Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
carnage
July 01, 2017
Technology
0
460
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
530
Event Driven Development
carnage
0
590
More Secrets of Cryptography
carnage
0
430
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
410
A storm is brewing
carnage
0
100
The secrets of cryptography
carnage
0
200
The secrets of cryptography
carnage
0
180
You attended talk: An introduction to event sourcing (short)
carnage
0
670
Other Decks in Technology
See All in Technology
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
520
【Oracle Cloud ウェビナー】[Oracle AI Database + AWS] Oracle Database@AWSで広がるクラウドの新たな選択肢とAI時代のデータ戦略
oracle4engineer
PRO
1
130
GitHub Issue Templates + Coding Agentで簡単みんなでIaC/Easy IaC for Everyone with GitHub Issue Templates + Coding Agent
aeonpeople
1
210
Claude_CodeでSEOを最適化する_AI_Ops_Community_Vol.2__マーケティングx_AIはここまで進化した.pdf
riku_423
2
540
広告の効果検証を題材にした因果推論の精度検証について
zozotech
PRO
0
160
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
150
今日から始める Amazon Bedrock AgentCore
har1101
4
400
小さく始めるBCP ― 多プロダクト環境で始める最初の一歩
kekke_n
1
390
Introduction to Bill One Development Engineer
sansan33
PRO
0
360
We Built for Predictability; The Workloads Didn’t Care
stahnma
0
140
ZOZOにおけるAI活用の現在 ~開発組織全体での取り組みと試行錯誤~
zozotech
PRO
5
5k
OCI Database Management サービス詳細
oracle4engineer
PRO
1
7.4k
Featured
See All Featured
How to Think Like a Performance Engineer
csswizardry
28
2.4k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
508
140k
4 Signs Your Business is Dying
shpigford
187
22k
A Soul's Torment
seathinner
5
2.2k
Getting science done with accelerated Python computing platforms
jacobtomlinson
2
110
First, design no harm
axbom
PRO
2
1.1k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
210
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
34
2.6k
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.4k
Paper Plane
katiecoart
PRO
0
46k
The World Runs on Bad Software
bkeepers
PRO
72
12k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
SiteGround - Reliable hosting with speed, security, and support you can count on.
carnage
torumakabe
oracle4engineer
aeonpeople
riku_423
zozotech
taketakekaho
har1101
kekke_n
sansan33
stahnma
csswizardry
chriscoyier
shpigford
seathinner
jacobtomlinson
axbom
chrisshort
inesmontani
jcasabona
dougneiner
katiecoart
bkeepers
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
