首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
45
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、SP
B、IdM
C、Internet
D、entity
答案
B
解析
转载请注明原文地址:https://kaotiyun.com/show/3MTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2012下集管)项目可行性研究主要是通过对项目的主要内容和配套条件,如市场需求、资源供应、建设规模、工艺路线、设备选型、环境影响、资金筹措、赢利能力等,从技术、经济、工艺等方面进行调查研究和分析比较。并对项目建成后可能取得的财务、经济效益及社会影响进行预
(2014下集管)在项目可行性研究报告编写、提交和获得批准之前,首先要进行初步可行性研究。初步可行性研究的目的是______。
(2007下项管)信息系统工程监理实行______。
(2011下集管)以下关于项目进度网络图的描述中,正确的是______。
(2011上项管)根据如下图某项目的网络图,在最佳的人力资源利用情况下,限定在最短时间内完成项目,则项目的人力资源要求至少为______人。
(2007上监理)对于ISO9000族标准,我国国标目前采用的方式是______。
(2013下集管)配置管理描述了应用技术和行政管理指示的监督的程序,______不属于配置中实施的任务。
(2010下集管)在几种不同类型的软件维护中,通常情况下______所占的工作量最大。
(2011上集管)在某次针对数据库的信息安全风险评估中,发现其中对财务核心数据的逻辑访问密码长期不变。基于以上现象,下列说法正确的是______。
某公司采用邀请招标的方式选择承建单位,实施过程中发生了如下事件:①该公司向3家单位发出招标邀请函,其中包括该公司的股东公司。②该公司8月1日发出邀请函,要求对方在8月16日提交投标书。③该公司外聘了1名法律专家,连同公司CI
随机试题
A、eightB、weightC、heightD、neighborC
疯牛病发病的生化机制是
潮式呼吸的特点是()。
肾上腺素用于治疗吗啡用于治疗
A.广东凉茶B.清凉油C.六合定中丸D.藿香正气水E.仁丹
证监会派出机构应当自收到证券公司融资融券业务申请材料之日起()个工作日向证监会出具是否同意申请人开展融资融券业务试点的书面意见。
我国的理财师队伍扩张迅速的因素有()。
在△ABC中,a=80,b=100,A=45°,则此三角形解的情况是()。
基于以下题干:某市体委对该市业余体育运动爱好者的一项调查得到以下若干结论:所有的桥牌爱好者都爱好围棋;有些同棋爱好者爱好武术;所有的武术爱好者都不爱好健身操;有些桥牌爱好者同时爱好健身操。如果在题干巾再增加一个结论:每个围棋爱好者或者爱好武术或者爱好健
Apparently,Jim’sfatherwas______byhiswordsandyelledathimimmediately.
最新回复
(
0
)