in-the-middle. On implementation: side channel (timing, power), fault injection. On system/human: social engineering, rubber-hose. The most effective in practice is often human.
Virtualization: hypervisors, VM escape, containers
Type 1 hypervisor (bare-metal, on hardware, e.g. ESXi) vs Type 2 (hosted, on an OS, e.g. VirtualBox). VM escape: code breaking out of a VM to the hypervisor or other VMs. VM sprawl: unmanaged proliferation. Containers: OS-level isolation (shared kernel), lighter but a common kernel attack surface.
Cloud: IaaS/PaaS/SaaS, shared responsibility, CASB
IaaS (infrastructure: VMs, network, storage), PaaS (platform: runtime, DB), SaaS (ready-to-use software). Shared responsibility: the more you move toward SaaS, the more the provider manages, but the customer always owns THEIR data and access. CASB: a security broker between the enterprise and the cloud (visibility, DLP, compliance).
Databases: aggregation, inference, polyinstantiation
Aggregation: combining non-sensitive data to obtain sensitive information. Inference: deducing classified information from accessible elements. Polyinstantiation: a countermeasure creating multiple record versions per clearance level to hide the existence of data.
IoT, ICS/SCADA & Purdue model
ICS/SCADA control physical processes (energy, water, plants). Protocols: Modbus and DNP3 (historically unauthenticated), OPC UA (secured). The Purdue model (ISA-95) segments into levels 0 to 5 (sensors up to enterprise IT), isolating OT from IT. IoT: devices are often unpatchable, proprietary, to be hardened and segmented.
TPM, HSM, secure boot & measured boot
TPM: a chip soldered to the motherboard that stores keys and measures integrity (a machine's root of trust). HSM: a dedicated high-performance device to generate/protect keys. Secure boot VERIFIES firmware/OS signatures at startup; measured boot MEASURES each stage and attests to it (remote attestation).
Physical security: CPTED, mantrap, zones
CPTED (Crime Prevention Through Environmental Design): passive deterrence through layout (natural surveillance, natural access control, territorial reinforcement). Mantrap: two interlocked doors against piggybacking/tailgating. Concentric zoning: perimeter, building, floor, sensitive room.
HVAC, power, fire suppression, EMI/RFI
HVAC: controlled temperature/humidity, hot-aisle/cold-aisle airflow. Power: UPS for the short term, generator for the long term. Fire: the fire class dictates the agent (water, inert gas, FM-200); early detection via VESDA. EMI/RFI: electromagnetic interference to shield against (shielding, TEMPEST against emanation leakage).
TCSEC / ITSEC / Common Criteria
TCSEC (Orange Book, US): D < C1 < C2 < B1 < B2 < B3 < A1, evaluates confidentiality only. ITSEC (Europe): separates functionality (F) from assurance (E0-E6), evaluates C-I-A. Common Criteria (ISO/IEC 15408): international standard, assurance levels EAL1 to EAL7.
Common Criteria: PP, ST, TOE, EAL
TOE (Target of Evaluation) = the evaluated product. Protection Profile (PP) = generic security needs for a category (buyer side). Security Target (ST) = what the product claims to do (vendor side). EAL measures the RIGOR of the evaluation, not the product's security level.
Certification, accreditation & ATO
Certification: technical evaluation of a system's controls against criteria. Accreditation: a FORMAL management decision to accept the risk and authorize operation (Authorization to Operate, ATO). Certification is technical, accreditation is managerial.
Frameworks & standards
| Framework | Role |
|---|---|
| Zachman | Enterprise architecture framework (2D what/how/where matrix). |
| SABSA | Business-driven security architecture. |
| TOGAF | Enterprise architecture method and framework (ADM). |
| Common Criteria (ISO/IEC 15408) | International product security evaluation standard (EAL1-EAL7). |
| NIST SP 800-207 (Zero Trust) | Zero Trust architecture: never trust, always verify. |
| NIST SP 800-160 | Systems security engineering (secure engineering lifecycle). |
| Purdue Model / ISA-95 | Segmentation of industrial OT networks into levels 0 to 5. |
| CPTED | Crime Prevention Through Environmental Design (passive physical security). |
| Cloud Well-Architected Framework | Cloud design best practices, including the security pillar. |
| OWASP Top 10 | Most critical web application risks. |
Acronyms
| Acronym | Meaning |
|---|---|
| TCB | Trusted Computing Base |
| PKI | Public Key Infrastructure |
| CA | Certificate Authority |
| RA | Registration Authority |
| VA | Validation Authority |
| CRL | Certificate Revocation List |
| OCSP | Online Certificate Status Protocol |
| AES | Advanced Encryption Standard |
| DES | Data Encryption Standard |
| RSA | Rivest-Shamir-Adleman |
| ECC | Elliptic Curve Cryptography |
| ECDHE | Elliptic Curve Diffie-Hellman Ephemeral |
| GCM | Galois/Counter Mode (authenticated encryption) |
| TPM | Trusted Platform Module |
| HSM | Hardware Security Module |
| EAL | Evaluation Assurance Level |
| TOE | Target of Evaluation |
| PP | Protection Profile |
| ST | Security Target |
| ATO | Authorization to Operate |
| CASB | Cloud Access Security Broker |
| SCADA | Supervisory Control and Data Acquisition |
| CPTED | Crime Prevention Through Environmental Design |
Mnemonics
8 principles: economy of mechanism · fail-safe defaults · complete mediation · open design · separation of privilege · least privilege · least common mechanism · psychological acceptability.
