首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
44
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、SP
B、IdM
C、Internet
D、entity
答案
B
解析
转载请注明原文地址:https://kaotiyun.com/show/3MTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2010上项管)近年来,电子商务在我国得到了快速发展,很多网站能够使企业通过互联网直接向消费者销售产品和提供服务。从电子商务类型来说,这种模式属于______模式。
(2010下集管)在没有路由的本地局域网中,以Windows操作系统为工作平台的主机可以同时安装______协议,其中前者是至今应用最广的网络协议,后者有较快速的性能,适用于只有单个网络或桥接起来的网络。
(2009上软评)瀑布模型表达了一种系统的、顺序的软件开发方法。以下关于瀑布模型的正确叙述的是______。
(2009下网规)网管人员在监测网络运行状态时,发现下列现象:服务器上有大量的TCP连接,收到了大量源地址各异、用途不明的数据包;服务器收到大量的ARP报文。网管人员的判断是______(1),针对前一现象将采取的措施是______(2),针对后一现象可能
(2006下项管)在信息安全保障系统的S-MIS体系架构中,“安全措施和安全防范设备”层不涉及______。
(2010下项管)下图是某架构在J2EE平台上设计的一个信息系统集成方案架构图,图中的(1)、(2)和(3)分别表示______。
(2011上监理)质量体系文件通常由三部分组成,包括质量手册、_____(1)和作业指导书。质量体系文件的特性不包括_____(2)。(1)
(2014下集管)某系统集成项目的项目经理需采购第三方软件插件。在编制询价计划时,由于待采购软件插件比较专业,为了更加明确采购需求,该项目经理需要使用的文件为______。
区块链是一种按照时间顺序将数据区块以顺序相连的方式组合成的一种链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。主要解决交易的信任和安全问题,最初是作为______的底层技术出现的。
Sometimes the processes in which people are engaged are dependent upon other processes being completed first, possibly by other
随机试题
对财产权造成其他损害的,按照()给予赔偿。
简述核酸探针及其应用。
心输出量是指
关于IR序列反转时间的叙述,错误的是
医疗卫生机构违反《医疗废物管理条例》规定,导致传染病传播,给他人造成损害的,应当依法承担
查验征收是指由纳税人依据账簿记载,先自行计算缴纳,事后经税务机关查账核实,有不符合税法规定的,则多退少补。()
2015年10月29日,中国共产党十八届五中全会决定,全面实施一对夫妇可生育两个孩子的政策。下图为“1995—2025年中国人口增长趋势及预测柱状图”,读图完成问题。“二孩政策”的全面实施,将对我国未来十年产生的影响是()。
世界贸易组织是当前世界上最大的区域性贸易组织。()
桌上放着红桃、黑桃和梅花三种牌,共20张,下列判断正确的是()。[1]桌上至少有一种花色的牌少于6张[2]桌上至少有一种花色的牌多于6张[3]桌上任意两种牌的总数将不超过19张
HowdoyouexplaineconomicsinplainEnglish?TheFederalReserveBankofNewYorkhasbeenansweringthequestionwithaneven
最新回复
(
0
)