A Baker’s Dozen of Golden Nuggets

BreakOut #1: Mary Baker, James Hamilton, Mark Verber, ...

A Dozen Golden Nuggets: 1 to 5 more important than 6 to 13?

1. “Sticky” Identifier that tracks path through a multi-layered system

2. Dividing system into many components and severely minimizing the number of components with state

3. No single component has state; subsets of components control state as deterministic replicated FSMs

4. Heterogeneity (of platforms, defenses)

13 Golden Nuggets (cont’d)

5. Out-of-band, secure control-plane for geographically distributed system

6. High fences between components; (process v. thread); mutually suspicious

7. Built-in self test of components, including security tests (e.g., self-scrub)

8. Don’t share state or resources

9. Communication is always authenticated and secure

13 Golden Nuggets (cont’d)

10. Defense in depth and minimal connectivity between components

11. Log every input, every state change into non-overwriting storage so that can replay, see what happened

12. Find/use programming language/systems that enforce constraints

13. Shape traffic externally to allow maintenance