Security aspects in the software and hardware development lifecycle such as risk and requirements analysis, architecture design, code implementation, validation, verification, testing, deployment and runtime monitoring of operation.
The subdomains for this knowledge domain are:
- Security requirements engineering with emphasis on identity, privacy, accountability, and trust
- Security and risk analysis of components compositions
- Secure software architectures and design (security by design)
- Security design patterns
- Secure programming principles and best practices
- Security support in programming environments
- Security documentation
- Refinement and verification of security management policy models
- Runtime security verification and enforcement
- Security testing and validation
- Vulnerability discovery and penetration testing
- Quantitative security for assurance
- Intrusion detection and honeypots
- Malware analysis including adversarial learning of malware
- Model-driven security and domain-specific modelling languages
- Self-* including self-healing, self-protecting, self-configuration systems
- Attack techniques (e.g. side channel attacks, power attacks, stealth attacks, advanced persistent attacks, rowhammer attacks)
- Fault injection testing and analysis
- Cybersecurity and cyber-safety co-engineering
- Privacy by design