期刊文献+

多维度数据分级分类安全管理框架 被引量:10

A Security Management Framework for Data Sensitivity and Multidimensional Classification
下载PDF
导出
摘要 针对目前数据分级分类安全管理缺乏统一标准和框架,传统的分级分类方法的表达能力有限等情况,文章提出一种利用声明式逻辑编程语言,建立多维度数据分级分类的表达和计算的系统框架,能够实现细粒度的分级分类设定、高效查询和分析。首先在表达能力和复杂度方面,除了支持传统的安全标签,还支持不面向数据记录、带参数、涉及多个数据资源相互作用关系等方式的分级分类,并给出了实例。然后基于分级分类,在同一框架下还能够进行多种数据安全分析和管理。利用纯声明式语言的特性,能够在现有系统上以较小代价实现分级分类安全管理,并允许底层计算框架和存储方式与上层分级分类逻辑的解耦,有利于进行系统优化升级,减小安全机制对系统性能的影响,促进数据分级分类安全管理落地。 In view of there has been no consensus on the standard and the technical architecture of data sensitivity and classification management,and conventional tools to realize data sensitivity and classification have very limited expressive power,a framework for expressing and computing data sensitivity and multidimensional data classification was proposed.The method was based on a declarative logic programming language and was capable of defining and analyzing data sensitivity and classification with fine granularity and high efficiency.Firstly,in terms of expression ability and complexity,besides supported conventional security labels,sensitivity and classification assigned not on data records,or parameterized,or concerning multiple data resources could also be expressed and computed.Then based on sensitivity and classification,examples were given to show the expressiveness and complexity of the method.Various data security analysis and management mechanisms could be implemented on the same framework.In addition,utilizing the declarative nature of the language,realizing data security on existing systems incurs low overhead to performance and was transparented to underlying computation and storage details,which was beneficial to system migration and optimization,could reduce the impact of security mechanism on system performance,and facilitates the deployment of data sensitivity and classification-based security mechanisms.
作者 刘红 张越今 赵文霞 杨牧 LIU Hong;ZHANG Yuejin;ZHAO Wenxia;YANG Mu(Run Technologies Co.,Ltd.Beijing,Beijing 100192,China;Beijing Cyberspace Data Analysis and Applied Engineering Technology Research Center,Beijing 100192,China;Smart City College,Beijing Union University,Beijing 100101,China;Beijing Municipal Public Security Bureau,Beijing 100055,China)
出处 《信息网络安全》 CSCD 北大核心 2021年第10期48-53,共6页 Netinfo Security
基金 公安部技术研究计划重点项目[2020JSYJA09]。
关键词 数据安全 分级分类 逻辑编程 大数据 data security sensitivity and classification logic programming big data
  • 相关文献

参考文献1

共引文献4

同被引文献108

引证文献10

二级引证文献15

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部