September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
代码测试
|
213
13.5.4
形式化方法
形式化方法允许用户为软件或硬件系统指定感兴趣的属性。其中大多数是所谓的
安全属
性
,即规定哪些不良行为永远不应出现。“不良行为”可能包括各类断言,还可能包括
活
动属性
,该属性使用户可以指定所需的结果,比如最终由打印机处理提交的打印作业。可
以使用形式化方法来验证特定系统或模型的这些属性,甚至开发系统时,也可以使用构建
时即正确的方法。如第
92
页的
“分析不变量”中所强调的那样,使用基于形式化方法的
技术,前期成本通常相对较高。部分原因是,这些方法需要对系统要求和关注的属性做先
验描述。必须用数学上严格和正式的方式来指定这些要求。
目前,硬件设计和部分验证工具已继承基于形式方法的技术
10
。在硬件设计领域,使用由电
子设计自动化(
EDA
)供应商提供的正式或半正式工具已成为标准化实践
。此外,这些技
术也在特殊领域的软件中得到成功应用,例如安全性至关重要的系统或密码协议分析。例
如,用于计算机网络间通信的
TLS
中使用的加密协议
,使用基于形式化方法的技术做持续
检查分析
11
。
13.6
小结
测试软件的安全性和可靠性是一个很大的话题,本章中仅讨论了其中的皮毛。
Google
团队
之所以能可靠地扩展规模,并最大限度地减少停机和安全性问题,
本章中介绍的测试策略
以及通过安全编码防御某类缺陷的实践(参见第
12
章
)扮演了至关重要的角色。在开发
的初始阶段就构建具有可测试性的软件,并在整个研发生命周期中开展全面的测试,这非
常重要。
我们想要在此强调将上述测试、分析方法完全集成到工程工作流和 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.