摘要
大数据技术的发展和应用对国家的治理模式、企业的决策架构、商业的业务策略以及个人的生活方式都产生了深远影响。但是,大量数据的汇集不仅加大了用户隐私泄露的风险,而且大数据中包含的巨大信息和潜在价值吸引了更多的潜在攻击者。此外,大数据的应用是跨学科领域集成的应用,引入了很多新的技术,可能面临更多更高的风险。作者回顾了大数据的定义和特征,提出大数据架构和大数据安全体系,在此基础上分析大数据安全在法律法规、标准、数据生命周期保护和大数据平台4个方面的研究进展。梳理美国、欧盟、中国等在大数据安全方面的法律法规现状和国际标准化组织、美国、中国等大数据安全标准化研究现状。大数据在生命周期过程中需要大数据平台为其提供支撑,以实现大数据的收集、传输、存储和分析等功能。从大数据生命周期和大数据平台两个维度分析大数据面临的安全问题和关键技术研究现状。生命周期包括收集、存储、使用、分发和删除5个阶段。收集阶段的数据质量决定了数据价值,提升数据质量的技术手段主要有数据与模型不一致性的检测、数据清洗两类。大数据分发将处理后的大数据传递给外部实体,隐私保护或敏感信息保护至关重要,相关的关键技术有数据匿名化、支持隐私保护的数据检索和分析等。大数据的管理主要包含元数据管理、数据血缘管理等方面,可以为有效使用大数据和确保大数据安全提供支持。大数据平台安全主要解决大数据组件之间的身份认证、数据隔离、数据加密存储、大数据平台边界保护和审计,主要的关键技术有身份认证、访问控制、数据加密和审计等。目前,在国际上仍缺乏完善的大数据安全标准体系,在隐私保护、数据共享和数据跨境传输等方面缺乏标准的规范和指导。大数据分析技术仍处于快速发展阶段,很难预测今后的大数据关联分析对隐私保护和敏感信息保护带来的问题,因此,现有的数据脱敏技术和隐私保护技术有待进一步研究。数据同态加密实现了分析数据时不暴露数据隐私和敏感信息,现有的同态加密算法还远未成熟。现有的大数据平台的身份认证、数据加密、访问控制仍采用的传统技术,不能适应大数据面临的数据规模大、处理逻辑复杂、用户量大等新环境。一些大数据安全关键技术在性能和可用性方面还值得深入研究,以期可早日投入实际应用。另外,使用大数据处理技术研发安全态势感知、网络安全入侵检测、威胁情报分析等安全应用,利用大数据技术抵御针对大数据的攻击威胁也已成为大数据安全领域新的研究热趋势。大数据安全的发展需要法律法规、标准和关键技术的共同支撑和推动。
The development and application of big data technology has a deep influence on the national governance model,corporate decision-making architecture,business strategy and personal lifestyle.The data aggretation not only increases the risk of user privacy leaks,but the huge information and potential value contained in big data also attract more potential attackers.Moreover,the big data application is a cross-disciplinary application,which introduces not only a lot of new technologies but more and higher risks.The definition and characteristics of big data is reviewed,and the big data architecture and big data security system are put forward in this paper.Based on this system,the security challenges facing the current big data and research progress of big data security technologies are analyzed from four perspectives:laws and regulations,standards,data life cycle protection and big data platform key technology.Laws and regulations in America,European Union,China and the research status of big data security standarlization of International Organization for Standardization,America, China and so on was introduced.Big data platform is needed to realize the collection,transmission,storage and analysis and so on in big data lifeeycle.In this paper,the security problems and key technologies of big data are analyzed from two dimensions of big data lifeeycle and big data platform.The lifecycle includes collection,storage,usage,distribution and deletion five phases.Data value is determined by the data quality of the collection phase.Data and model inconsistency detection and data cleaning are the main technical means to improve data quality.The processed big data is transmit to external entit- ies in big data distribution phase,so the protection of privacy and sensitive information is essential.The retalted key technologies are data anonymity,privacy-protecting data retrieval and analysis.The big data management support the effective use of big data and en- sure big data security,which mainly contains metadata management and data lineage.The problems of authentication,data isolation,data encryption storage,big data platform border protection and audit between big data components can be solved by the big data platform security with the key technologies such as authentication,access control,data encryption and audit.At present,a perfect big data security standard system is still lacking in the world.The norms and guidance for privacy protection,data sharing,cross-border data transmission from standards are urgent needed.With the rapid development of big data analysis technology,it's difficult to predict the challenge of privacy protection and sensitive information protection from big data association analysis in the future.The existing data masking and privacy protection technology will face a great challenge.The data analysis without exposure to data privacy and sensitive information can be achieved by data homomorphie eneryption,but the existing homomorphic encryption algorithm is far from mature.The current authentication,data encryption and access control in the big data platform use the traditional techno logy,which can't adapt to the new environment with large scale of data,complex processing logic and huge amount of users.Some of the big data security key technologies are also worthy of indepth study in the performance and availability for early practical application.In addition,using big data pro-cessing technology to develop security applications such as network security situation perception,intrusion detection and network threat intelligence analysis,and using big data technology to resist attacks against big data have become a new research trend in the field of big data security.The development of big data security requires the united support and promotion of laws and regulations,standards and key technologies.
出处
《工程科学与技术》
EI
CAS
CSCD
北大核心
2017年第5期1-12,共12页
Advanced Engineering Sciences
基金
国家自然科学基金资助项目(61272447)
关键词
大数据
安全
身份认证
访问控制
隐私保护
big date
security
authentication
access control
privacy protection