Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
420
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
490
Event Driven Development
carnage
0
540
More Secrets of Cryptography
carnage
0
390
Microservices vs The distributed monolith
carnage
1
2.3k
Passwords and how to handle them
carnage
0
370
A storm is brewing
carnage
0
97
The secrets of cryptography
carnage
0
170
The secrets of cryptography
carnage
0
160
You attended talk: An introduction to event sourcing (short)
carnage
0
640
Other Decks in Technology
See All in Technology
Should Our Project Join the CNCF? (Japanese Recap)
whywaita
PRO
0
320
生成AI活用の組織格差を解消する 〜ビジネス職のCursor導入が開発効率に与えた好循環〜 / Closing the Organizational Gap in AI Adoption
upamune
6
5k
Frontier airlines®️ USA Contact Numbers: Complete 2025 Support Guide
oliversmith12
0
110
開発生産性を組織全体の「生産性」へ! 部門間連携の壁を越える実践的ステップ
sudo5in5k
1
5.7k
タイミーのデータモデリング事例と今後のチャレンジ
ttccddtoki
6
2.3k
【5分でわかる】セーフィー エンジニア向け会社紹介
safie_recruit
0
26k
Geminiとv0による高速プロトタイピング
shinya337
0
230
モバイル界のMCPを考える
naoto33
0
410
Witchcraft for Memory
pocke
1
740
2025-06-26_Lightning_Talk_for_Lightning_Talks
_hashimo2
2
120
「良さそう」と「とても良い」の間には 「良さそうだがホンマか」がたくさんある / 2025.07.01 LLM品質Night
smiyawaki0820
1
490
Tokyo_reInforce_2025_recap_iam_access_analyzer
hiashisan
0
170
Featured
See All Featured
Side Projects
sachag
455
42k
jQuery: Nuts, Bolts and Bling
dougneiner
63
7.8k
Rebuilding a faster, lazier Slack
samanthasiow
82
9.1k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
53
2.8k
Music & Morning Musume
bryan
46
6.6k
Code Review Best Practice
trishagee
69
18k
Automating Front-end Workflow
addyosmani
1370
200k
Scaling GitHub
holman
459
140k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
Code Reviewing Like a Champion
maltzj
524
40k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
8
680
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
32
2.4k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
whywaita
upamune
oliversmith12
sudo5in5k
ttccddtoki
safie_recruit
shinya337
naoto33
pocke
_hashimo2
smiyawaki0820
hiashisan
sachag
dougneiner
samanthasiow
tammyeverts
bryan
trishagee
addyosmani
holman
wjessup
maltzj
jcasabona
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
