首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
32
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、no longer
B、never
C、always
D、often
答案
A
解析
转载请注明原文地址:https://kaotiyun.com/show/tMTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2013上集管)项目论证是对拟实现项目技术上的先进性,适用性,经济的合理性,实施上的可能性,风险控制等进行全面的综合分析,为项目决策提供客观依据的一种技术经济研究活动,其中______不属于项目论证的主要内容。
(2010下集管)某体育设备厂商已经建立覆盖全国的分销体系。为进一步拓展产品销售渠道,压缩销售各环节的成本,拟建立电子商务网站接受体育爱好者的直接订单。这种电子商务属于______模式。
(2010下架构)某游戏公司欲开发一个大型多人即时战略游戏,游戏设计的目标之一是能够支持玩家自行创建战役地图,定义游戏对象的行为和之间的关系。针对该目标,公司应该采用______架构风格最为合适。
(2010上集管)中间件是位于硬件、操作系统等平台和应用之间的通用服务。______位于客户和服务器之间,负责负载均衡、失效恢复等任务,以提高系统的整体性能。
(2010下架构)项目时间管理包括使项目按时完成所必需的管理过程,活动定义是其中的一个重要过程。通常可以使用______来进行活动定义。
(2006下网工)ARP协议的作用是____(1),ARP报文封装在_____(2)中传送。(1)
(2014上项管)国家电子政务总体框架主要包括:服务与应用;信息资源;______;法律法规与标准化;管理体制。
(2005下项管)为了保障数据的存储和传输安全,需要对一些重要数据进行加密。由于对称密码算法______(1),所以特别适合对大量的数据进行加密。国际数据加密算法IDEA的密钥长度是______(2)位。(1)
(2009下网工)在Kerberos系统中,使用一次性密钥和______来防止重放攻击。
PrecedenceDiagrammingMethod(PDM)isamethodusedinactivitysequencing.Therearefourtypesofdependenciesorprecedencerel
随机试题
直接融资的局限性主要表现在()。
下列属于违反我国《工会法》的行为的是()
A.急性胎儿窘迫B.轻度新生儿窒息C.慢性胎儿窘迫D.重度新生儿窒息E.新生儿产伤胎儿在宫内有缺氧现象危及胎儿健康和生命,多发生在分娩期,诊断为
A.抗结核治疗B.病灶清除术C.肾部分切除术D.患肾切除术E.肾造瘘一侧肾结核无功能,对侧肾正常,应做()
按《职业病防治法》的规定,对建设项目的职业病危害评价分为()。
进(出)境快件报关单中的“KJ1报关单”仅适用于:
在唐代我国四大名砚中澄泥砚的产地是()。
某乡人民政府为解决乡机关干部及附近群众饮用水的困难,作出了《关于筹集资金安装自来水管道的决定》。其主要内容是:乡政府所在地的企事业单位每家交纳500元,所有工作人员每人交纳50元,乡政府所在地的甲、乙两村每户交纳40元,作为安装自来水管道的建设资金。甲村个
安史之乱平叛时期,安禄山解除了节度使的兵权,使节度使成了一个虚职,这有效地加强了政权。()
Forthispart,youareallowed30minutestowriteanessayentitledOnPlagiarism.Youressayshouldstartwithabriefdescrip
最新回复
(
0
)