1. Gabatarwa
Tsarin Microservice (MSA) ya zama babban tsari don gina tsarin software masu iya faɗaɗawa, kulawa, da rarraba. Ta hanyar rarraba aikace-aikacen zuwa ayyuka masu ƙanƙanta, masu zaman kansu, MSA yana ba da fa'idodi masu mahimmanci a cikin sauri da juriya. Duk da haka, wannan sauyin tsarin yana gabatar da ƙalubalen tsaro masu zurfi. Yaduwar hanyoyin shiga, ƙaruwar zirga-zirgar cibiyar sadarwa, da buƙatar amincewa tsakanin ayyuka a cikin yanayi iri-iri suna ƙara yankin harin. Wannan binciken taswira mai tsari, wanda Hannousse da Yahiouche suka gudanar, yana nufin rarraba barazanar tsaro da ke kaiwa ga MSA, nazarin hanyoyin da aka gabatar, da gano mahimman gibin bincike don jagorantar aikin gaba a cikin tsare waɗannan tsarin masu rikitarwa.
2. Hanyar Bincike
Nazarin ya yi amfani da ingantacciyar hanyar taswirar tsari don ba da cikakken bayani game da yanayin bincike.
2.1. Tsarin Taswirar Tsari
An bi tsari mai tsari, wanda ya haɗa da matakan tsarawa, gudanarwa, da rahoto. Dabarun bincike sun yi niyya ga manyan ma'ajin bayanan ilimi ta amfani da kalmomin da suka shafi microservices da tsaro. Binciken farko ya haifar da nazarce-nazarce 1067.
2.2. Ma'aunin Zaɓin Nazari
An tace nazarce-nazarce bisa ma'aunin haɗawa/warewa da ke mai da hankali kan barazanar tsaro da hanyoyin tsaro na musamman ga microservices. Bayan tantance taken, taƙaice, da cikakkun rubutun, an zaɓi nazarce-nazarce 46 na farko don cikakken bincike da cire bayanai.
3. Sakamako da Bincike
Binciken nazarce-nazarce 46 na farko ya bayyana wasu mahimman alamu da rashin daidaito a cikin binciken na yanzu.
Nazarce-nazarce na Farko
46
An zaɓa daga sakamako na farko 1067
Mai da Hankali na Bincike
Babu Daidaito
An fi mayar da hankali ga hare-haren waje
Babban Hanyar Tsaro
Sarrafa Shiga & Bincike
Babban Tabbatarwa
Nazarin Lamari & Binciken Aiki
3.1. Rarraba Barazana
An rarraba barazanar, inda aka bayyana cewa an fi mayar da hankali kan hare-haren waje (misali, allurar API, DDoS) idan aka kwatanta da barazanar ciki (misali, maƙiyan ciki, ayyukan da aka lalata). Wannan yana nuna yuwuwar gibin a cikin binciken tsaron MSA game da tsarin barazanar ciki a cikin ragar sabis mai rarrabawa.
3.2. Hanyoyin Tsaro
Mafi yawan fasahohin tsaro da aka bincika sune bincike da tilasta sarrafa shiga. Fasahohin don hanawa da ragewa (musamman bayan keta) ba a bincika su sosai ba, wanda ke nuna matsayin tsaro na mayar da martani maimakon na gaggawa ko juriya a cikin shawarwarin na yanzu.
3.3. Matakan Aiki
Mafi yawan hanyoyin da aka gabatar suna kaiwa ga matakin kayan aiki mai laushi (misali, ƙofofin API, ragar sabis). Matakan kamar sadawar tsakanin ayyuka (misali, bas ɗin saƙo mai tsaro, cibiyar sadarwa marar amana) da turawa/dandamali (misali, tsarin gudanar da kwantena mai tsaro) sun sami kulawa sosai.
4. Ƙa'idar Tsaro Mai Sauƙi
Babban gudunmawar wannan binciken shine ƙirar ƙa'idar tsaro mai sauƙi don tsarin tsaro na MSA. Wannan ƙa'idar tana tsara ilimi ta hanyar haɗawa:
- Tushen Barazana (Ciki/Waje, Nau'in Mai Aiki)
- Hanyoyin Tsaro (Hanawa, Gano, Ragewa)
- Fasahohin Tabbatarwa (Nazarin Lamari, Hujja na Tsari, Binciken Aiki)
Wannan ƙa'idar tana aiki azaman tushen ilimi mai iya tambaya, yana ba masu haɓakawa da masu gine-gine damar gano tsarin tsaro masu dacewa don takamaiman yanayin barazana.
