Domaine 3 · 13% Exam weight

Security Architecture and Engineering

Secure engineering principles, formal models, cryptography, system capabilities, virtualization, cloud, IoT/ICS and physical security. Both the most technical and the most conceptual exam domain.

(ISC)² CBK Objectives

The 9 official learning areas of Domain 3. Click an objective for detail.

Objective A

Engineering processes using secure design principles

Diagramme — Engineering processes using secure design principles

Foundational principles: Least Privilege, Defense in Depth, Fail-Secure, Security by Design, KISS, Separation of Duties, Complete Mediation, Economy of Mechanism. Applied from design phase.

Key points

  • Saltzer & Schroeder: 8 reference principles
  • Shift-left: fix early = cheaper
  • Zero Trust = modern extension of Least Privilege
Objective B

Fundamental concepts of security models

Diagramme — Fundamental concepts of security models

Bell-LaPadula (confidentiality, NRU/NWD), Biba (integrity, NRD/NWU), Clark-Wilson (commercial integrity), Brewer-Nash (Chinese Wall, conflict of interest), Graham-Denning, Harrison-Ruzzo-Ullman, Noninterference, Lattice-based.

Key points

  • BLP = mouth (no leak); Biba = pen (no corruption)
  • Clark-Wilson = TP/CDI/UDI triad + mandatory SoD
  • Chinese Wall = dynamic ban after accessing a competitor
Objective C

Select controls based upon system security requirements

Diagramme — Select controls based upon system security requirements

Pick controls from catalogs (NIST 800-53, ISO 27002, CIS Controls, OWASP ASVS). Criteria: effectiveness, cost, compatibility, maintainability. Always tie a control to a requirement.

Key points

  • Control without requirement = waste
  • Critical: acceptance criteria BEFORE implementation
  • Two-way traceability requirement ↔ control
Objective D

Understand security capabilities of information systems

Diagramme — Understand security capabilities of information systems

TPM, HSM, Secure Enclaves, protection rings (kernel, drivers, user), TCB (Trusted Computing Base), process isolation, memory protection, system mode (supervisor/user).

Key points

  • Ring 0 = kernel, Ring 3 = apps; lower = more privileged
  • TPM = on-board crypto chip
  • HSM = key vault (FIPS 140-2/3)
Objective E

Assess and mitigate architecture vulnerabilities

Diagramme — Assess and mitigate architecture vulnerabilities

Threats per architecture: client-server (MitM), web (OWASP Top 10), mobile (leakage, root), cloud (misconfig), IoT (firmware), industrial (ICS/SCADA), virtualization (escape), containers (escape, image poisoning).

Key points

  • Cloud shared responsibility: IaaS/PaaS/SaaS differ
  • Containers = logical isolation, not hardware
  • ICS/SCADA: air-gap + passive IDS (not active)
Objective F

Select and determine cryptographic solutions

Diagramme — Select and determine cryptographic solutions

Symmetric (AES): fast, key distribution hard. Asymmetric (RSA, ECC): scalable, slow. Hybrid (TLS): best of both. Hash (SHA-2/3): integrity without a key. Digital signature = private-key-encrypted hash.

Key points

  • AES-256: current symmetric standard
  • PKI: CA, RA, CRL, OCSP
  • Post-Quantum: emerging NIST standards (Kyber, Dilithium)
Objective G

Understand cryptanalytic attacks

Diagramme — Understand cryptanalytic attacks

Brute force, dictionary, Rainbow tables, Birthday attack (hash collision), Meet-in-the-middle, chosen/known plaintext, side-channel (timing, power), Padding oracle (POODLE, CRIME), downgrade, implementation bugs.

Key points

  • Salt = rainbow table defense
  • Birthday attack: find collision easier than preimage
  • Crypto usually breaks via implementation, not algorithm
Objective H

Apply security principles to site and facility design

Diagramme — Apply security principles to site and facility design

CPTED (Crime Prevention Through Environmental Design): natural surveillance, natural access control, territorial reinforcement. Concentric security zones (outside → perimeter → building → room).

