Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
470
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Nuclear powered software securty
carnage
July 01, 2017
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
550
Event Driven Development
carnage
0
610
More Secrets of Cryptography
carnage
0
450
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
440
A storm is brewing
carnage
0
110
The secrets of cryptography
carnage
0
210
The secrets of cryptography
carnage
0
210
You attended talk: An introduction to event sourcing (short)
carnage
0
710
Other Decks in Technology
See All in Technology
AWS Summit の片隅で、体育座りしながらコミュニティがにぎわう理由を考えた
k_adachi_01
2
330
#エンジニアBooks 30分でわかる 「技術記事を書く技術」 / engineer-books 2026-06-30
jnchito
1
160
Tech-Verse 2026_Keynote
lycorptech_jp
PRO
0
110
SRE歴2ヶ月でも開発6年の知見を活かして、チームで止まっていた環境改善を前に進めた話
a_ono
0
170
時期が悪い!それでもRaspberry Piを買って遊んで活用するには / 20260627-osc26do-rpi-jikigawarui
akkiesoft
1
960
ご挨拶「10周年を迎える共創ラボのこれまでとこれから」
iotcomjpadmin
0
170
クラウドファンディング版StackChan 3体(4体)をインタラクティブな体験型作品にして展示もした話 / スタックチャンお誕生日会2026
you
PRO
0
270
トークン最適化のためのユーザーストーリー分析 / User Story Analysis for Token Optimization
oomatomo
0
160
40代で“やっとエンジニアになれた”――閉じた学びを開き、空の青さを知る / 20260628 Naoki Takahashi
shift_evolve
PRO
4
1.6k
MySQL & MySQL HeatWave Report - June 2026
freshdaz
0
270
BPaaSで進むAIオペレーションの現在地 AI実装が効く領域とスケーラビリティの選定と実装
kentarofujii
0
250
秘密度ラベル初心者が第1歩でつまづかないための「設計・運用」ポイント
seafay
PRO
1
550
Featured
See All Featured
Information Architects: The Missing Link in Design Systems
soysaucechin
0
990
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
Design in an AI World
tapps
1
250
A designer walks into a library…
pauljervisheath
211
24k
Abbi's Birthday
coloredviolet
3
8.4k
HTML-Aware ERB: The Path to Reactive Rendering @ RubyCon 2026, Rimini, Italy
marcoroth
2
280
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
180
SEO for Brand Visibility & Recognition
aleyda
0
4.6k
Joys of Absence: A Defence of Solitary Play
codingconduct
1
400
So, you think you're a good person
axbom
PRO
2
2.1k
Designing Powerful Visuals for Engaging Learning
tmiket
1
430
Leading Effective Engineering Teams in the AI Era
addyosmani
9
2.1k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20