首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
6
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、entity
B、person
C、component
D、thing
答案
C
解析
转载请注明原文地址:https://kaotiyun.com/show/kMTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2012下集管)甲软件系统每年因故障中断10次,每次恢复平均20分钟,乙软件系统每年因故障中断2次,每次恢复平均5小时,根据《软件工程产品质量GB/T16260-2006》中可靠性和有效性(或可用性)的定义,下面说法正确的是______。
(2009下集管)以质量为中心的信息系统工程控制管理工作是由三方分工合作实施的,这三方不包括______。
(2010下架构)某游戏公司欲开发一个大型多人即时战略游戏,游戏设计的目标之一是能够支持玩家自行创建战役地图,定义游戏对象的行为和之间的关系。针对该目标,公司应该采用______架构风格最为合适。
(2009下架构)软件架构需求是指用户对目标软件系统在功能、行为、性能、设计约束等方面的期望。以下活动中,不属于软件架构需求过程范畴的是______。
(2005上项管)关于kerberos和PKI两种认证协议的叙述中正确的是______(1),在使用kerberos认证时,首先向密钥分发中心发送初始票据______(2)来请求会话票据,以便获取服务器提供的服务。(1)
(2012下项管)假设A和B之间要进行加密通信,则正确的非对称加密流程是______。①A和B都要产生一对用于加密和解密的加密密钥和解密密钥;②A将公钥传给B,将私钥自己保存,B将公钥传送给A,将私钥自己保存;③A发送消息给B
(2006下系分)需求分析的任务是借助于当前系统的物理模型导出目标系统的逻辑模型,解决目标系统“做什么”的问题。______并不是需求分析的实现步骤之一。
(2012上集管)某系统集成商M公司与甲方签定了一份电子商务平台建设项目。合同中规定,如果系统交付后存在质量问题,系统集成商M应提供免费的及时维护服务。M公司按合同要求交付了系统,双方签定了验收报告。在此后的一年内,M公司及时响应了甲方的维护要求;一年之后
按照行为方式,可以将针对操作系统的安全威胁划分为切断、截取、篡改、伪造四种。其中()是对信息完整性的威胁。
区块链是一种按照时间顺序将数据区块以顺序相连的方式组合成的一种链式数据结构,并以密码学方式保证的不可篡改和不可伪造的分布式账本。主要解决交易的信任和安全问题,最初是作为______的底层技术出现的。
随机试题
主动消除或者减轻违法行为危害后果的,()行政处罚。
下列选项中,适宜采用市场渗透战略的是()。
以下哪座建筑不属于18世纪古典复兴建筑风格?
根据《水电水利工程施工重大危险源辨识及评价导则》DL/T5274—2012,依据事故可能造成的人员伤亡数量及财产损失情况,重大危险源共划分为()级。
反映国家社会与经济发展状况的常用指标可划分为社会、经济和()三大指标体系。
项目风险识别是确定可能对项目造成影响并________发生的事件。
在教学过程中如何处理好掌握知识与发展智力的关系?
中国近代第一批正式派遣留欧学生出发赴欧的时间是
下列关于二叉树的叙述中,正确的是
Thefirststeptodefeatinganenemyistopindownhisexactidentityandhowheoperates.Hypertension—chronic,abnormallyrai
最新回复
(
0
)