Key points

  • Concentric layers = physical defense in depth
  • Critical rooms: innermost ring, MFA + log access
  • CPTED = deterrence + detection before containment
Objective I

Design site and facility security controls

Diagramme — Design site and facility security controls

Concrete elements: fences, badges, mantraps, CCTV, locks, detectors (motion, smoke, temperature), proper extinguishers (FM-200 in datacenter, not water), UPS + generators, redundant HVAC.

Key points

  • Mantrap: two-door airlock to prevent tailgating
  • Datacenter: Tier I → Tier IV (increasing availability)
  • Fire: Class A (ordinary), B (liquid), C (electrical), K (kitchen)

Key concepts

Saltzer-Schroeder principles

8 secure design principles (1975): economy of mechanism (simplicity), fail-safe defaults (deny by default), complete mediation (check every access), open design (no security by obscurity), separation of privilege, least privilege, least common mechanism, psychological acceptability. Foundation of modern secure engineering.

Least privilege & separation of duties

Least privilege: grant the strict minimum rights needed for the task, for the time needed. It is not "low privilege". Separation of duties: split a sensitive task across people so none can act alone (anti-fraud).

Defense in depth

Stack independent control layers (network, host, application, data, human) so no single failure compromises the system. Also called layered security.

Fail-safe vs fail-secure

Fail-safe: on failure, prioritize human safety (door unlocks, fail-open). Fail-secure (fail-closed): prioritize asset/data protection (door locks). The choice depends on life-safety vs confidentiality stakes.

Open design / Kerckhoffs

Kerckhoffs's principle: a cryptosystem's security must rest only on key secrecy, never on algorithm secrecy. No security by obscurity. The algorithm can and should be public and peer-reviewed.

Trust but verify & Zero Trust

Trust but verify grants trust then checks it. Zero Trust goes further: "never trust, always verify", no implicit network-based trust, continuous verification of every request (identity, device, context). Reference: NIST SP 800-207.

Trusted Computing Base (TCB)

The set of all hardware, firmware and software critical to a system's security. The smaller the TCB, the more verifiable and trustworthy. The boundary between TCB and the rest is the security perimeter.

Reference monitor & security kernel

Reference monitor: abstract concept mediating all subject-object access. It must be tamperproof, always invoked (complete mediation) and small enough to verify. The security kernel is its concrete implementation (hardware + software).

Protection rings & processor states

Intel rings: Ring 0 = kernel (most privileged), Ring 3 = user applications. The lower the ring, the more privileged. The CPU switches between supervisor mode (kernel) and user mode (problem state) to isolate privileged code.

Bell-LaPadula (Confidentiality)

No Read Up (simple security property), No Write Down (*-property). State-machine model for confidentiality. Goal: prevent information leak to a lower level.

Biba (Integrity)

No Read Down (simple integrity), No Write Up (*-integrity property). Opposite of BLP. Goal: preserve integrity by stopping a low level from corrupting a high level.

Clark-Wilson (Commercial integrity)

Data accessed only through certified Transformation Procedures (TPs). Constrained Data Items (CDI) vs Unconstrained Data Items (UDI). Subject-program-object access triple, separation of duties and mandatory audit.

Brewer-Nash (Chinese Wall)

Dynamic access control: rights change with the subject's access history to prevent conflicts of interest (audit firms, competing banks).

Graham-Denning, HRU & Take-Grant

Graham-Denning: 8 primitive commands to create/delete subjects and objects and manage rights. HRU (Harrison-Ruzzo-Ullman): proves that the safety of a rights system is undecidable in general. Take-Grant: models rights propagation via a graph (take, grant, create, remove).

Lattice, information flow & non-interference

Lattice model: lattice of security levels with a least upper bound and greatest lower bound (basis of BLP/Biba). Information flow model: controls flows between levels. Non-interference: high-level actions must not be observable by a low level (counters covert channels).

State machine model

A system is secure if every possible state is secure (secure state machine). Every state transition must move from one secure state to another. Concept underlying BLP and Biba.

PAIN - crypto goals

Privacy (confidentiality), Authentication, Integrity, Non-repudiation. The 4 services a cryptosystem can provide.

Symmetric vs asymmetric

Symmetric: 1 shared key, fast, not scalable (n(n-1)/2 keys), bulk confidentiality. Asymmetric: public/private pair, slow, scalable (2n keys), key exchange + signature. Hybrid (TLS) = asymmetric to exchange a symmetric session key.

