Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
460
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
530
Event Driven Development
carnage
0
590
More Secrets of Cryptography
carnage
0
430
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
410
A storm is brewing
carnage
0
100
The secrets of cryptography
carnage
0
200
The secrets of cryptography
carnage
0
180
You attended talk: An introduction to event sourcing (short)
carnage
0
670
Other Decks in Technology
See All in Technology
クレジットカード決済基盤を支えるSRE - 厳格な監査とSRE運用の両立 (SRE Kaigi 2026)
capytan
6
2.6k
データの整合性を保ちたいだけなんだ
shoheimitani
8
3k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
200
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
300
今日から始める Amazon Bedrock AgentCore
har1101
4
400
マーケットプレイス版Oracle WebCenter Content For OCI
oracle4engineer
PRO
5
1.5k
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.3k
15 years with Rails and DDD (AI Edition)
andrzejkrzywda
0
180
プロポーザルに込める段取り八分
shoheimitani
1
180
なぜ今、コスト最適化(倹約)が必要なのか? ~AWSでのコスト最適化の進め方「目的編」~
htan
1
110
Cosmos World Foundation Model Platform for Physical AI
takmin
0
650
Featured
See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.7k
My Coaching Mixtape
mlcsv
0
47
How to train your dragon (web standard)
notwaldorf
97
6.5k
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
Amusing Abliteration
ianozsvald
0
97
RailsConf 2023
tenderlove
30
1.3k
Side Projects
sachag
455
43k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
0
140
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
77
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
231
22k
Jamie Indigo - Trashchat’s Guide to Black Boxes: Technical SEO Tactics for LLMs
techseoconnect
PRO
0
55
VelocityConf: Rendering Performance Case Studies
addyosmani
333
24k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
capytan
shoheimitani
sansan33
aeonpeople
mu7889yoon
har1101
oracle4engineer
empitsu
andrzejkrzywda
htan
takmin
marktimemedia
mlcsv
notwaldorf
ipullrank
ianozsvald
tenderlove
sachag
baasie
greggifford
danielanewman
techseoconnect
addyosmani
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
