摘要
数据资源的汇聚共享导致安全风险集中,大数据环境下的安全审计面临众多挑战.首先在大数据参考框架、云安全审计框架基础上提出大数据安全审计参考框架,从用户维度和数据生命周期2个维度开展安全审计工作,对数据提供者、数据消费者、大数据平台提供者、大数据应用提供者等角色的用户行为进行安全监测,对数据采集、传输、存储、处理、交换、销毁整个生命周期处理过程进行追踪.最后,针对大数据安全审计过程中涉及的数据追溯和隐私保护问题进行探讨,以期对大数据安全审计工作的开展提供有益参考.
The aggregation and sharing of data resources contributes to the concentration of security risks,and security audit technology in big data environment is facing many challenges. Firstly,the reference framework for big data security auditing is proposed based on big data reference framework and cloud security audit framework,which conducts security auditing from user dimension and data life-cycle dimension. Secondly,the security audit technology monitors the behaviors of data provider,system orchestrator,big data application provider,big data framework provider and data consumer. And which tracks the entire data life-cycle process which consists of data collection,transmission,storge,curation,exchange and destruction. Finally,this paper discusses the data provenance and privacy protection problems during security auditing,in order to serve as useful references for the development of big data security audit technology.
作者
江茜
Jiang Xi(Department of Security Monitoring,Beijing Government Computer Emergency Response Center,Beijing 100101)
出处
《信息安全研究》
2019年第5期400-405,共6页
Journal of Information Security Research