Symmetric algorithms: DES, 3DES, AES, ChaCha20

DES: 56 effective bits, obsolete (brute-forceable). 3DES: three DES passes, deprecated. AES (Rijndael): current standard, 128-bit blocks, 128/192/256-bit keys. ChaCha20: modern stream cipher, fast without hardware acceleration. One-time pad: the only theoretically unbreakable cipher if the key is truly random, as long as the message and never reused.

Block cipher modes: ECB, CBC, CTR, GCM

ECB: each block encrypted independently, patterns leak (avoid). CBC: chaining via XOR with the previous block + IV. CTR: turns a block cipher into a stream cipher, parallelizable. GCM: CTR + built-in authentication (AEAD), provides confidentiality AND integrity.

Asymmetric algorithms: RSA, ECC, DH, ECDHE

RSA: factoring large numbers (2048+-bit keys). ECC: elliptic curves, higher strength per bit so shorter keys (ideal for mobile/IoT). Diffie-Hellman: key exchange over a public channel. ECDHE: ephemeral elliptic-curve variant providing forward secrecy.

Hashing: MD5, SHA, collision, preimage

One-way function producing a fixed-size message digest. MD5 and SHA-1 are broken (collisions). Use SHA-2 / SHA-3. Collision = two inputs giving the same hash. Preimage = recovering an input from the hash. Hashing provides integrity, not confidentiality.

Digital signature & non-repudiation

Signing = encrypting the message digest (hash) with YOUR private key. The recipient decrypts with the sender's public key and recomputes the hash. Provides integrity, origin authentication and non-repudiation. Does NOT provide confidentiality.

PKI: X.509, CA, RA, VA, CRL, OCSP

PKI binds an identity to a public key via a signed X.509 v3 certificate. RA registers/validates the request, CA signs the certificate, VA validates its status. Revocation: CRL (periodic list) or OCSP (real-time check). Chain of trust up to the root CA.

Key lifecycle, escrow & recovery

Generation, distribution, storage, rotation, revocation, destruction. Key escrow: a third party holds a copy of keys (lawful access). Key recovery: rebuild a lost key. A recovery backdoor weakens the cryptosystem. Keys ideally stored in an HSM.

Cryptographic attacks

On key/algorithm: brute force, known/chosen plaintext, birthday attack (hash collisions), meet-in-the-middle. On implementation: side channel (timing, power), fault injection. On system/human: social engineering, rubber-hose. The most effective in practice is often human.

Virtualization: hypervisors, VM escape, containers

Type 1 hypervisor (bare-metal, on hardware, e.g. ESXi) vs Type 2 (hosted, on an OS, e.g. VirtualBox). VM escape: code breaking out of a VM to the hypervisor or other VMs. VM sprawl: unmanaged proliferation. Containers: OS-level isolation (shared kernel), lighter but a common kernel attack surface.

Cloud: IaaS/PaaS/SaaS, shared responsibility, CASB

IaaS (infrastructure: VMs, network, storage), PaaS (platform: runtime, DB), SaaS (ready-to-use software). Shared responsibility: the more you move toward SaaS, the more the provider manages, but the customer always owns THEIR data and access. CASB: a security broker between the enterprise and the cloud (visibility, DLP, compliance).

Databases: aggregation, inference, polyinstantiation

Aggregation: combining non-sensitive data to obtain sensitive information. Inference: deducing classified information from accessible elements. Polyinstantiation: a countermeasure creating multiple record versions per clearance level to hide the existence of data.

IoT, ICS/SCADA & Purdue model

ICS/SCADA control physical processes (energy, water, plants). Protocols: Modbus and DNP3 (historically unauthenticated), OPC UA (secured). The Purdue model (ISA-95) segments into levels 0 to 5 (sensors up to enterprise IT), isolating OT from IT. IoT: devices are often unpatchable, proprietary, to be hardened and segmented.

TPM, HSM, secure boot & measured boot

TPM: a chip soldered to the motherboard that stores keys and measures integrity (a machine's root of trust). HSM: a dedicated high-performance device to generate/protect keys. Secure boot VERIFIES firmware/OS signatures at startup; measured boot MEASURES each stage and attests to it (remote attestation).