5. Gibin Bincike da Hanyoyin Gaba
Nazarin ya ƙare ta hanyar ba da shawarar bincike mai da hankali a cikin wuraren da ba a bincika sosai ba:
- Hanyoyin Kai Hari na Ciki: Haɓaka samfura da hanyoyin don gano da kuma ɗauke da barazanar da suka samo asali daga cikin ragar sabis.
- Ragewa & Juriya: Canza mayar da hankali daga tsaron kawai zuwa dabarun da ke tabbatar da rayuwar tsarin da saurin dawowa yayin harin da ke gudana.
- Tsaron Mataki Gabaɗaya: Faɗaɗa hanyoyin tsaro fiye da matakin kayan aiki mai laushi don haɗawa da ka'idojin sadarwa masu tsaro da dandamalin turawa mai ƙarfi.
- Tsaro Mai Sarrafa Kansa: Amfani da AI/ML don gano abin da ba na al'ada ba da amsa mai sarrafa kansa, kamar ci gaban da aka gani a wasu fagagen tsaro.
6. Fahimta ta Asali & Ra'ayi Mai Bincike
Fahimta ta Asali: Matsayin binciken tsaron microservices na yanzu yana da haɗari sosai. Yana ƙarfafa ƙofar gaba (API na waje) yayin da ya bar ɗakunan fada (sadarwar sabis zuwa sabis na ciki) da masu gadi (dandamalin turawa) ba su da kariya sosai. Taswirar tsari ta Hannousse da Yahiouche ta fallasa fagen wasa na dara yayin da yake buƙatar yin wasan dara na 4D a kan maƙiyan da suka ƙware.
Tsarin Hankali: Hanyar nazarin ta daidai—tace takardu 1067 zuwa 46 masu dacewa ya zana yanayi mai inganci. Hankalin ba shi da iyaka: ainihin ƙimar microservices (rarrabawa, 'yancin kai) shine ainihin rauninsa. Kowane sabis na sabon hanyar kai hari ne, sabon dangantakar amana da za a sarrafa. Martanin al'ummar bincike ya kasance a fili: yi amfani da kayan aikin zamanin guda ɗaya (ƙofofin API, IAM) a gefuna. Wannan yana kama da tsare gungun kudan zuma ta hanyar sanya makulli a ƙofar amya, yana yin watsi da gaskiyar cewa kowane kudan zuma yana aiki da kansa a cikin mil na fili.
Ƙarfi & Kurakurai: Ƙarfin takardar shine gaskiyarsa mai tsauri a cikin taswirar rashin daidaito. Ƙa'idar da aka gabatar mataki ne mai ma'ana zuwa ga tsarin tsaro mafi tsari. Duk da haka, kuskuren yana cikin iyakar tushen adabin—yana nuna fagen har yanzu yana cikin ƙuruciyarsa. Ina zurfin haɗin kai tare da ƙa'idodin Zero-Trust, kamar yadda NIST (SP 800-207) ya yi? Ina ingantaccen samfurin amana mai rarrabawa, kwatankwacin aikin a cikin algorithms na yarjejeniya na blockchain? Hanyoyin da aka bincika galibi ƙari ne, ba sake tunani na gine-gine ba. Kwatanta wannan tare da tsarin canjin tsari na Google's BeyondCorp, wanda ya motsa tsaro daga kewayen cibiyar sadarwa zuwa na'urori da masu amfani—samfurin da microservices ke buƙatar shiga ciki.
