September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
安全性与可靠性的交集
|
5
可靠性与安全性的权衡
:
事件管理
攻击者的存在还会影响协作方法以及事件发生时响应者可以使用的信息。可靠性受益
于拥有多角度的响应者,它们可以协助快速发现问题的根本原因并解决问题。相比之
下,通常在处理安全事件时更希望将解决问题的人员最少化,使对手无法获得相关消
息。在安全事件中,以按需共享的原则来分享信息。同样,海量的系统日志有助于为
事件响应提供信息支撑,并缩短恢复所需事件的时间,但根据记录的内容不同,日志
也可能成为攻击者的重要目标。
1.3
机密性
、
完整性
、
可用性
安全性和可靠性都与系统的机密性、完整性和可用性有关,但它们针对这些因素的考虑角
度不同。两者之间的关键差异在于是否存在恶意的对手。可靠的系统一定不会出现违背机
密性的问题,例如出错的聊天系统可能存在错发、乱码或丢失消息的情况。此外,安全的
系统必须防止恶意访问、篡改或破坏机密数据。通过下面的例子来看看可靠性问题是如何
导致安全问题的。
在传统定义中,机密性、完整性和可用性一直被视为安全系统的基本属性,
叫作
CIA
1
三要素
。尽管很多模型基于
CIA
扩
展了安全属性,但
CIA
三要素
长期以来仍受欢迎。虽然首字母缩写一样,但这个概念与美国中央情报局没
有任何关系。
1.3.1
机密性
在航空业中,一个明显的机密性问题是一键通按钮卡在了发声位置。在一些有据可查的案
例中,卡住的麦克风按钮广播了飞行员之间的私人对话,这明显违反了机密性。在这种情
况下,并不存在恶意攻击者,而是硬件可靠性缺陷导致设备在非飞行员预期的情况下传递
了信息。
1.3.2 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.