2018上半年信息安全工程師上午真題試題解析：
71-75、Trust is typically interpreted as a subjective belief in the reliability， honesty and  security  of an entity on which we depend （ ）our welfare .In online environments we depend on a wide spectrun of things , ranging from computer hardware,software and data to people and organizations. A security solution always assumes certain entities function according to specific policies.To trust is precisely to make this sort of assumptions , hence , a trusted entity is the same as an entity that is assumed to function according to  policy . A consequence of this is that a trust component of a system must work correctly in order   for the security of that system to hold, meaning that when a trusted（  ）fails , then the sytems and applications that depend on it can（  ）be considered secure.An often cited articulation of this principle is:＂ a trusted system or component is one that can break your security policy” ( which happens when the trust system fails ). The same applies to a trusted party such as a service provider ( SP for short )that is , it must operate according to the agreed or assumed   policy in order to ensure the expected level of securty and quality of services . A paradoxical   conclusion to be drawn from this analysis is that security assurance may decrease when increasing the number of trusted components and parties that a service infrastructure depends on . This is because the security of an infrastructure consisting of many.
Trusted components typically follows the principle of the weakest link , that is ,in many situations the the overall security can only be as strong as the least reliable or least secure of all the trusted components. We cannot avoid using trusted security components,but the fewer the better. This is important to understand when designing the  identity management architectures,that is, fewer the trusted parties in an identity management model , stronger the security that can be achieved by it.
The transfer of the social constructs of identity and trust into digital and computational concepts helps in designing and implementing large scale online markets and communities,and also plays an important role in the converging mobile and Internet environments.Identity management (denoted Idm hereafter ) is about recognizing and verifying the correctness of identitied in online environment .Trust management becomes a component of （  ）whenever different parties rely on each other for identity provision and authentication . IdM and Trust management therefore depend on each other in complex ways because the correctness of the identity itself must be trusted for the quality and reliability of the corresponding entity to be trusted.IdM is also an essential concept when defining  authorisation policies in personalised services.
  Establishing trust always has a cost, so that having  complex trust requirement typically leads to high overhead in establishing the required trust. To reduce costs there will be incentives for stakeholders to “cut corners”regarding trust requirements ,which could lead to inadequate security . The challenge is to design IdM systems with relatively simple trust requirements.Cryptographic mechanisms are often a core component of IdM solutions,for example,for entity and data authentication.With cryptography,it is often possible to propagate trust from where it initially exists to where it is needed .The establishment of initial（  ）usually takes place in the physical world,and the subsequent propagation of trust happens online,often in an automated manner.
（71）A.with 
B. on 
C. of 
D. for
（72）A.entity 
B.person 
C.component 
D.thing
（73）A. No longer 
B. never 
C. always 
D.often
（74）A. SP 
B. IdM 
C.Internet 
D.entity
（75）A.trust 
B.cost 
C.IdM 
D. solution
信管網(wǎng)解析：
譯文：信任通常被解釋為對我們所依賴的實體的可靠性、誠實和安全性的主觀信仰（）我們的福利。在網(wǎng)絡環(huán)境中，我們依賴的是廣泛的事物，從計算機硬件、軟件和數(shù)據(jù)到人和組織。安全解決方案總是根據(jù)特定的策略假定某些實體的功能。信任恰恰是為了進行此類假設，因此，受信任實體與根據(jù)策略假定其功能的實體相同。這樣做的結(jié)果是，系統(tǒng)的信任組件必須正確工作，以保持該系統(tǒng)的安全性，這意味著當受信任的（）失敗時，依賴它的系統(tǒng)和應用程序可以（）被視為安全的。此原則的一個經(jīng)常被引用的表述是：“受信任的系統(tǒng)或組件是一個這會破壞您的安全策略（信任系統(tǒng)失敗時會發(fā)生這種情況）。這同樣適用于受信任方，如服務提供商（簡稱SP），也就是說，為了確保預期的安全性和服務質(zhì)量，它必須按照商定或假定的政策進行操作。從該分析中得出的一個矛盾結(jié)論是，當增加服務基礎設施所依賴的受信任組件和參與方的數(shù)量時，安全保證可能會減少。這是因為由許多基礎設施組成的基礎設施的安全性。
受信任組件通常遵循最薄弱鏈接的原則，即在許多情況下，整體安全性只能與所有受信任組件中最不可靠或最不安全的組件一樣強。我們不能避免使用可信的安全組件，但越少越好。在設計身份管理架構(gòu)時，這一點很重要，也就是說，在身份管理模型中，受信任方越少，所能實現(xiàn)的安全性就越強。
將身份和信任的社會結(jié)構(gòu)轉(zhuǎn)換為數(shù)字和計算概念有助于設計和實現(xiàn)大規(guī)模的在線市場和社區(qū)，并在融合的移動和互聯(lián)網(wǎng)環(huán)境中發(fā)揮重要作用。身份管理（以下簡稱IDM）是識別和驗證在線環(huán)境中標識的正確性。當不同的方依賴對方提供標識和進行身份驗證時，信任管理就成為（）的一個組成部分。因此，IDM和信任管理以復雜的方式相互依賴，因為必須信任身份本身的正確性，以確保要信任的相應實體的質(zhì)量和可靠性。在定義個性化服務中的授權(quán)策略時，IDM也是一個基本概念。
建立信任總是有成本的，因此具有復雜的信任需求通常會導致建立所需信任的高開銷。為了降低成本，將鼓勵利益相關者在信任要求方面“抄近路”，這可能導致安全性不足。挑戰(zhàn)在于設計具有相對簡單信任要求的IDM系統(tǒng)。密碼機制通常是IDM解決方案的核心組件，例如實體和數(shù)據(jù)身份驗證。通過密碼技術(shù)，通常可以將信任從最初存在的地方傳播到需要的地方。初始（）的建立通常是lly發(fā)生在物理世界中，隨后的信任傳播在網(wǎng)上進行，通常以自動化的方式進行。
信管網(wǎng)參考答案：B、A、B、B、A
點擊查看：2018上半年信息安全工程師上午綜合知識真題與答案