Physical security: CPTED, mantrap, zones

CPTED (Crime Prevention Through Environmental Design): passive deterrence through layout (natural surveillance, natural access control, territorial reinforcement). Mantrap: two interlocked doors against piggybacking/tailgating. Concentric zoning: perimeter, building, floor, sensitive room.

HVAC, power, fire suppression, EMI/RFI

HVAC: controlled temperature/humidity, hot-aisle/cold-aisle airflow. Power: UPS for the short term, generator for the long term. Fire: the fire class dictates the agent (water, inert gas, FM-200); early detection via VESDA. EMI/RFI: electromagnetic interference to shield against (shielding, TEMPEST against emanation leakage).

TCSEC / ITSEC / Common Criteria

TCSEC (Orange Book, US): D < C1 < C2 < B1 < B2 < B3 < A1, evaluates confidentiality only. ITSEC (Europe): separates functionality (F) from assurance (E0-E6), evaluates C-I-A. Common Criteria (ISO/IEC 15408): international standard, assurance levels EAL1 to EAL7.

Common Criteria: PP, ST, TOE, EAL

TOE (Target of Evaluation) = the evaluated product. Protection Profile (PP) = generic security needs for a category (buyer side). Security Target (ST) = what the product claims to do (vendor side). EAL measures the RIGOR of the evaluation, not the product's security level.

Certification, accreditation & ATO

Certification: technical evaluation of a system's controls against criteria. Accreditation: a FORMAL management decision to accept the risk and authorize operation (Authorization to Operate, ATO). Certification is technical, accreditation is managerial.

Frameworks & standards

FrameworkRole
Zachman Enterprise architecture framework (2D what/how/where matrix).
SABSA Business-driven security architecture.
TOGAF Enterprise architecture method and framework (ADM).
Common Criteria (ISO/IEC 15408) International product security evaluation standard (EAL1-EAL7).
NIST SP 800-207 (Zero Trust) Zero Trust architecture: never trust, always verify.
NIST SP 800-160 Systems security engineering (secure engineering lifecycle).
Purdue Model / ISA-95 Segmentation of industrial OT networks into levels 0 to 5.
CPTED Crime Prevention Through Environmental Design (passive physical security).
Cloud Well-Architected Framework Cloud design best practices, including the security pillar.
OWASP Top 10 Most critical web application risks.

Acronyms

AcronymMeaning
TCB Trusted Computing Base
PKI Public Key Infrastructure
CA Certificate Authority
RA Registration Authority
VA Validation Authority
CRL Certificate Revocation List
OCSP Online Certificate Status Protocol
AES Advanced Encryption Standard
DES Data Encryption Standard
RSA Rivest-Shamir-Adleman
ECC Elliptic Curve Cryptography
ECDHE Elliptic Curve Diffie-Hellman Ephemeral
GCM Galois/Counter Mode (authenticated encryption)
TPM Trusted Platform Module
HSM Hardware Security Module
EAL Evaluation Assurance Level
TOE Target of Evaluation
PP Protection Profile
ST Security Target
ATO Authorization to Operate
CASB Cloud Access Security Broker
SCADA Supervisory Control and Data Acquisition
CPTED Crime Prevention Through Environmental Design

Mnemonics

Memo · Saltzer-Schroeder

8 principles: economy of mechanism · fail-safe defaults · complete mediation · open design · separation of privilege · least privilege · least common mechanism · psychological acceptability.

Memo · BLP vs Biba

BLP = Confidentiality: No Read UP, No Write DOWN. Biba = Integrity: No Read DOWN, No Write UP. OPPOSITE rules.

Memo · PAIN

PAIN = 4 crypto goals: Privacy · Authentication · Integrity · Non-repudiation.

Memo · Symétrique vs asymétrique

Symmetric: 1 key per pair, fast, n(n-1)/2 keys. Asymmetric: pub/priv, slow, 2n keys. TLS = hybrid.

Memo · Signature numérique

Signature = message hash encrypted with PRIVATE key. Decryption with PUBLIC key -> proof of origin.

Memo · PKI : RA-CA-VA

RA registers the request, CA signs the certificate, VA validates its status. Three roles, don't mix them up.