Fahimta Mai Aiki: Ga CTOs da masu gine-gine, wannan binciken kiran farkawa ne. Daina ɗaukar tsaron ragar sabis a matsayin abin da za a yi tunani bayan haka. Ba da fifiko ga asalin sabis fiye da wurin cibiyar sadarwa. Saka hannun jari a cikin mutual TLS (mTLS) da sarrafa shiga mai kyau, bisa sifa (ABAC) don duk sadarwar sabis. Bukatar tsarin gudanar da kwantena (K8s, Nomad) ya sami tsaro a ciki, ba a haɗa shi ba. Gaba ba ya cikin manyan ƙofofin ba; yana cikin wayo, hannun hannu masu tabbatar da sirri tsakanin kowane misalin sabis. Gibin binciken rami ne—haɗa shi da gine-gine, ba kayan aiki kawai ba.
7. Cikakkun Bayanai na Fasaha & Tsarin Lissafi
Don matsawa fiye da bincike na inganci, tsare MSA yana buƙatar samfuran tsari. Asalin ra'ayi shine samfurin tsarin azaman zane mai motsi $G(t) = (V(t), E(t))$, inda:
- $V(t)$ yana wakiltar saitin misalan microservice a lokacin $t$, kowanne yana da kaddarorin kamar asali $id_v$, maki amana $\tau_v(t)$, da matsayin tsaro $s_v$.
- $E(t)$ yana wakiltar sadarwar da aka yarda, kowane gefen $e_{uv}$ yana da ƙimar amana da ake buƙata $\theta_{uv}$ da mahallin tsaro (misali, ka'idar ɓoyayye).
Buƙatar sadarwa daga $u$ zuwa $v$ a lokacin $t$ ana ba da izini ne kawai idan tsinkayen amana ya kasance: $$P_{comm}(u,v,t) := (\tau_u(t) \geq \theta_{uv}) \land (\tau_v(t) \geq \theta_{vu}) \land \text{AuthZ}(u,v, action)$$ Anan, $\tau(t)$ aiki ne mai motsi wanda ya haɗa da sa ido kan hali, kamar tsarin suna da aka yi nazari a cikin cibiyoyin sadarwa masu rarrabawa. Ƙalubalen tsaro shine kiyayewa da tabbatar da wannan tsinkaye ta hanyar da za a iya faɗaɗawa, ta hanyar rarrabawa ba tare da wani wuri na gazawa ba—matsala da ta haɗu da binciken Rashin Aikin Byzantine.
8. Sakamakon Gwaji & Tabbatarwa
Nazarin taswira ya gano cewa binciken aiki (65% na nazarce-nazarce) da nazarin lamari (58%) sune manyan fasahohin tabbatarwa don hanyoyin tsaro da aka gabatar. Wannan duka ƙarfi ne da rauni.
Fassarar Chati (An fayyace): Chati na zane na hasashe da aka samo daga binciken zai nuna doguwar sandar don "Auna Matsakaicin Aiki" da ɗan gajarta don "Nazarin Lamari na Tabbacin Manufa." Sanduna don "Tabbatarwa na Tsari," "Simulation na Babban Girma," da "Bayanin Turawa na Duniya na Gaskiya" za su kasance gajarta sosai. Wannan yana bayyana gibin tabbatarwa. Yayin da tabbatar da hanyar ba ta lalata jinkiri ba ya zama dole, bai isa ba. Rashin tabbatarwa na tsari yana barin kurakuran hankali ba a gano su ba. Ƙarancin simulation mai girma ko bayanan duniya na gaskiya, kamar yadda aka gani a cikin ingantattun nazarce-nazarce na kayan aiki daga kamfanoni kamar Netflix ko Google, yana nufin ba mu fahimci yadda waɗannan hanyoyin suka gaza a ƙarƙashin ɗimbin yawa, ainihin nauyin samarwa ko hare-haren da aka haɗa kai ba.
Sakamakon ya jaddada batun balaga: har yanzu fagen yana tabbatar da yuwuwar, ba kimanta ingancin aiki a sikeli ba.
9. Tsarin Bincike: Nazarin Lamari
Yanayi: Ƙaura Dandamalin Kasuwanci na Lantarki zuwa MSA.
Barazana: Sabis na microservice na "Kundin Samfura" da aka lalata (barazanar ciki) ya fara aika bayanan da ba su da kyau zuwa sabis na "Sarrafa Oda," yana haifar da kurakurai na hankali da gazawar oda.
