Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
470
0
Share
Nuclear powered software securty
carnage
July 01, 2017
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
540
Event Driven Development
carnage
0
600
More Secrets of Cryptography
carnage
0
440
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
420
A storm is brewing
carnage
0
100
The secrets of cryptography
carnage
0
200
The secrets of cryptography
carnage
0
190
You attended talk: An introduction to event sourcing (short)
carnage
0
680
Other Decks in Technology
See All in Technology
チームで育てるAI自走環境_20260409
fuktig
0
930
GitHub Copilotを極める会 - 開発者のための活用術
findy_eventslides
5
3.5k
【PHPカンファレンス小田原2026】Webアプリケーションエンジニアにも知ってほしい オブザーバビリティ の本質
fendo181
0
320
サイボウズ 開発本部採用ピッチ / Cybozu Engineer Recruit
cybozuinsideout
PRO
10
77k
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
11k
Oracle AI Database@AWS:サービス概要のご紹介
oracle4engineer
PRO
4
2.2k
シン・リスコフの置換原則 〜現代風に考えるSOLIDの原則〜
jinwatanabe
0
150
自分をひらくと次のチャレンジの敷居が下がる
sudoakiy
5
1.9k
主催・運営として"場をつくる” というアウトプットのススメ
_mossann_t
0
130
BIツール「Omni」の紹介 @Snowflake中部UG
sagara
0
240
「決め方」の渡し方 / How to hand over the "decision-making process"
pauli
8
1.3k
仕様通り動くの先へ。Claude Codeで「使える」を検証する
gotalab555
8
3k
Featured
See All Featured
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.8k
Why Your Marketing Sucks and What You Can Do About It - Sophie Logan
marketingsoph
0
120
From Legacy to Launchpad: Building Startup-Ready Communities
dugsong
0
190
Un-Boring Meetings
codingconduct
0
250
Into the Great Unknown - MozCon
thekraken
40
2.3k
How STYLIGHT went responsive
nonsquared
100
6k
Designing Experiences People Love
moore
143
24k
The Language of Interfaces
destraynor
162
26k
The World Runs on Bad Software
bkeepers
PRO
72
12k
HU Berlin: Industrial-Strength Natural Language Processing with spaCy and Prodigy
inesmontani
PRO
0
310
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
118
110k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
fuktig
findy_eventslides
fendo181
cybozuinsideout
fullkaiten
oracle4engineer
jinwatanabe
sudoakiy
_mossann_t
sagara
pauli
gotalab555
sstephenson
raygrieselhuber
marketingsoph
dugsong
codingconduct
thekraken
nonsquared
moore
destraynor
bkeepers
inesmontani
twada
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