Memo · Rings

Intel rings: 0 = kernel (most privileged), 3 = applications. LOWER = more PRIVILEGED.

Memo · Reference monitor

The reference monitor must be: tamperproof, always invoked, small enough to verify. Implementation = security kernel.

Memo · Secure vs measured boot

Secure boot VERIFIES signatures (blocks if invalid). Measured boot MEASURES each stage and attests to it.

Memo · EAL

EAL measures the RIGOR of the evaluation, NOT the product's security level. EAL1 (low) to EAL7 (formal).

Formulas

Remember

Symmetric keys = n(n-1)/2

Number of symmetric keys for n users pairwise.

Remember

Asymmetric keys = 2n

Each user: 1 public + 1 private key.

Remember

Key space = 2^n

Key space for an n-bit key.

Remember

Birthday bound ~ 2^(n/2)

Approximate effort to find a collision on an n-bit hash (birthday attack).

Exam pitfalls

Pitfall

BLP = Confidentiality, Biba = Integrity

The exam systematically swaps them. Keep: BLP guards SECRETS (no read up), Biba guards FACTS (no write up).

Pitfall

Hash is not a digital signature

Hash = one-way, no key (integrity). Signature = hash encrypted with the sender's private key (integrity + origin + non-repudiation).

Pitfall

EAL does not measure product security

A high EAL means a rigorous evaluation, not a more secure product. EAL7 may cover a product with limited but formally verified functions.

Pitfall

Certification is not accreditation

Certification = technical evaluation of controls. Accreditation (ATO) = a formal management decision to accept risk and authorize operation.

Pitfall

Fail-safe is not fail-secure

Fail-safe prioritizes human life (door unlocks, fail-open). Fail-secure prioritizes data (door locks, fail-closed). The exam tests the choice by stakes.

Pitfall

Aggregation is not inference

Aggregation = combining data to reach a sensitivity threshold. Inference = DEDUCING hidden data from clues. Polyinstantiation counters inference.

Real-world cases

Case · Teaching scenario

Why TLS is hybrid

At handshake, TLS uses RSA or ECDHE (asymmetric, slow) to negotiate an AES symmetric session key (fast). It combines asymmetric scalability with symmetric speed; ECDHE adds forward secrecy.

Case · Real-inspired scenario

Stuxnet: the attack that crossed into the physical world

Stuxnet targeted Siemens PLCs driving centrifuges (ICS/SCADA), introduced via USB into an OT network that was air-gapped. Lesson: Purdue segmentation and air gaps are not enough without removable-media control and PLC hardening.

Case · Teaching scenario

Choosing the fire suppression agent

In a server room, water would destroy the electronics. The fire class (here electrical/equipment) dictates the agent: inert gas or a clean agent like FM-200, paired with VESDA early detection. Life safety comes first: evacuation before gas discharge.

10-second recap

10-second recap

  • Saltzer-Schroeder: 8 principles including least privilege, fail-safe defaults, complete mediation, open design.
  • BLP = Confidentiality (No Read Up, No Write Down); Biba = Integrity (No Read Down, No Write Up).
  • TCB + reference monitor (tamperproof, always invoked, verifiable) implemented by the security kernel.
  • PAIN = Privacy, Auth, Integrity, Non-repudiation; symmetric fast, asymmetric scalable, TLS hybrid.
  • Modes: ECB (avoid) < CBC < CTR < GCM (authenticated encryption). MD5/SHA-1 broken.
  • PKI: RA registers, CA signs, VA validates; revocation via CRL/OCSP. Signature = hash encrypted with private key.
  • Virtualization (Type 1/2, VM escape), cloud (IaaS/PaaS/SaaS, shared responsibility), ICS/SCADA (Purdue).
  • Physical: CPTED, mantrap, UPS short-term/generator long-term, fire class = agent.
  • Evaluation: TCSEC (Orange Book) < ITSEC < Common Criteria (EAL1-7); PP buyer side, ST vendor side.
  • Certification (technical) is not accreditation/ATO (managerial).

Domain quiz

Three levels available. Pick one based on the time you have.

🔒 Sign-up required for quizzes

Exam-style quizzes are members-only (free). Sign in with a magic link or a passkey to practise and save your scores.