Authentication, Authorisation & Accountability

All aspects of identity management and authentication technologies, and architectures and tools to support authorisation and accountability in both isolated and distributed systems.

Adversarial Behaviours

The motivators, behaviours, and methods used by attackers, including malware supply chains, attack vectors, and money transfers.

Cryptography

Core primitives of cryptography as presently practised and emerging algorithms, techniques for analysis of these, and the protocols that use them.

Cyber-Physical Systems Security

Security challenges in cyber-physical systems, such as the Internet of Things and Industrial Control Systems, attacker models, safe-secure designs, and security of large-scale infrastructures.

Distributed Systems Security

Security mechanisms relating to larger-scale coordinated distributed systems, including aspects of secure consensus, time, event systems, peer-to-peer systems, clouds, multitenant data centres, and distributed ledgers.

Forensics

The motivators, behaviours, and methods used by attackers, including malware supply chains, attack vectors, and money transfers.

Human Factors

Usable security, social and behavioural factors impacting security, security culture and awareness as well as the impact of security controls on user behaviour.

Hardware Security

Security in the design, implementation and deployment of general-purpose and specialist hardware, including trusted computing technologies and sources of randomness.

Law & Regulation

International and national statutory and regulatory requirements, compliance obligations, and security ethics, including data protection and developing doctrines on cyber warfare.

Malware & Attack Technology

Technical details of exploits and distributed malicious systems, together with associated discovery and analysis approaches.

Network Security

Security aspects of networking and telecommunication protocols, including the security of routing, network security elements, and specific cryptographic protocols used for network security.

Operating Systems & Virtualisation

Operating systems protection mechanisms, implementing secure abstraction of hardware, and sharing of resources, including isolation in multiuser systems, secure virtualisation, and security in database systems.

Physical Layer & Telecommunications Security

Security concerns and limitations of the physical layer including aspects of radio frequency encodings and transmission techniques, unintended radiation, and interference.

Privacy & Online Rights

Techniques for protecting personal information, including communications, applications and inferences from databases and data processing. It also includes other systems supporting online rights touching on censorship and circumvention, covertness, electronic elections, and privacy in payment and identity systems.

Risk Management & Governance

Security management systems and organisational security controls, including standards, best practices, and approaches to risk assessment and mitigation.

Secure Software Lifecycle

The application of security software engineering techniques in the whole systems development lifecycle resulting in software that is secure by default.

Security Operations & Incident Management

The configuration, operation and maintenance of secure systems including the detection of and response to security incidents and the collection and use of threat intelligence.

Software Security

Known categories of programming errors resulting in security bugs, and techniques for avoiding these errors - both through coding practice and improved language design - and tools, techniques, and methods for detection of such errors in existing systems.

Web & Mobile Security

Issues related to web applications and services distributed across devices and frameworks, including the diverse programming paradigms and protection models.