数据与计算发展前沿 ›› 2023, Vol. 5 ›› Issue (1): 128-135.

CSTR: 32002.14.jfdc.CN10-1649/TP.2023.01.012

doi: 10.11871/jfdc.issn.2096-742X.2023.01.012

• 技术与应用 • 上一篇    

基于分类分级的数据安全防控策略研究

周成祖(),吴文,蔡晓强*()   

  1. 厦门市美亚柏科信息股份有限公司,福建 厦门 361000
  • 收稿日期:2021-12-02 出版日期:2023-02-20 发布日期:2023-02-20
  • 通讯作者: * 蔡晓强(E-mail: 769847886@qq.com
  • 作者简介:周成祖,厦门市美亚柏科信息股份有限公司,高级工程师,执行总裁,硕士,主要研究方向为大数据、人工智能等。
    本文中负责总体统稿和分级分类技术问题统筹。
    ZHOU Chengzu, Master, is a senior en-gineer, and executive CEO of Xiamen Meiya Pico Infor-mation Co., Ltd. His main research interests include big data, artificial intelligence, etc.
    In this paper, he is responsible for the overall drafting and coordination of technical issues of classification.
    E-mail: zhoucz@300188.cn|蔡晓强,厦门美亚柏科乾坤院大数据架构研究中心,硕士,主要研究方向为大数据。
    本文中负责安全防控模型分析。
    CAI Xiaoqiang, Maseter, Xiamen Mei-ya Pico Information Co., Ltd. His main research interests is big data.
    In this paper, he is responsible for the analysis of the security prevention and control model.
    E-mail: 769847886@qq.com

Research of Data Security on Prevention and Control Strategy Based on Classification and Categorization

ZHOU Chengzu(),WU Wen,CAI Xiaoqiang*()   

  1. Xiamen Meiya Pico Information Co.,LTD, Xiamen, Fujian 361000, China
  • Received:2021-12-02 Online:2023-02-20 Published:2023-02-20

摘要:

【目的】 大数据时代的数据量呈指数型增长,需要通过分类分级对数据进行管理。 【方法】 本文通过对数据进行分类分级,结合相关法律或标准,提出数据安全的两个要素:受侵害客体与受侵害程度,得到数据的安全级别,并设计了大数据安全防控模型。【结果】 基于数据安全防控模型,实现基于分类分级的静态授权、对数据安全级别的动态控制、基于数据安全级别的动态授权与数据脱敏。【结论】 数据的分类分级应当以法律、行业标准为依据,实施静态的分类分级工作,在此基础上采取动态定级、实时调控措施,才能保障数据安全可控。

关键词: 大数据, 数据分类分级, 数据安全, 动态授权

Abstract:

[Objective] Since data volume in the age of big data grows exponentially, to guarantee data security, effective and efficient data classification and categorization are necessary for data management. [Methods] In this paper, by classifying and categorizing data, combined with relevant laws and standards, two key elements of data security are presented, including the infringed object and degree. Then a security prevention and control model of big data is designed. [Results] Under this model, static authorization based on classification and categorization, dynamic control of data security level as well as dynamic authorization and data masking based on data security level are realized. [Conclusions] Data should be classified and categorized by laws and industry standards. Data safety and controllability can be guaranteed only by statistic classification and categorization as well as dynamic categorization and real-time control.

Key words: big data, data classification and categorization, data security, dynamic authorization