我该去哪里学习编写必须非常非常安全但确实公开外部服务(在标准 Windows 或 Linux 操作系统上运行)的代码
我该去哪里学习编写必须非常非常安全并且确实公开外部服务(在标准 Windows 或 Linux 操作系统上运行)的代码。了解哪些服务可以和不能安全地公开将是问题的一部分。请注意,我并不是在 Linux 和 Windows 之间寻找最喜欢的选择,因为在任何特定情况下我都不太可能做出选择。然而,安全级别需要达到军事级别。
举个例子,我几乎感到尴尬,但我怎么知道我是否可以在这样的设置中使用 WCF。
Where would I go to learn write code that had to be very, very secure and that DOES expose external services (running on a standard Windows or Linux OS). Knowing what services can and cannot be safely exposed would be part of the issue. Note that I am not looking for a favorite choice between Linux and Windows, as the choice is not likely to be mine to make in any given case. However the level of security needs to be military grade.
I almost feel embarressed giving this as a for instance, but how would I know whether or not I could use, say, WCF, in such a setting.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
高安全性是一个困难的概念,因为它通常涉及的不仅仅是您编写的代码。
基本上,OSI 模型的每一层都必须考虑在内。例如,防止捕获端点之间的数据流(或重新路由)(量子加密)。
在较高级别,您拥有诸如
然后我们可以继续处理其他事情,例如查看其他攻击媒介,例如 sql 注入、xss、内部/心怀不满的员工等。
完成所有这些后,请做好准备,黑客可以通过社交手段轻松获得他们想要的一切工程。
简而言之,为了保护任何计算机相关应用程序的安全,最好的策略就是倾听 Fox Mulder 的精神,“不要相信任何人”。我最喜欢的另一句话是:如果他们不追随你,那只是偏执。
High security is a difficult concept as it generally involves way more than just the code you wrote.
Basically every layer of the OSI model has to be taken into consideration. Things like, preventing capture of the data stream (or it being rerouted) between the end points (quantum cryptography).
At the higher levels, you have things like various things like
Then we can move on to other things like looking at other attack vectors like sql injection, xss, internal / disgruntled employees, etc.
And once you've done all of that be prepared when a hacker gets away with everything they want simply by social engineering.
In short, the best tact to take in order to secure any computer related application is to listen to the ethos of Fox Mulder, and Trust No One. Another favorite of mine that applies is: It's only paranoia if they aren't after you.
您可以使用形式化方法来(某种程度上)证明您的软件的关键部分。像 Frama-C 这样的工具(免费,LGPL 许可证,针对嵌入式系统)可能是相关的(至少如果您的软件是关键的、嵌入式的、用 C 语言编写的)。
但军级并没有多大意义。您的客户将(并且应该)准确定义要遵守的标准。例如,关键的[民用]飞机软件需要遵循类似DO-178C(或其前身 DO-178B)。不同的行业有不同的类似标准。 (铁路和医疗行业都有自己的标准,北美和欧洲可能有所不同)。
如果您的系统(和客户端)要求不高(即没有十亿美元或数百人的生命受到错误的威胁),您可以考虑定制您的编译器或使用其他工具。例如,GCC 可以通过插件或通过 MELT 扩展。
不要忘记软件可靠性的代价很高(这对您来说意味着巨大的成本,因此对您的客户来说也意味着巨大的成本)。
You could use formal methods to (sort-of) prove the critical parts of your software. A tool like Frama-C (free, LGPL license, targetting embedded systems) could be relevant (at least if your software is critical, embedded, written in C).
But military grade don't mean much. Your client will (and should) define exactly the standards to respect. For instance, critical [civilian] aircraft software needs to follow something like DO-178C (or its predecessor, DO-178B). Different industries have different standards similar to that. (both railways and medical industries have their own standards, which might be different in North America than in Europe).
If your system (& client) is less demanding (i.e. no billion dollars or hundreds lives threatened by bugs) you could consider customizing your compiler or using some other tool. For example, GCC is customizable thru plugins or thru MELT extensions.
Don't forget that software reliability has a big price (that means a big cost for you, hence for your client).
