October 2019
Intermediate to advanced
304 pages
6h 1m
Japanese
Content preview from ゼロトラストネットワーク ―境界防御の限界を超えるためのセキュアなシステム設計
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
132
6 章 ユーザーの信頼と信用
ゼロトラストにする上で注意すべきリスクの
1
つは、
1
人の人間に対する信用の量
が過剰になることである。現実世界と同様に、機密性の高いアクションに権限を与え
る際には、複数の人間の承認を得るべきである。デジタル領域でこれを可能にする暗
号化手法は
2
つある。
6.6.1
シャミアの秘密分散法
シャミアの秘密分散法(
Shamir's Secret Sharing
)は、
1
つのシークレットを複数
のユーザーに分配する手法である。このアルゴリズムでは、元のシークレットを
n
個
のパーツに分割し、それらのパーツを配布できる(図
6-2
)。分割時のアルゴリズム
の設定によっては、元のシークレット値を再計算するのに
k
個のパーツが必要とな
る。
図 6-2:sss セッションの例
シャミアの秘密分散法を使って大量のデータを保護するときには、このアルゴリズ
ムをデータに直接適用するのではなく、通常は対称暗号鍵を分割して配布する。とい
うのも、分割の対象となるシークレットのサイズが、シークレット共有アルゴリズム
で使用されるデータよりも小さくなければならないからだ。
このアルゴリズムの
Unix/Linux
バージョンは
ssss
†6
と呼ばれる。他の
OS
やプロ
グラミング言語に対しても、同じようなアプリケーションとライブラリが存在する。
†
6 http://point-at-infinity.org/ssss/
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.