首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
46
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、SP
B、IdM
C、Internet
D、entity
答案
B
解析
转载请注明原文地址:https://kaotiyun.com/show/3MTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2009下架构)电子数据交换(EDI)是电子商务活动中采用的一种重要的技术手段。以下关于EDI的叙述中,错误的是______。
(2012上集管)网络协议和设备驱动软件经常采用分层架构模式,其主要原因是______。
(2010下集管)合同变更控制系统规定合同修改的过程,包括______。①文书工作;②跟踪系统;③争议解决程序;④合同索赔处理
(2011下项管)通常,项目整体变更管理过程涉及到负责批准或拒绝变更请求的变更控制委员会,下列关于变更控制委员会的描述中,错误的是______。
(2013上集管)自下而上估算方法是指估算单个工作包或细节详细活动的成本,然后将详细的成本汇总到更高层级估算的方法,下面关于该方法的描述中错误的是______。
(2011上集管)下列关于冲突及其解决方式的描述中,不正确的是______。
(2011下项管)瀑布模型把软件生命周期划分为8个主要的阶段,其中______一阶段定义的规划将成为软件测试中的系统测试阶段的目标。
(2010下软评)以下关于软件生命周期的叙述不正确的是______。
(2009上网工)两个公司希望通过Internet传输大量敏感数据,从信息源到目的地之间的传输数据以密文形式出现,而且不希望由于在传输结点使用特殊的安全单元而增加开支,最合适的加密方式是______(1),使用会话密钥算法效率最高的是______(2)。
(2011上集管)在某次针对数据库的信息安全风险评估中,发现其中对财务核心数据的逻辑访问密码长期不变。基于以上现象,下列说法正确的是______。
随机试题
微分方程y"一5y’+6y=x2e3x的一个特解y*可设为()
为什么说艺术是一种特殊的意识形态?
MRSA是指
女性,27岁,停经7周,阴道少量流血2天,睡前突感下腹剧痛并伴明显肛门坠胀感,诊断腹腔内出血的直接证据是
设{an}是任意等比数列,它的前n项和,前2n项和与前3n项和分别为X,Y,Z,则下列等式中恒成立的是()
读图文材料,回答问题。天津近、现代工业集聚地经历了由南、北运河与海河交汇处附近-市区海河两岸、铁路沿线-市区边缘-滨海地区、卫星城镇的变化过程。图中所示调水工程建成后,将对调入区自然环境产生的有利影响是___________,___________
Doctor:______.Patient:I’vecaughtabadcoldandgotasorethroat.
下列叙述中正确的是
64有多少小于的因子?
Lookingforanewweightlossplan?Trylivingontopofamountain.Mountainaircontainslessoxygenthanairatloweraltitud
最新回复
(
0
)