Frontiers and Applications of Data Security Technology from the Perspective of Compliance

doi:10.11871/jfdc.issn.2096-742X.2021.03.003

Abstract

Abstract:

[Objective] From the perspective of compliance, this paper comprehensively reviews and analyzes the principles and applications of ten cutting-edge data security technologies, aiming to promote the research and development of data security compliance and privacy protection in China.[Methods] Based on security requirements and compliance challenges, the data security construction is divided into three kinds of scenarios: user privacy compliance, data security governance, and data sharing and computing. The ten innovative technologies, such as differential privacy, sensitive data identification, user entity behavior analysis, security multi-party computing, and federal learning, are described in these three scenarios. The application status and challenges in the industry are also presented.[Results] Based on the analysis, these ten technologies can not only improve the level of data security and privacy protection of enterprises, but also satisfy some specific compliance requirements of the EU General Data Protection Regulation and China Cybersecurity Law. [Conclusions] In general, the legislation and regulation of global data security regulations have aroused high security and compliance demands, which brings new development opportunities for data security technology. There is no doubt that some of these emerging technologies still face several critical challenges in a wide range of commercial applications, and more efforts and explorations are needed in the future.

Key words: data security, privacy protection, security compliance, differential privacy, federal learning

CHEN Lei,LIU Wenmao. Frontiers and Applications of Data Security Technology from the Perspective of Compliance[J]. Frontiers of Data and Computing, 2021, 3(3): 19-31.

Figures/Tables 8

Fig.1

Fig.2

Fig.3

Fig.4

Fig.5

Fig.6

Fig.7

Fig. 8

References 19

[1]	General Data Protection Regulation(GDPR)[EB/OL].[2021-03-01]. https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN.
[2]	CCPA Readiness survey[EB/OL]. [2021-03-01]. https://iapp.org/resources/article/ccpa-readiness-survey/.
[3]	《中华人民共和国网络安全法》[EB/OL]. [2021- 03- 01]. http://xxzx.mca.gov.cn/article/wlaqf2017/wjjd/201705/20170500891068.shtml.
[4]	中央网信办、工业和信息化部、公安部、市场监管四部门联合发布《APP 违法违规收集使用个人信息专项治理报告2019》[EB/OL]. [2021- 03- 01]. http://www.cac.gov.cn/2020-05/26/c_1592036763304447.htm.
[5]	北京警方开展“净网2020”专项行动[EB/OL]. [2021- 03- 01]. http://www.gov.cn/xinwen/2020-05/24/content_ 5514428.htm.
[6]	Dwork C. Differential Privacy[C]. In: International Collo-quium on Automata, Languages, and Programming. Springer, 2006, 4052:1-12.
[7]	Differential Privacy[EB/OL]. [2021-03-01]. https://www.apple.com/privacy/docs/Differential_Privacy_Overview
[8]	Singhal A. Introducing the knowledge graph: things, not strings[EB/OL]. [2021-03-01]. https://blog.google/products/search/introducing-knowledge-graph-things-not/.
[9]	Securiti.ai homepage[EB/OL]. [2021-03-01]. https://Secu-riti.ai/.
[10]	EL EMAM K. Guide to the de-identification of personal health information[M]. Auerbach Publications, 2013:177-196.
[11]	用户实体行为分析技术(UEBA)[EB/OL]. [2021- 03- 01]. http://www.caict.ac.cn/kxyj/qwfb/ztbg/202006/P020200619441768543756.pdf.
[12]	Sweeney L. K-anonymity: A model for protecting privacy[C]. In: International Journal of Uncertainty, Fuzziness and Knowledge-based Systems, 2002, 10(5):557-570.
[13]	Machanavajjhala A, Kifer D, Gehrke J, Venkitasubra-maniam M. L-diversity: privacy beyond K-anonymity[J]. ACM Transactions on Knowledge Discovery from Data, 2007, 1(1):3. doi: 10.1145/1217299.1217302
[14]	Li N H, Li T C, Venkatasubramanian S. T-Closeness-privacy beyond K-anonymity and L-diversity[C]. In: IEEE 23rd International Conference on Data Engineering, Istanbul, Turkey, April 15-20, 2007: 106-115.
[15]	Rivest R L, Adleman L, Dertouzos M L. On data banks and privacy homomorphisms[J]. Foundations of secure computation, 1978, 4(11):169-180.
[16]	Gentry C. Fully homomorphic encryption using ideal lattices[C]. In: Proceedings of the forty-first annual ACM symposium on Theory of computing. 2009: 169-178.
[17]	Duality homepage[EB/OL]. [2021-03-01]. https://dualitytech.com/.
[18]	Rashid Sheikh, Durgesh KumarMishra, Beerendra Kumar. Secure Multiparty Computation: From Millionaires Problem to Anonymizer[J]. Information Systems Security, 2011, 20(1):25-33.
[19]	McMahan B, Moore E, Ramage D, Hampson S, Arcas, B. Communication-efficient learning of deep networks from decentralized data[C]. In: Artificial Intelligence and Statistics. PMLR, 2017: 1273-1282.