首页
外语
计算机
考研
公务员
职业资格
财经
工程
司法
医学
专升本
自考
实用职业技能
登录
计算机
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (
admin
2020-04-30
34
问题
Trust is typically interpreted as a subjective belief in the reliability,honesty and security of an entity on which we depend (71)________________ our welfare.In online environments we depend on a wide spectrum of things,ranging from computer hardware,software and data to people and organizations.A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions,hence,a trusted entity is the same as an entity that is assumed to function according to policy. A consequence of this is that a trusted component of a system must work correctly in order for the security of that system to hold,meaning that when a trusted (72)________________ fails,then the systems and applications that depend on it can (73)________________ be considered secure.An often cited articulation of this principle is:‘a trusted system or component is one that can break your security policy’(which happens when the trusted system fails).The same applies to a trusted party such as a service provider(SP for short),that is,it must operate according to the agreed or assumed policy in order to ensure the expected level of security and quality of services.A paradoxical conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on.This is because the security of an infrastructure consisting of many trusted components typically follows the principle of the weakest link,that is,in many situations the overall security can only be as strong as the least reliable or least secure of al l the trusted components.We cannot avoid using trusted security components,but the fewer the better.This is important to understand when designing the identity management architectures,that is,fewer the trusted parties in an identity management model,stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital alld computational conceptshelpsindesigningandimplementinglarge scaleonlinemarketsandcommunities,and also plays an important role in the converging mobile and Internet environments.Identity management fdenoted IdM hereafter)is about recognizing and verifying the correctness of identities in online environments.Trust management becomes a component of (74)________________ whenever different parties rely on each other for identity provision and authentication.IdM and trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining authorisation policies in personalised services.
Establishing trust always has a cost,so that having complex trust requirements typically leads to high overhead in establishing the required trust.To reduce costs there will be incentives for stakeholders to‘cut comers’regarding trust requirements,which could lead to inadequate security.The challenge is tO design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed.The establishment of initial (75)________________ usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
选项
A、no longer
B、never
C、always
D、often
答案
A
解析
转载请注明原文地址:https://kaotiyun.com/show/tMTZ777K
本试题收录于:
信息安全工程师上午基础知识考试题库软考中级分类
0
信息安全工程师上午基础知识考试
软考中级
相关试题推荐
(2013上集管)项目论证是对拟实现项目技术上的先进性,适用性,经济的合理性,实施上的可能性,风险控制等进行全面的综合分析,为项目决策提供客观依据的一种技术经济研究活动,其中______不属于项目论证的主要内容。
(2007下项管)信息系统工程监理实行______。
(2011下项管)李先生是某软件开发公司负责某项目的项目经理,该项目已经完成了前期的工作进入实现阶段,但用户提出要增加一项新的功能,李先生应该______。
(2010上集管)一项新的国家标准出台,某项目经理意识到新标准中的某些规定将导致其目前负责的一个项目必须重新设定一项技术指标,该项目经理首先应该______。
(2011上项管)质量控制是项目质量控制人员采取有效措施,监督项目的具体实施结果,判断它们是否符合有关的项目质量标准,并确定消除产生不良结果原因的途径。以下内容中,______是执行项目质量控制的输入。①组织过程资产;②质量度量标准;③工作绩效信
(2008下项管)(2009上项管)(2010上项管)某工程包括A、B、C、D、E、F、G七项工作,各工作的紧前工作、所需时间以及所需人数如下表所示(假设每个人均能承担各项工作):该工程的工期应为______(1)天。按此工期,整个工程最少需要____
(2013下集管)配置管理描述了应用技术和行政管理指示的监督的程序,______不属于配置中实施的任务。
(2012上网工)802.11在MAC层采用了______协议。
(2010下集管)Internet上的域名解析服务(DNS)完成域名与IP地址之间的翻译。执行域名服务的服务器被称为DNS服务器。小张在Internet的某主机上用nslookup命令查询“中国计算机技术职业资格网”的网站域名,所用的查询命令和得到的结果如
(2009下集管)承建单位有时为了获得项目可能将信息系统的作用过分夸大,使得建设单位对信息系统的预期过高。除此之外,建设单位对信息系统的期望可能会随着自己对系统的熟悉而提高。为避免此类情况的发生,在合同中清晰地规定______对双方都是有益的。
随机试题
Apioneeringheadteacheriscallingforallsecondaryschoolstofollowhisleadandstartclassesat11am,allowingteenagers
在pH>10.5的溶液中,EDTA的主要存在形式是()。
Winteristheseasonoftheyear___________thedaysareshortandthenightsarelong.
刷手的顺序
双面阅读型CR其IP的DQE值比普通IP增加了
前视点A的高程为20.503m,读数为1.082m,后视点B的读数为1.102m,则其后视点B的高程为()m。
某有限责任公司章程中的下列规定,不符合《公司法》的是()。
Atthedawnofthe20thcentury,suburbiawasadreaminspiredbyrevulsiontothepovertyandcrowdingofthecities.Inthevi
IknownotmoreFrenchthanIknowLatin.Therefore,Ican’tteacheitherofthem.
Market【C1】______donotcomenaturallytoChineseofficials.Forthepastfouryearstwohugediversion【C2】______havebeenunde
最新回复
(
0
)