2018上半年信息安全工程師上午真題試題解析第71-75題
71-75、Trust is typically interpreted as a subjective belief in the reliability， honesty and  security  of an entity on which we depend （ ）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to  policy . A consequence of this is that a trust component of a system must work correctly in order   for the security of that system to hold, meaning that when a trusted（  ）fails , then the sytems and applications that depend on it can（  ）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed   policy in order to ensure the expected level of securty and quality of services . A paradoxical   conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the  identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （  ）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining  authorisation policies in personalised services.
Establishing trust always has a cost, so that having  complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（  ）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with
B. on
C. of
D. for
（72）A.entity
B.person
C.component
D.thing
（73）A. No longer
B. never
C. always
D.often
（74）A. SP
B. IdM
C.Internet
D.entity
（75）A.trust
B.cost
C.IdM
D. solution
信管網(wǎng)解析：
譯文：信任通常被解釋為對(duì)我們所依賴(lài)的實(shí)體的可靠性、誠(chéng)實(shí)和安全性的主觀信仰（）我們的福利。在網(wǎng)絡(luò)環(huán)境中，我們依賴(lài)的是廣泛的事物，從計(jì)算機(jī)硬件、軟件和數(shù)據(jù)到人和組織。安全解決方案總是根據(jù)特定的策略假定某些實(shí)體的功能。信任恰恰是為了進(jìn)行此類(lèi)假設(shè)，因此，受信任實(shí)體與根據(jù)策略假定其功能的實(shí)體相同。這樣做的結(jié)果是，系統(tǒng)的信任組件必須正確工作，以保持該系統(tǒng)的安全性，這意味著當(dāng)受信任的（）失敗時(shí)，依賴(lài)它的系統(tǒng)和應(yīng)用程序可以（）被視為安全的。此原則的一個(gè)經(jīng)常被引用的表述是：“受信任的系統(tǒng)或組件是一個(gè)這會(huì)破壞您的安全策略（信任系統(tǒng)失敗時(shí)會(huì)發(fā)生這種情況）。這同樣適用于受信任方，如服務(wù)提供商（簡(jiǎn)稱(chēng)SP），也就是說(shuō)，為了確保預(yù)期的安全性和服務(wù)質(zhì)量，它必須按照商定或假定的政策進(jìn)行操作。從該分析中得出的一個(gè)矛盾結(jié)論是，當(dāng)增加服務(wù)基礎(chǔ)設(shè)施所依賴(lài)的受信任組件和參與方的數(shù)量時(shí)，安全保證可能會(huì)減少。這是因?yàn)橛稍S多基礎(chǔ)設(shè)施組成的基礎(chǔ)設(shè)施的安全性。
受信任組件通常遵循最薄弱鏈接的原則，即在許多情況下，整體安全性只能與所有受信任組件中最不可靠或最不安全的組件一樣強(qiáng)。我們不能避免使用可信的安全組件，但越少越好。在設(shè)計(jì)身份管理架構(gòu)時(shí)，這一點(diǎn)很重要，也就是說(shuō)，在身份管理模型中，受信任方越少，所能實(shí)現(xiàn)的安全性就越強(qiáng)。
將身份和信任的社會(huì)結(jié)構(gòu)轉(zhuǎn)換為數(shù)字和計(jì)算概念有助于設(shè)計(jì)和實(shí)現(xiàn)大規(guī)模的在線市場(chǎng)和社區(qū)，并在融合的移動(dòng)和互聯(lián)網(wǎng)環(huán)境中發(fā)揮重要作用。身份管理（以下簡(jiǎn)稱(chēng)IDM）是識(shí)別和驗(yàn)證在線環(huán)境中標(biāo)識(shí)的正確性。當(dāng)不同的方依賴(lài)對(duì)方提供標(biāo)識(shí)和進(jìn)行身份驗(yàn)證時(shí)，信任管理就成為（）的一個(gè)組成部分。因此，IDM和信任管理以復(fù)雜的方式相互依賴(lài)，因?yàn)楸仨毿湃紊矸荼旧淼恼_性，以確保要信任的相應(yīng)實(shí)體的質(zhì)量和可靠性。在定義個(gè)性化服務(wù)中的授權(quán)策略時(shí)，IDM也是一個(gè)基本概念。
建立信任總是有成本的，因此具有復(fù)雜的信任需求通常會(huì)導(dǎo)致建立所需信任的高開(kāi)銷(xiāo)。為了降低成本，將鼓勵(lì)利益相關(guān)者在信任要求方面“抄近路”，這可能導(dǎo)致安全性不足。挑戰(zhàn)在于設(shè)計(jì)具有相對(duì)簡(jiǎn)單信任要求的IDM系統(tǒng)。密碼機(jī)制通常是IDM解決方案的核心組件，例如實(shí)體和數(shù)據(jù)身份驗(yàn)證。通過(guò)密碼技術(shù)，通?？梢詫⑿湃螐淖畛醮嬖诘牡胤絺鞑サ叫枰牡胤健３跏迹ǎ┑慕⑼ǔＪ莑ly發(fā)生在物理世界中，隨后的信任傳播在網(wǎng)上進(jìn)行，通常以自動(dòng)化的方式進(jìn)行。
信管網(wǎng)參考答案：B、A、B、B、A
點(diǎn)擊查看：2018上半年信息安全工程師上午綜合知識(shí)真題與答案