那么,哪里的问题可以简单地回答。不在学校。我建议为自己创建一条学习路径。选择您喜欢的技术并彻底学习它。一本入门基础书籍就足够了,但是其余的内容您可以边学习边学习,或者通过该技术的文档来学习。
例如 - 在 .NET (Microsoft) 下学习涉及一本基本的 A-Press 教科书(我建议 Pro C# 和 .NET 4.0 Platform)。此后,在 MSDN 上搜索 .NET Framework Reference 即可找到剩下的内容。
如果您正在寻找 WCF 参考,我建议您参考(MCTS Exam 70-503、Microsoft .NET Framework 3.5 Windows Communication Foundation)和 MSDN。
请记住,没有任何一项技术能够实现您所寻求的目标。例如:WCF 与 WF (Windows Workflow Foundation) 以及 SQL 数据服务和实体框架混合在一起。接触多种技术肯定会开阔你的视野。
=================================================== ===============================
WCF 在这方面是一个野兽。以下是相对于其他一些通信方式的优点:
可以通过消息级安全性(加密)来保护端点之间传递的消息(数据)。所选择的传输通道还可以通过传输层安全性(加密)在协议层得到保护。
端点本身可以授权和模拟客户端(客户端级别安全性)。您可以实施端到端的服务追踪、健康监控和服务。性能计数器、消息日志记录以及与新/旧客户端的前向和后向兼容性(通过 WCF 中提供的消息格式的优雅降级)。如果您选择这样做,您甚至可以将路由实现为通信通道的故障安全装置。 WCF 还支持事务 (ACID)、并发性以及每个实例的限制,为您在编写安全/健壮的军事级代码时提供最大的灵活性。
回想起来,WCF 的安全性和灵活性是惊人的。类似的技术(如果不相同)是 WS-Security 规范。它是 Web 服务 WS-* 规范的一部分,处理 Xml 签名和 Xml 加密,以在两个端点之间提供安全的通信通道。
然而,WS-* 的缺点是它是一种单向通信方式。 WCF 可以促进 2 路通信。客户端可以向服务器发送请求,服务器也可以向客户端发送请求。 WS-* 规定客户端只能向服务器发送和接收响应,反之则不然。
我不是 WCF 开发人员,因此我认为这些亮点可能会激发您进行自己的研究。 “给动物剥皮的方法有数百种,没有一种是错的……”
Well, the question of where can be answered simply. Not in school. I suggest to create a learning path for yourself. Pick a technology that you like and learn it inside out. A basic book to get you started should suffice, however the rest of the stuff you learn as you go, or via the documentation of that technology.
For instance - learning under .NET (Microsoft) involves a basic A-Press text-book (i suggest Pro C# and The .NET 4.0 Platform). Thereafter searching through the .NET Framework Reference on MSDN will give you the rest.
If you are looking for WCF reference, I suggest the (MCTS Exam 70-503, Microsoft .NET Framework 3.5 Windows Communication Foundation) and MSDN.
Just keep in mind that not a single technology will achieve what you are looking for. For example: WCF co-mingles with WF (Windows Workflow Foundation), as well as SQL Data Services and Entity Framework. Being exposed to multiple technologies will definitely broaden your vision.
===============================================================================
WCF is a beast in this regard. Here are the advantages over some other means of communication:
Messages (data) passed between end points can be secured via message-level security (encryption). The transport channel chosen can also be secured at protocol level via transport layer security (encryption).
End points themselves can authorize and impersonate clients (client level security). You can implement end-to-end service tracing, health monitoring & performance counters, message logging, as well as forward and backward compatibility with newer/older clients (via graceful degradation of the message format, provided in WCF). If you chose to do so, you can even implement routing as fail-safe for your communications channel. WCF also supports transactions (ACID), concurrency, as well as a per-instance throttling, giving you the most flexibility in writing secure/robust military grade code.
In retrospect the security and flexibility of WCF are astonishing. A similiar technology (if not the same) is the WS-Security spec. It is part of the WS-* specifications for web services and deals with Xml signature and Xml encryption to provide secure communications channel between two end points.
The disadvantages of WS-* however is that it is a one-way means of communication. WCF can facilitate 2 way communication. A client can send a request to a server, but also a server can send requests to the client. WS-* dictates that a client can only send and receive responses to the server, but not vice versa.
I am not a WCF developer so i thought the highlights might provoke you into doing your own research. "There are hundreds of ways to skin an animal, neither of them is wrong..."