首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
41
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、SP
B、IdM
C、Internet
D、entity
答案
B
解析
转载请注明原文地址:https://kaotiyun.com/show/3MTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2013下项管)以下关于商业智能的说法中,______是不恰当的。
(2013上项管)某单位新近一批600台不同型号的PC机,均由同一设备生产厂家提供。按照质量管理相关规定,以下质检方法中,正确的是______。
(2008下监理)网络计划中的虚工作_______(1)。双代号网络计划中的节点表示_______(2)。(1)
(2013下项管)活动排序的工具和技术有多种,工具和技术的选取由若干因素决定。如果项目经理决定在进度计划编制中使用标准化的项目进度网络图,这可能因为______。
(2009上项管)某项目的时标网络图如下(时间单位:周),在项目实施过程中,因负责实施的工程师误操作发生了质量事故,需整顿返工,造成工作④-⑥拖延3周,受此影响,工程的总工期会拖延______周。
(2012下项管)关于项目范围确认及有关活动,以下说法错误的是______。
(2011上集管)下列关于工作分解结构(WBS)的叙述中,错误的是______。
(2010下集管)甲公司最近中标某市应急指挥系统建设,为保证项目质量,项目经理在明确系统功能和性能的过程中,以本省应急指挥系统为标杆,定期将该项目的功能和性能与之比较。这种方法属于______。
(2010下软评)关于软件质量,______的叙述是正确的。①软件满足规定或潜在用户需求特性的总和;②软件特性的总和;软件满足规定用户需求的能力;③是关于软件特性具备“能力”的体现;④软件质量包括“代码质量”、“外部
(2012上集管)以下不属于主动式攻击策略的是______。
随机试题
针刺右侧风市、日月、飞扬、足临泣穴,应选取的体位是()(2009年第75题)
在粘结吸附理论中,下列不正确的是
A.无强化B.环状强化C.脑回状强化D.均匀性强化E.非均匀性强化脑梗死CT的强化特点是
A.眼痒眼痛B.白睛红赤C.胞睑浮肿D.胞肿如桃E.目珠干涩
造血功能障碍造血原料缺乏
在境内,股票、公司债券和国务院依法认定的其他证券的发行和建议,适用()。
对于看涨期权的买方来说,到期行使期权的条件是()。
全国人民代表大会常务委员会对宪法和法律的解释是()。
经公安机关讯问,已知下列判断为真:(1)若甲和乙都是杀人犯,则丙是无罪的;(2)丙有罪,并且丁的陈述正确;(3)只有丁的陈述不正确,乙才不是杀人犯。由此可以推出下列哪项是正确的?
•Lookattheformbelow.•Someinformationismissing.•YouwillhearamanphoningtheHumanResourcesdepartmentofthecompan
最新回复
(
0
)