Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Nuclear powered software securty
Search
carnage
July 01, 2017
Technology
0
460
Nuclear powered software securty
carnage
July 01, 2017
Tweet
Share
More Decks by carnage
See All by carnage
Object re-orientation
carnage
2
530
Event Driven Development
carnage
0
590
More Secrets of Cryptography
carnage
0
430
Microservices vs The distributed monolith
carnage
1
2.4k
Passwords and how to handle them
carnage
0
410
A storm is brewing
carnage
0
100
The secrets of cryptography
carnage
0
200
The secrets of cryptography
carnage
0
180
You attended talk: An introduction to event sourcing (short)
carnage
0
680
Other Decks in Technology
See All in Technology
Dr. Werner Vogelsの14年のキーノートから紐解くエンジニアリング組織への処方箋@JAWS DAYS 2026
p0n
1
110
「ヒットする」+「近い」を同時にかなえるスマートサジェストの作り方.pdf
nakasho
0
150
クラウド × シリコンの Mashup - AWS チップ開発で広がる AI 基盤の選択肢
htokoyo
2
100
マルチロールEMが実践する「組織のレジリエンス」を高めるための組織構造と人材配置戦略
coconala_engineer
3
620
タスク管理も1on1も、もう「管理」じゃない ― KiroとBedrock AgentCoreで変わった"判断の仕事"
yusukeshimizu
5
1.9k
AIファーストを前提とした開発スタイルの変化
sbtechnight
0
170
「ストレッチゾーンに挑戦し続ける」ことって難しくないですか? メンバーの持続的成長を支えるEMの環境設計
sansantech
PRO
3
390
管理者向けGitHub Enterpriseの運用Tips紹介: 人にもAIにも優しいプラットフォームづくり
yuriemori
0
170
Datadog の RBAC のすべて
nulabinc
PRO
3
340
vLLM Community Meetup Tokyo #3 オープニングトーク
jpishikawa
0
210
JAWS DAYS 2026 CDP道場 事前説明会 / JAWS DAYS 2026 CDP Dojo briefing document
naospon
0
200
EMからICへ、二周目人材としてAI全振りのプロダクト開発で見つけた武器
yug1224
5
480
Featured
See All Featured
Visual Storytelling: How to be a Superhuman Communicator
reverentgeek
2
460
GitHub's CSS Performance
jonrohan
1032
470k
Design in an AI World
tapps
0
160
jQuery: Nuts, Bolts and Bling
dougneiner
65
8.4k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
31
10k
The Anti-SEO Checklist Checklist. Pubcon Cyber Week
ryanjones
0
88
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
64
53k
Skip the Path - Find Your Career Trail
mkilby
1
72
sira's awesome portfolio website redesign presentation
elsirapls
0
190
The State of eCommerce SEO: How to Win in Today's Products SERPs - #SEOweek
aleyda
2
9.8k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
AI Search: Implications for SEO and How to Move Forward - #ShenzhenSEOConference
aleyda
1
1.1k
Transcript
Nuclear Powered Software Security Chris Riley Dutch PHP Conference 2017
1
Introduction
Beware of lists 1
Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via
Wikimedia Commons 2
Nuclear bomb 1By United States Department of Energy [Public domain],
via Wikimedia Commons 3
Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],
via Wikimedia Commons 4
Fault Tree Analysis
Loss of cooling 5
Loss of power 6
Inhibit gate 7
E-Commerce 8
E-Commerce 9
How to use your diagram • Consider risk from each
item 10
How to use your diagram • Consider risk from each
item • Consider mitigations 10
How to use your diagram • Consider risk from each
item • Consider mitigations • Not all mitigations will be technical 10
Defence in Depth
A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],
via Wikimedia Commons 11
Everything is connected 11
Defense in depth 12
Database Access 13
Adding encryption 14
Zonal analysis
United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via
Wikimedia Commons 15
What can we learn from this? 15
Zonal analysis for security • Administrator passwords 16
Zonal analysis for security • Administrator passwords • Shared systems
16
Zonal analysis for security • Administrator passwords • Shared systems
• Operating system vulnerabilities 16
Assume everything is open to the internet. 16
Zonal analysis for data • Look for data hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots 17
Zonal analysis for data • Look for data hotspots •
Focus on hotspots • Reduce data in hotspots 17
Failing safe
Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons
18
Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],
via Wikimedia Commons 19
Failing secure 19
What happens when something goes wrong? 19
Conclusion
Identify undesirable outcomes 19
Layer your defences 19
Look out for single points of failure 19
Handle failures securely 19
Thanks • @giveupalready • https://github.com/carnage • https://carnage.github.io • https://joind.in/talk/92308 20
carnage
p0n
nakasho
htokoyo
coconala_engineer
yusukeshimizu
sbtechnight
sansantech
yuriemori
nulabinc
jpishikawa
naospon
yug1224
reverentgeek
jonrohan
tapps
dougneiner
eileencodes
ryanjones
nwiizo
mkilby
elsirapls
aleyda
keithpitt
![Nuclear safety 1By Avda (Own work) [CC BY-SA 3.0], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_3.jpg){kind=link}
![Nuclear bomb 1By United States Department of Energy [Public domain],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_4.jpg){kind=link}
![Nuclear power plant 1Emoscopes [GFDL, CC-BY-SA-3.0 or CC BY 2.5],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_5.jpg){kind=link}
![A big firewall 1By Tukulti65 (Own work) [CC BY-SA 4.0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_16.jpg){kind=link}
![United Airlines Flight 232 1By Steve Fitzgerald [GFDL 1.2], via](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_22.jpg){kind=link}
![Chernobyl accident 1By Jason Minshull [Public domain], via Wikimedia Commons](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_32.jpg){kind=link}
![Passive safety 1By Picoterawatt derivative work: OrbiterSpacethingy translation: Cryptex [CC0],](https://files.speakerdeck.com/presentations/bf9101e4b37944b39e035a1b306f8261/slide_33.jpg){kind=link}
