Domain introduction
This domain focuses on designing and engineering secure systems. It includes security models, cryptographic systems, hardware protections, and architectural principles such as defense in depth and least privilege.
For ICT students, the key insight is that security must be embedded in system design from the beginning rather than added afterward as a patch or workaround.
Outcome 1
Secure design
Apply architectural principles to build systems that resist attacks.
Outcome 2
Cryptography
Understand how encryption and hashing protect data.
Outcome 3
System trust
Identify trusted components and enforce boundaries.
Figures and mental models
Defense in depth
PerimeterFirewalls and gateways filtering traffic
NetworkSegmentation and monitoring controls
HostHardening and endpoint protection
ApplicationSecure coding and validation
DataEncryption and integrity checks
CIA in architecture
ConfidentialityEncryption and access control mechanisms protect sensitive data from unauthorized disclosure.
IntegrityValidation, hashing, and controls ensure data remains accurate and unaltered.
AvailabilityRedundancy and failover systems ensure continuous access to services.
Case examples
Case 1 — Secure banking system
A banking platform must protect financial transactions and sensitive customer data.
- Controls: encryption, strong authentication, logging, and secure architecture.
- Design: layered security and strict separation of components.
Case 2 — IoT environment
Smart devices communicate over insecure networks.
- Risk: weak firmware security and lack of updates.
- Controls: secure boot, encryption, and device isolation.
Glossary — 50 core terms
| # | Term | Definition |
|---|---|---|
| 1 | Security Architecture | Structured design of security controls across systems, networks, and applications to ensure consistent protection aligned with organizational policies and risk management objectives. |
| 2 | Security Engineering | Discipline that applies engineering principles to design, implement, and maintain secure systems capable of resisting attacks while meeting performance and reliability requirements. |
| 3 | Defense in Depth | Security strategy that uses multiple layers of controls so that failure of one mechanism does not result in complete system compromise. |
| 4 | Security Model | Formal representation of security policies that defines how subjects access objects while maintaining confidentiality, integrity, or other security goals. |
| 5 | Trusted Computing Base | Set of hardware, software, and controls responsible for enforcing security policy and therefore must be protected from tampering or compromise. |
| 6 | Reference Monitor | Concept ensuring every access request is validated against security policy and that the mechanism enforcing it is tamper-proof and always invoked. |
| 7 | Security Kernel | Core component of an operating system that implements access control and enforces security policies reliably and securely. |
| 8 | Bell-LaPadula | Security model focused on confidentiality that prevents unauthorized data disclosure by restricting read and write operations across classification levels. |
| 9 | Biba Model | Integrity-focused model that prevents data corruption by restricting how subjects read and write information based on integrity levels. |
| 10 | Clark-Wilson Model | Integrity model that enforces well-formed transactions and separation of duties to ensure data remains accurate and consistent. |
| 11 | Cryptography | Practice of securing information using mathematical techniques such as encryption and hashing to ensure confidentiality, integrity, and authenticity. |
| 12 | Symmetric Encryption | Encryption method using a single shared key for both encryption and decryption, providing efficient protection for large amounts of data. |
| 13 | Asymmetric Encryption | Encryption method using a public and private key pair, commonly used for secure key exchange and digital signatures. |
| 14 | Hash Function | Mathematical function that converts data into a fixed-length value used to verify data integrity without revealing original content. |
| 15 | Digital Signature | Cryptographic mechanism that verifies authenticity and integrity of data using private key encryption and public key verification. |
| 16 | PKI | Public Key Infrastructure manages digital certificates and keys to support secure communication and identity verification across systems. |
| 17 | Certificate Authority | Trusted organization that issues and manages digital certificates linking public keys with identities. |
| 18 | Secure Boot | Process ensuring that only trusted and verified software is loaded during system startup to prevent malware execution. |
| 19 | TPM | Hardware component that securely stores cryptographic keys and supports platform integrity verification mechanisms. |
| 20 | HSM | Dedicated hardware device that securely generates, stores, and manages cryptographic keys while performing encryption operations. |
| 21 | Least Privilege | Principle that users and systems should only be granted permissions necessary to perform their tasks, reducing potential damage from misuse. |
| 22 | Zero Trust | Security model requiring continuous verification of identity and context, assuming no implicit trust based on network location. |
| 23 | Virtualization | Technology allowing multiple virtual systems to run on a single physical machine, requiring isolation to maintain security. |
| 24 | Hypervisor | Software layer that manages virtual machines and ensures separation between them to prevent cross-VM attacks. |
| 25 | Containers | Lightweight virtualization method packaging applications and dependencies, requiring isolation and runtime security controls. |
| 26 | Sandboxing | Technique for executing code in a restricted environment to prevent it from affecting the rest of the system. |
| 27 | Memory Protection | Mechanism that isolates process memory spaces to prevent unauthorized access or modification by other processes. |
| 28 | ASLR | Security technique that randomizes memory addresses to make exploitation of vulnerabilities more difficult. |
| 29 | Fault Tolerance | Capability of a system to continue operating despite failures in hardware or software components. |
| 30 | Redundancy | Duplication of system components or data to improve reliability and availability in case of failure. |
| 31 | Resilience | Ability of a system to recover quickly from disruptions and maintain essential operations. |
| 32 | Secure Design | Approach that integrates security considerations into system architecture from the beginning of development. |
| 33 | Secure Hardware | Hardware designed to resist tampering, unauthorized access, and physical attacks. |
| 34 | Embedded Systems | Special-purpose computing systems requiring security controls tailored to limited resources and specific operational contexts. |
| 35 | ICS | Industrial Control Systems manage industrial processes and require high availability and specialized security protections. |
| 36 | SCADA | Supervisory Control and Data Acquisition systems monitor and control large-scale industrial operations and infrastructure. |
| 37 | Isolation | Separation of systems or components to prevent unauthorized interaction or spread of compromise. |
| 38 | Abstraction | Design principle that simplifies complex systems by separating layers, aiding security management and control. |
| 39 | Platform Security | Protection of operating systems, firmware, and hardware to ensure a trusted computing environment. |
| 40 | Trusted Path | Secure communication channel between user and system for sensitive operations such as authentication. |
| 41 | Secure Firmware | Firmware designed with protections against unauthorized modification or exploitation. |
| 42 | Side-Channel Attack | Attack exploiting physical characteristics like timing or power consumption to extract sensitive information. |
| 43 | Trusted Computing | Concept ensuring systems operate as expected by verifying integrity of hardware and software components. |
| 44 | Secure Principles | Guidelines such as least privilege and defense in depth used to design secure systems. |
| 45 | Fail Secure | System behavior that defaults to a secure state when a failure occurs. |
| 46 | Security Boundary | Logical or physical separation that defines trust limits between systems or components. |
| 47 | Root of Trust | Trusted component that establishes the basis for system security and integrity verification. |
| 48 | Secure Architecture Pattern | Reusable design solutions addressing common security challenges within system architectures. |
| 49 | Threat Modeling | Process of identifying and evaluating potential threats during system design. |
| 50 | Attack Surface | Total set of points where an attacker can attempt to exploit vulnerabilities within a system. |
Review questions
- Why is defense in depth more effective than a single security control?
- How do confidentiality and integrity models differ?
- What role does cryptography play in system design?
- Why is hardware-based security important?
- How does secure design reduce long-term risk?