September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
78
|
第
6
章
3. TCB
和易理解性
除了安全优势之外,
TCB
和安全边界也让系统更容易理解
。为了符合
TCB
的资格,组件
必须与系统的其他部分相隔离。该组件必须具有定义良好且干净的接口,并且能够解释
TCB
独立实现的正确性
。如果组件的正确性取决于该组件控制之外的假设,那么根据定
义,它不是
TCB
。
TCB
通常是独立的故障域
,使得它在面对代码缺陷、
DoS
攻击或者其他异常情况时的行为
更容易理解。第
8
章中更深入地讨论了系统分层的好处。
6.4
软件设计
根据安全边界将系统切分成组件化结构之后,你仍然需要分析特定的安全边界内所有的代
码和子组件,而安全边界可能还是一个相当大且复杂的软件。本节主要讨论结构化软件的
技术,以便进一步在较小的软件组件(如模块、库和
API
)级别实现关于不变量的分析。
6.4.1
使用应用程序框架满足服务需求
如前所述,框架可以提供一些可复用的功能。特定的系统可以有认证框架、授权框架、
RPC
框架
、编排框架、监控框架、软件发布框架等。这些框架可以提供很大的灵活性,但
也可能
过于
灵活。所有框架都可能进行组合,其配置方式可能会使得工程师(应用程序和
服务开发人员、服务所有者、网站可靠性工程师和
DevOps
工程师)应接不暇。
在
Google
,我们发现通过更高级别的框架管理来这种复杂性非常有效
,我们称之为
应用程
序框架
。有时候它们也叫作
全栈
或“自备电池”(
batteries-included
)框架
。应用程序框架
为各个功能提供了一组规范的子框架,具有合理的默认配置,并保证所有子框架间协同工
作。应用程序框架可以让用户免于选择和配置子框架的麻烦。 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.