Aiwatar da Ƙa'idar Nazarin:
- Tambayi Barazana: Tushe=Ciki; Mai Aiki=Sabis da aka lalata; Manufa=Ingancin Bayanai.
- Gano Gibin (Bisa Binciken Nazari): Mafi yawan adabi suna mai da hankali kan hare-haren API na waje. Hanyoyin tsaro kaɗan ne ke magance gano halin mugunta daga sabis na halal.
- Hanyar Tsaro da aka Gabatar: Ai watsa matakin tabbatar da hali. Kowane amsa na sabis ya haɗa da hujja mai sauƙi, mai tabbatar da sirri cewa an aiwatar da dabarunsa na ciki daidai akan shigar da inganci, ta amfani da fasahohin da aka yi wahayi daga kwamfuta mai amana ko hujjojin rashin sani. Sabis ɗin da aka karɓa yana tabbatar da wannan shaidar kafin sarrafawa.
- Mataki: Wannan ya shafi Matakin Sadarwa, yanki da ba a yi nazari sosai ba.
- Tabbatarwa: Yana buƙatar haɗuwa da samfurin tsari (don tabbatar da ingancin tsarin shaidar) da binciken aiki (don auna matsakaicin samar da hujja/tabbatarwa).
10. Ayyukan Gaba & Hangarin Masana'antu
Haɗuwar MSA tare da wasu al'amuran fasaha zai ayyana iyakar tsaro na gaba:
- Microservices na Asali na AI: Yayin da samfuran AI suka zama masu iya turawa azaman microservices (misali, don gano zamba, keɓancewa), tsare su ya haɗa da sabbin barazanar: guba samfuri, hare-haren zato, da allurar sauri. Dole ne hanyoyin tsaro su ci gaba don kare sabis da kuma dukiyar hankali (samfurin).
- Lissafi na Sirri: Fasahohi kamar Intel SGX ko AMD SEV suna ba da damar aiwatar da lamba da bayanai a cikin yanayin aiwatarwa mai amana da aka tilasta ta hanyar kayan aiki (TEEs). MSA na gaba na iya amfani da wannan don ƙirƙirar "microservices masu kewaye," inda ko da mai ba da gajimare ba zai iya duba yanayin sabis ba, yana rage yankin harin daga ciki da kayan aiki da aka lalata.
- Juyin Halitta na Ragar Sabis: Ragunan sabis na yanzu (Istio, Linkerd) suna ba da mTLS da manufofi na asali. Gaba yana cikin raguna masu hankali waɗanda ke amfani da tabbatarwa mai ci gaba, makin haɗari na ainihin lokaci (bisa samfurin $\tau(t)$), da daidaita manufofi ta atomatik don ɗaukar keta—ainihin, tsarin rigakafi don aikace-aikacen.
- Tsaro Mai Jagorar Ka'idoji: Ma'auni kamar Dokar Juriya ta Aiki ta Lantarki ta EU (DORA) za su tilasta sassan kuɗi da mahimman kayan aiki su ɗauki matsayin tsaro mai tabbatarwa na tsari don tsarin rarrabawarsu, suna haɓaka bincike cikin tsarin sadarwa mai tsaro da zane-zanen turawa don MSA.
Gaba ba kawai game da tsare microservices ba ne, amma game da gina tsarin rarrabawa masu tsaro, masu warkar da kansu, da juriya daga ƙasa.
11. Nassoshi
- Hannousse, A., & Yahiouche, S. (2020). Securing Microservices and Microservice Architectures: A Systematic Mapping Study. arXiv preprint arXiv:2003.07262.
- Newman, S. (2015). Building Microservices. O'Reilly Media.
- Nadareishvili, I., et al. (2016). Microservice Architecture: Aligning Principles, Practices, and Culture. O'Reilly Media.
- National Institute of Standards and Technology (NIST). (2020). Zero Trust Architecture (SP 800-207).
- Google. (2014). BeyondCorp: A New Approach to Enterprise Security. [Google Research Publication].
- Lamport, L., Shostak, R., & Pease, M. (1982). The Byzantine Generals Problem. ACM Transactions on Programming Languages and Systems (TOPLAS).
- European Union. (2022). Digital Operational Resilience Act (DORA).