数据与计算发展前沿 ›› 2021, Vol. 3 ›› Issue (3): 19-31.doi: 10.11871/jfdc.issn.2096-742X.2021.03.003

• 网络通信与安全专刊 • 上一篇    下一篇

合规视角下的数据安全技术前沿与应用

陈磊1,2,*(),刘文懋1,*()   

  1. 1.绿盟科技集团股份有限公司,北京 100089
    2.清华大学,自动化系,北京 100084
  • 收稿日期:2021-03-08 出版日期:2021-06-20 发布日期:2021-07-09
  • 通讯作者: 陈磊,刘文懋
  • 作者简介:陈磊,绿盟科技集团股份有限公司,安全研究员,博士,清华大学和绿盟科技公司联合培养企业博士后。目前主要研究方向为数据安全与隐私保护、数据库水印、联邦学习等。
    本文中负责文献调研和论文撰写。
    CHEN Lei, Ph.D., is currently a security researcher of Nsfocus Information Technology Co., Ltd. He is also a post-doctor of Tsinghua University. His recent research interests include data security and privacy protection, database watermarking, and federated learning.
    In this paper, he surveyed the literature and drafted the manuscript.
    E-mail: chenlei5@nsfoucs.com|刘文懋,绿盟科技集团股份有限公司,创新中心部门总监,高级工程师,博士,目前主要研究方向为网络安全、云安全等。
    本文负责文章整体构思和设计,修改全文。
    LIU Wenmao, Ph.D., senior engineer, is currently the Director of Innovation Center Department, Nsfocus Information Tech-nology Co., Ltd. His recent research interests include network security and cloud security.
    In this paper, he conceived and revised the paper.
    E-mail: liuwenmao@nsfocus.com
  • 基金资助:
    中国博士后科学基金资助项目(2019M660511)

Frontiers and Applications of Data Security Technology from the Perspective of Compliance

CHEN Lei1,2,*(),LIU Wenmao1,*()   

  1. 1. Nsfocus Information Technology Co., Ltd., Beijing 100089, China
    2. Department of Automation, Tsinghua University, Beijing 100084, China
  • Received:2021-03-08 Online:2021-06-20 Published:2021-07-09
  • Contact: CHEN Lei,LIU Wenmao

摘要:

【目的】 本文从合规视角出发,阐述和分析当前存在的十种前沿数据安全技术以及应用,旨在为国内的数据安全合规、隐私保护等场景提供技术指导与参考。【方法】 基于数据安全需求与合规挑战,将数据安全建设从宏观上划分为用户隐私合规、数据安全治理和数据共享计算三类场景,并在这些场景下分别阐述差分隐私、敏感数据识别、用户实体行为分析、安全多方计算和联邦学习等十种创新技术,以及在工业界的应用现状与挑战。【结果】 基于分析,这十种技术不仅可以提升企业组织的数据安全防护水平,同时可以很好地遵循欧盟《通用数据保护条例》与国内《网络安全法》等法规要求。【结论】 总的来说,随着全球数据安全领域立法与监管,一方面催生了巨大的信息安全与合规需求,另一方面也给数据安全技术带来新一轮的发展机遇。毋庸置疑,当前的这些新技术在商业应用上仍面临着诸多关键性挑战,未来值得进一步研究与探索。

关键词: 数据安全, 隐私保护, 安全合规, 差分隐私, 联邦学习

Abstract:

[Objective] From the perspective of compliance, this paper comprehensively reviews and analyzes the principles and applications of ten cutting-edge data security technologies, aiming to promote the research and development of data security compliance and privacy protection in China.[Methods] Based on security requirements and compliance challenges, the data security construction is divided into three kinds of scenarios: user privacy compliance, data security governance, and data sharing and computing. The ten innovative technologies, such as differential privacy, sensitive data identification, user entity behavior analysis, security multi-party computing, and federal learning, are described in these three scenarios. The application status and challenges in the industry are also presented.[Results] Based on the analysis, these ten technologies can not only improve the level of data security and privacy protection of enterprises, but also satisfy some specific compliance requirements of the EU General Data Protection Regulation and China Cybersecurity Law. [Conclusions] In general, the legislation and regulation of global data security regulations have aroused high security and compliance demands, which brings new development opportunities for data security technology. There is no doubt that some of these emerging technologies still face several critical challenges in a wide range of commercial applications, and more efforts and explorations are needed in the future.

Key words: data security, privacy protection, security compliance, differential privacy, federal learning