| Security-Foundations | PMAI framework, security theater detection, hack-as-loophole, vulnerability taxonomy |
| Threat-Modeling | Adversary taxonomy, threat scoping, abusability analysis, ABCD threat categories |
| Human-Factors-and-Usability | Skill-Rule-Knowledge errors, affordances, dual-process cognition, nudge design |
| Protocol-Security | Protocol robustness principles, formal verification, key derivation, forward secrecy |
| Cryptography | Perfect secrecy, symmetric vs asymmetric, modes of operation, concrete security |
| Advanced-Cryptographic-Engineering | HSMs, enclaves, TANSTAAFL tradeoffs, crypto-policy entanglement |
| Access-Control | ACL vs capabilities, DAC/MAC/RBAC, protection domains, TOCTTOU |
| Multilevel-Security | Bell-LaPadula, MLS/IFC, compartmentation, Chinese Wall, multilateral security |
| Privacy-and-Inference-Control | Differential privacy, cell suppression, tracker attacks, re-identification waves |
| Economics-of-Security | Misaligned incentives, externalities, market lemons, network lock-in |
| Physical-Security | CPTED, defensible space, deter-detect-alarm-delay-respond, ROC tradeoffs |
| Financial-Security-Controls | Double-entry bookkeeping, dual control, separation of duty, audit trails |
| Metering-and-Token-Security | Key diversification, token binding, grey-listing, offline fraud tolerance |
| Critical-Systems-Security | Shared control, permissive action links, defense in depth, subliminal channels |
| Security-Printing-and-Seals | Three-level inspection, whole life-cycle assurance, predator-prey coevolution |
| Biometrics | EER, ROC tradeoffs, attended vs unattended operation, goats exclusion |
| Tamper-Resistance | FIPS 140 levels, attack-defense arms race, hardware roots of trust |
| Side-Channel-Security | Side-channel taxonomy, DPA attacks, TEMPEST/EMSEC, covert vs side channels |
| Network-Security | Zero Trust/BeyondCorp, deperimeterization, certificate transparency, power-law vulnerability |
| Mobile-and-Phone-Security | Network vs device compromise duality, ecosystem-level security lifting, exploitation cycle |
| Electronic-Warfare | EW priority inversion, electronic warfare triad, hybrid warfare coordination |
| DRM-and-IP-Protection | DRM encryption+license, traitor tracing, watermarking, trusted rendering pipeline |
| Emerging-Technology-Threats | Adversarial ML, hype cycle, complexity boundary, AI/autonomous vehicle threats |
| Surveillance-and-Privacy-Policy | Surveillance capitalism, crypto wars, GDPR localisation, security industrial complex |
| Secure-Development-and-Assurance | SDL, DevSecOps, risk registers, ALE, safety-security convergence |
| Distributed-Architecture-Security | Byzantine failure model, naming scope, publish-register-notify, tiered stand-in processing |