Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Nuclear powered software securty

carnage
July 01, 2017
Technology
0
280

Nuclear powered software securty

carnage

July 01, 2017
Tweet

More Decks by carnage

See All by carnage
Object re-orientation
carnage
2
330
Event Driven Development
carnage
0
460
More Secrets of Cryptography
carnage
0
260
Microservices vs The distributed monolith
carnage
1
1.9k
Passwords and how to handle them
carnage
0
220
A storm is brewing
carnage
0
68
The secrets of cryptography
carnage
0
120
The secrets of cryptography
carnage
0
120
You attended talk: An introduction to event sourcing (short)
carnage
0
410

Other Decks in Technology

See All in Technology
20230914_FinJAWS
takuyay0ne
2
400
マネジメントコンソールやONTAP CLIだけじゃない! BlueXPとSystem ManagerでFSx for ONTAPを操作してみた #storagejaws
non97
0
180
レイヤードアーキテクチャにおける 例外との向き合い方
yukihiromori
0
1.2k
アジャイルリーダークイズ王 2023 #scrummikawa / agile leader quiz king 2023
kyonmm
PRO
1
250
そのとき歴史は動かなかった 〜 JTCのウォーターフォール研究者がバックログを発明した日〜
bonotake
0
240
Autonomous Database Cloud 技術詳細 / adb-s_technical_detail_jp
oracle4engineer
PRO
11
28k
著作権とは何か?〜初歩的概念から権利利用法、侵害要件まで
line_developers
PRO
4
650
製造業が強い愛知から始まったチーム作り8年の旅路とその現場から見えたこと
nktamago
0
200
hacomonoポストモーテムの取り組み(2023/09)
hacomono
1
480
Droidknights 2023 - 이상훈 - 기존 앱을 Jetpack Compose로 마이그레이션 하기
dsa28s
3
280
Web PubSubで創るマイ都市デジタルツイン 〜WebSocketはPostmanでテストするのだよ〜
nagix
0
230
沖縄観光、名物を一挙紹介!
bumptakayuki
PRO
0
140

Featured

See All Featured
Designing the Hi-DPI Web
ddemaree
274
33k
Building Effective Engineering Teams - LeadDev
addyosmani
20
920
Gamification - CAS2011
davidbonilla
75
4.3k
Navigating Team Friction
lara
177
12k
Building Your Own Lightsaber
phodgson
97
5.1k
Raft: Consensus for Rubyists
vanstee
130
5.9k
Rails Girls Zürich Keynote
gr2m
90
12k
Visualization
eitanlees
131
13k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
39
3.9k
[RailsConf 2023] Rails as a piece of cake
palkan
14
2.7k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
41
11k
Unsuck your backbone
ammeep
660
56k

Transcript

  1. Nuclear Powered Software Security
    Chris Riley
    Dutch PHP Conference 2017
    1

    View Slide

  2. Introduction

    View Slide

  3. Beware of lists
    1

    View Slide

  4. Nuclear safety
    1By Avda (Own work) [CC BY-SA 3.0], via Wikimedia Commons
    2

    View Slide

  5. Nuclear bomb
    1By United States Department of Energy [Public domain], via Wikimedia
    Commons
    3

    View Slide

  6. Nuclear power plant
    1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5], via Wikimedia Commons
    4

    View Slide

  7. Fault Tree Analysis

    View Slide

  8. Loss of cooling
    5

    View Slide

  9. Loss of power
    6

    View Slide

  10. Inhibit gate
    7

    View Slide

  11. E-Commerce
    8

    View Slide

  12. E-Commerce
    9

    View Slide

  13. How to use your diagram
    • Consider risk from each item
    10

    View Slide

  14. How to use your diagram
    • Consider risk from each item
    • Consider mitigations
    10

    View Slide

  15. How to use your diagram
    • Consider risk from each item
    • Consider mitigations
    • Not all mitigations will be technical
    10

    View Slide

  16. Defence in Depth

    View Slide

  17. A big firewall
    1By Tukulti65 (Own work) [CC BY-SA 4.0], via Wikimedia Commons
    11

    View Slide

  18. Everything is connected
    11

    View Slide

  19. Defense in depth
    12

    View Slide

  20. Database Access
    13

    View Slide

  21. Adding encryption
    14

    View Slide

  22. Zonal analysis

    View Slide

  23. United Airlines Flight 232
    1By Steve Fitzgerald [GFDL 1.2], via Wikimedia Commons
    15

    View Slide

  24. What can we learn from this?
    15

    View Slide

  25. Zonal analysis for security
    • Administrator passwords
    16

    View Slide

  26. Zonal analysis for security
    • Administrator passwords
    • Shared systems
    16

    View Slide

  27. Zonal analysis for security
    • Administrator passwords
    • Shared systems
    • Operating system vulnerabilities
    16

    View Slide

  28. Assume everything is open to the internet.
    16

    View Slide

  29. Zonal analysis for data
    • Look for data hotspots
    17

    View Slide

  30. Zonal analysis for data
    • Look for data hotspots
    • Focus on hotspots
    17

    View Slide

  31. Zonal analysis for data
    • Look for data hotspots
    • Focus on hotspots
    • Reduce data in hotspots
    17

    View Slide

  32. Failing safe

    View Slide

  33. Chernobyl accident
    1By Jason Minshull [Public domain], via Wikimedia Commons
    18

    View Slide

  34. Passive safety
    1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex
    [CC0], via Wikimedia Commons
    19

    View Slide

  35. Failing secure
    19

    View Slide

  36. What happens when something goes wrong?
    19

    View Slide

  37. Conclusion

    View Slide

  38. Identify undesirable outcomes
    19

    View Slide

  39. Layer your defences
    19

    View Slide

  40. Look out for single points of failure
    19

    View Slide

  41. Handle failures securely
    19

    View Slide

  42. Thanks
    • @giveupalready
    • https://github.com/carnage
    • https://carnage.github.io
    • https://joind.in/talk/92308
    20

    View Slide