Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Nuclear powered software securty
carnage
July 01, 2017
Technology
0
200
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
260
Event Driven Development
carnage
0
420
More Secrets of Cryptography
carnage
0
200
Microservices vs The distributed monolith
carnage
1
1.7k
Passwords and how to handle them
carnage
0
190
A storm is brewing
carnage
0
53
The secrets of cryptography
carnage
0
110
The secrets of cryptography
carnage
0
110
You attended talk: An introduction to event sourcing (short)
carnage
0
320
Other Decks in Technology
See All in Technology
フィンテック養成勉強会#24
finengine
0
340
VS Code Meetup #21 - もう一度知りたい基礎編 - ファイル操作、コーディングの基本編
74th
0
200
今 SLI/SLO の監視をするなら Sloth が良さそうという話
shotakitazawa
1
290
Goで実装するブランドネットワークとの接続ポイント
pongzu
2
290
Power BI のうらがわ
hanaseleb
1
170
データをコネコネ!メール配信用データ生成の仕組み
kappezoro
0
120
開発環境のセキュリティおよびCI/CDパイプラインのセキュア化
rung
PRO
12
5.2k
聊聊 Cgo 的二三事
david74chou
0
340
Settlement simulation testing to ensure correct settlement processing
applepine1125
2
1.5k
殺虫剤のパラドックスの真実 / The Truth of The Pesticide Paradox
kzsuzuki
1
190
ニコニコ生放送におけるWebフロントエンドBFFサーバーのKubernetes移行事例の紹介
himenon
2
500
セキュキャンを卒業してその後
kurochan
0
600
Featured
See All Featured
Mobile First: as difficult as doing things right
swwweet
213
7.6k
The MySQL Ecosystem @ GitHub 2015
samlambert
239
11k
Docker and Python
trallard
27
1.6k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
498
130k
JazzCon 2018 Closing Keynote - Leadership for the Reluctant Leader
reverentgeek
173
8.6k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
6
580
Side Projects
sachag
450
37k
Typedesign – Prime Four
hannesfritz
34
1.4k
Fontdeck: Realign not Redesign
paulrobertlloyd
73
4.1k
Designing Experiences People Love
moore
130
22k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
655
120k
Teambox: Starting and Learning
jrom
123
7.7k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20