摘要
在研究了我国数据共享信息化发展的阶段规律和相应架构体系变迁的基础上,结合我国数据治理法规标准体系要求和PKS自主计算体系发展现状,研究在可信安全计算环境中数据不脱离数据拥有方的、可主动免疫的架构设计原则、实现方案,包括底层可信的基础软硬件系统,上层应用零信任的主动审计防御体系,以及“数据拥有方主导+数据交易第三方负责的可信网络路由交换集中运维”的数据共享建设思路、建设内容、实施路径等。最后指出未来数据共享应用场景中可能面临的新风险、新问题,并提出构建符合法理要求和内生安全理念的新一代信息化架构体系的一些综合建议。
Based on the study of the stage law of the development of data sharing informatization in China and the changes of the corresponding architecture system,combined with the requirements of Chinese data governance regulations and standards system and the development status of PKS independent computing system,this paper studies the architecture design principles and implementation schemes of data without breaking away from data ownership and active immunity in the trusted and secure computing environment,including the underlying trusted basic software and hardware system,the active audit defense system with zero trust applied at the upper layer,as well as the data sharing construction idea,construction content and implementation path of"Data is dominated by data owners+Centralized operation and maintenance of trusted network’s routing switching dominated by the third party of data transaction".Finally,it points out the new risks and problems that may be faced in the future data sharing application scenarios,and puts forward some comprehensive suggestions on building a new generation of information architecture system that meets the legal requirements and the concept of endogenous security.
作者
李建
王昊
姜苈峰
罗清林
吴凡毅
Li Jian;Wang Hao;Jiang Lifeng;Luo Qinglin;Wu Fanyi(CEC Joint Innovation Research Institute Co.,Ltd.,Chengmai 571924,China;Key Laboratory of PK System Technologies Research of Hainan Province,Chengmai 571924,China;China Electronics Corporation,Shenzhen 518057,China)
出处
《网络安全与数据治理》
2022年第7期70-77,共8页
CYBER SECURITY AND DATA GOVERNANCE
关键词
PKS体系
数据共享
内生安全
可信计算
零信任
系统架构
PKS system
data sharing
endogenous security
trusted computing
zero trust
system architecture
