Domain 3 - Index

# Domain 3 - Index Domain 3 covers secure design principles, security models, hardware/firmware trust anchors, cryptography foundations, and architectural patterns. ## Concepts 1. [[Bell-LaPadula (BLP) Model]] 2. [[Biba Integrity Model]] 3. [[Clark-Wilson Integrity Model]] 4. [[Brewer-Nash (Chinese Wall) Model]] 5. [[Lattice-Based Access Control (LBAC)]] 6. [[State Machine and Secure State]] 7. [[Noninterference and Information Flow]] 8. [[Reference Monitor and TCB]] 9. [[Security Kernel and Protection Rings]] 10. [[TCB vs Assurance vs Trust]] 11. [[Secure Design Principles (Saltzer & Schroeder)]] 12. [[Defense in Depth and Layering]] 13. [[Segmentation, DMZs, and Zero Trust Architecture]] 14. [[Threat Modeling (STRIDE, Attack Surface)]] 15. [[Trusted Platform Module (TPM)]] 16. [[Hardware Security Module (HSM)]] 17. [[UEFI Secure Boot and Measured Boot]] 18. [[Memory Protection (DEP NX, ASLR, W^X)]] 19. [[Process Isolation and Privilege Modes]] 20. [[Microkernel vs Monolithic Kernels]] 21. [[Virtualization Security (Type 1 vs Type 2)]] 22. [[Container Security Basics]] 23. [[Side-Channel Attacks (Spectre Meltdown)]] 24. [[Fault Injection and Tamper Resistance]] 25. [[Symmetric Encryption Overview]] 26. [[Block Cipher Modes (ECB, CBC, CTR, GCM)]] 27. [[Asymmetric Encryption Overview (RSA, ECC)]] 28. [[Hashing, HMAC, and Digital Signatures]] 29. [[Public Key Infrastructure (PKI) Components]] 30. [[Certificates, Revocation, and Pinning]] 31. [[Diffie-Hellman Key Exchange]] 32. [[Perfect Forward Secrecy (PFS)]] 33. [[TLS Handshake Overview]] 34. [[IPsec (AH, ESP, Transport vs Tunnel)]] 35. [[VPN Architectures (Site-to-Site, Remote Access, SSL TLS vs IPsec)]] 36. [[Randomness and DRBGs (Entropy)]] 37. [[Key Stretching and Password Hashing (PBKDF2, bcrypt, scrypt, Argon2)]] 38. [[Cryptoperiods and Key Rotation]] 39. [[Cryptographic Attacks (CPA, CCA, KPA, Replay)]] 40. [[Quantum Impacts on Cryptography (Post-Quantum Basics)]] 41. [[Certificate Management and CA Operations (Key Ceremony)]] 42. [[Code Signing and Software Integrity]] 43. [[Secure Configuration Baselines (CIS Benchmarks, STIGs)]] 44. [[Common Criteria (CC) Overview]] 45. [[CC: EAL Levels, SFR SAR, PP vs ST]] 46. [[FIPS 140-3 Cryptographic Module Validation]] 47. [[Security Modes of Operation (Dedicated, System High, Compartmented, Multilevel)]] 48. [[Trusted Recovery and System Resilience]] 49. [[Fail-Safe vs Fail-Secure vs Fail-Open Closed]] 50. [[Physical Security Layers (Perimeter, Building, Room, Rack)]] 51. [[CPTED (Crime Prevention Through Environmental Design)]] 52. [[Fire Classes and Suppression Systems]] 53. [[Power, HVAC, and Environmental Controls]] 54. [[Shielding and Emanations Security (EMI RFI, TEMPEST)]] 55. [[Secure Facility Design (Mantraps, Badging, Visitor Control)]] 56. [[Safety Systems and Life Safety (Alarms, Egress)]] 57. [[Data Diodes and Unidirectional Gateways]] 58. [[Security Architecture Frameworks - SABSA]] 59. [[Security Architecture Frameworks - TOGAF and Zachman]] 60. [[Evaluation, Certification, and Accreditation (Authorization)]] > Also see: [[MOC - CISSP]]