Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
380
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
460
Event Driven Development
carnage
0
520
More Secrets of Cryptography
carnage
0
370
Microservices vs The distributed monolith
carnage
1
2.1k
Passwords and how to handle them
carnage
0
330
A storm is brewing
carnage
0
88
The secrets of cryptography
carnage
0
140
The secrets of cryptography
carnage
0
130
You attended talk: An introduction to event sourcing (short)
carnage
0
600
Other Decks in Technology
See All in Technology
Oracle Database Release and Support Timelines 2024/12/11
wmo6hash
0
300
re:Invent 2024 Innovation Talks(NET201)で語られた大切なこと
shotashiratori
0
210
5分でわかるDuckDB
chanyou0311
9
3.1k
サイボウズフロントエンドエキスパートチームについて / FrontendExpert Team
cybozuinsideout
PRO
5
38k
『GRANBLUE FANTASY: Relink』続・最高の「没入感」を実現するカットシーン制作手法とそれを支える技術
cygames
0
130
IVRyエンジニア忘年LT大会2024 クリティカルユーザージャーニーの整理
abnoumaru
0
160
テーブルが200以上あるSaaSでRSCとGraphQLを併用する理由
msickpaler
2
1.2k
Oracle Cloud Infrastructure IaaS 新機能アップデート 2024/9 - 2024/11
oracle4engineer
PRO
1
110
ブラックフライデーで購入したPixel9で、Gemini Nanoを動かしてみた
marchin1989
1
380
バクラクのドキュメント解析技術と実データにおける課題 / layerx-ccc-winter-2024
shimacos
2
670
AWS re:Invent 2024 re:Cap CloudFront編
yoshimi0227
0
320
統計データで2024年の クラウド・インフラ動向を眺める
ysknsid25
2
790
Featured
See All Featured
The Cost Of JavaScript in 2023
addyosmani
45
6.9k
Docker and Python
trallard
41
3.1k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
229
52k
It's Worth the Effort
3n
183
28k
A better future with KSS
kneath
238
17k
Facilitating Awesome Meetings
lara
50
6.1k
Six Lessons from altMBA
skipperchong
27
3.5k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
A Tale of Four Properties
chriscoyier
157
23k
Rails Girls Zürich Keynote
gr2m
94
13k
Designing on Purpose - Digital PM Summit 2013
jponch
116
7k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
48k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
wmo6hash
shotashiratori
chanyou0311
cybozuinsideout
cygames
abnoumaru
msickpaler
oracle4engineer
marchin1989
shimacos
yoshimi0227
ysknsid25
addyosmani
trallard
destraynor
3n
kneath
lara
skipperchong
tanoku
chriscoyier
gr2m
jponch
chrisshort
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