BLP = Confidentiality: No Read UP, No Write DOWN. Biba = Integrity: No Read DOWN, No Write UP. OPPOSITE rules.
PAIN = 4 crypto goals: Privacy · Authentication · Integrity · Non-repudiation.
Symmetric: 1 key per pair, fast, n(n-1)/2 keys. Asymmetric: pub/priv, slow, 2n keys. TLS = hybrid.
Signature = message hash encrypted with PRIVATE key. Decryption with PUBLIC key -> proof of origin.
RA registers the request, CA signs the certificate, VA validates its status. Three roles, don't mix them up.
Intel rings: 0 = kernel (most privileged), 3 = applications. LOWER = more PRIVILEGED.
The reference monitor must be: tamperproof, always invoked, small enough to verify. Implementation = security kernel.
Secure boot VERIFIES signatures (blocks if invalid). Measured boot MEASURES each stage and attests to it.
EAL measures the RIGOR of the evaluation, NOT the product's security level. EAL1 (low) to EAL7 (formal).
Formulas
Symmetric keys = n(n-1)/2
Number of symmetric keys for n users pairwise.
Asymmetric keys = 2n
Each user: 1 public + 1 private key.
Key space = 2^n
Key space for an n-bit key.
Birthday bound ~ 2^(n/2)
Approximate effort to find a collision on an n-bit hash (birthday attack).
Exam pitfalls
BLP = Confidentiality, Biba = Integrity
The exam systematically swaps them. Keep: BLP guards SECRETS (no read up), Biba guards FACTS (no write up).
Hash is not a digital signature
Hash = one-way, no key (integrity). Signature = hash encrypted with the sender's private key (integrity + origin + non-repudiation).
EAL does not measure product security
A high EAL means a rigorous evaluation, not a more secure product. EAL7 may cover a product with limited but formally verified functions.
Certification is not accreditation
Certification = technical evaluation of controls. Accreditation (ATO) = a formal management decision to accept risk and authorize operation.
Fail-safe is not fail-secure
Fail-safe prioritizes human life (door unlocks, fail-open). Fail-secure prioritizes data (door locks, fail-closed). The exam tests the choice by stakes.
Aggregation is not inference
Aggregation = combining data to reach a sensitivity threshold. Inference = DEDUCING hidden data from clues. Polyinstantiation counters inference.
Real-world cases
Why TLS is hybrid
At handshake, TLS uses RSA or ECDHE (asymmetric, slow) to negotiate an AES symmetric session key (fast). It combines asymmetric scalability with symmetric speed; ECDHE adds forward secrecy.
Stuxnet: the attack that crossed into the physical world
Stuxnet targeted Siemens PLCs driving centrifuges (ICS/SCADA), introduced via USB into an OT network that was air-gapped. Lesson: Purdue segmentation and air gaps are not enough without removable-media control and PLC hardening.
Choosing the fire suppression agent
In a server room, water would destroy the electronics. The fire class (here electrical/equipment) dictates the agent: inert gas or a clean agent like FM-200, paired with VESDA early detection. Life safety comes first: evacuation before gas discharge.
10-second recap
10-second recap
- Saltzer-Schroeder: 8 principles including least privilege, fail-safe defaults, complete mediation, open design.
- BLP = Confidentiality (No Read Up, No Write Down); Biba = Integrity (No Read Down, No Write Up).
- TCB + reference monitor (tamperproof, always invoked, verifiable) implemented by the security kernel.
- PAIN = Privacy, Auth, Integrity, Non-repudiation; symmetric fast, asymmetric scalable, TLS hybrid.
- Modes: ECB (avoid) < CBC < CTR < GCM (authenticated encryption). MD5/SHA-1 broken.
- PKI: RA registers, CA signs, VA validates; revocation via CRL/OCSP. Signature = hash encrypted with private key.
- Virtualization (Type 1/2, VM escape), cloud (IaaS/PaaS/SaaS, shared responsibility), ICS/SCADA (Purdue).
- Physical: CPTED, mantrap, UPS short-term/generator long-term, fire class = agent.
- Evaluation: TCSEC (Orange Book) < ITSEC < Common Criteria (EAL1-7); PP buyer side, ST vendor side.
- Certification (technical) is not accreditation/ATO (managerial).
Domain quiz
Three levels available. Pick one based on the time you have.
🔒 Sign-up required for quizzes
Exam-style quizzes are members-only (free). Sign in with a magic link or a passkey to practise and save your scores.