大数据 ›› 2023, Vol. 9 ›› Issue (2): 79-98.doi: 10.11959/j.issn.2096-0271.2023021
刘业政1,2, 宗兰芳1, 金斗1, 袁昆1,2
出版日期:
2023-03-15
发布日期:
2023-03-01
作者简介:
刘业政(1965- ),男,博士,合肥工业大学管理学院教授,主要研究方向为电子商务与网络空间管理、大数据开发及应用基金资助:
Yezheng LIU1,2, Lanfang ZONG1, Dou JIN1, Kun YUAN1,2
Online:
2023-03-15
Published:
2023-03-01
Supported by:
摘要:
系统地分析了数据要素流通使用过程中存在的安全风险问题,在总结国内外数据交易制度与规范、理论与技术的基础上,构建了事前-事中-事后全链路数据要素流通使用安全风险应对策略,提出了管理与技术相互协同的数据要素流通使用安全可信体系建设方案,为实现“数据来源可确认,使用范围可界定,流通过程可追溯,安全风险可防范”的可信可控数据交易提供借鉴,促进数据交易市场平稳持续发展。
中图分类号:
刘业政, 宗兰芳, 金斗, 袁昆. 数据要素流通使用的安全风险分析及应对策略[J]. 大数据, 2023, 9(2): 79-98.
Yezheng LIU, Lanfang ZONG, Dou JIN, Kun YUAN. Security risk analysis and countermeasures in the circulation and use of data factors[J]. Big Data Research, 2023, 9(2): 79-98.
[1] | 中共中央 国务院. 关于构建数据基础制度更好发挥数据要素作用的意见[Z]. 2022. |
The CPC Central Committee and the State Council. Opinions on the construction of data fundamental institutions for better promoting the data factor value[Z]. 2022. | |
[2] | 刘金钊, 汪寿阳 . 数据要素市场化配置的困境与对策探究[J]. 中国科学院院刊, 2022,37(10): 1435-1444. |
LIU J Z , WANG S Y . Dilemmas and suggestions on market-based data allocation[J]. Bulletin of Chinese Academy of Sciences, 2022,37(10): 1435-1444. | |
[3] | 全国信息安全标准化技术委员会. 信息安全技术-数据交易服务安全要求:GB/T 379322019[S]. 北京:中国标准出版社, 2019. |
National Information Security Standardization Technical Committee. Information security technology-security requirements for data transaction service:GB/T 37932-2019[S]. Beijing:Standards Press of China, 2019. | |
[4] | 凡航, 徐葳, 王倩雯 ,等. 多方安全计算框架下的智能合约方法研究[J]. 信息安全研究, 2022,8(10): 956-963. |
FAN H , XU W , WANG Q W ,et al. Research on smart contract method in the framework of secure multi-party computation[J]. Journal of Information Security Research, 2022,8(10): 956-963. | |
[5] | THAPA C , CAMTEPE S . Precision health data:requirements,challenges and existing techniques for data security and privacy[J]. Computers in Biology and Medicine, 2021,129. |
[6] | HUTCHINGS A , HOLT T J . The online stolen data market:disruption and intervention approaches[J]. Global Crime, 2017,18(1): 11-30. |
[7] | 肖建华, 柴芳墨 . 论数据权利与交易规制[J]. 中国高校社会科学, 2019(1): 83-93,157. |
XIAO J H , CHAI F M . An analysis of data rights and transaction regulation[J]. Social Sciences in Chinese Higher Education Institutions, 2019(1): 83-93,157. | |
[8] | WANG R , TSAI W T , HE J ,et al. A distributed digital asset-trading platform based on permissioned blockchains[C]// Proceedings of International Conference on Smart Blockchain. Cham:Springer, 2018: 55-65. |
[9] | SPIEKERMANN S , ACQUISTI A , B?HME R , ,et al. The challenges of personal data markets and privacy[J]. Electronic Markets, 2015,25(2): 161-167. |
[10] | KOUTROUMPIS P , LEIPONEN A , THOMAS L D W . Markets for data[J]. Industrial and Corporate Change, 2020,29(3): 645-660. |
[11] | GUPTA N K , ROHIL M K . Big data security challenges and preventive solutions[J]. Data Management,Analytics and Innovation, 2019,1042: 285-299. |
[12] | CHOI T M , LUO S Y . Data quality challenges for sustainable fashion supply chain operations in emerging markets:roles of blockchain,government sponsors and environment taxes[J]. Transportation Research Part E:Logistics and Transportation Review, 2019,131: 139-152. |
[13] | MARTINS D M L , VOSSEN G , MALESZKA M . Supporting online data purchase by preference recommendation[C]// Proceedings of 2018 IEEE International Conference on Systems,Man,and Cybernetics. Piscataway:IEEE Press, 2019: 3703-3708. |
[14] | STAHL F , SCHOMM F , VOSSEN G . Data marketplaces:an emerging species[J]. Frontiers in Artificial Intelligence and Applications, 2014,270, 145-158. |
[15] | COLMAN A , CHOWDHURY M J M , BARUWAL CHHETRI M . Towards a trusted marketplace for wearable data[C]// Proceedings of 2019 IEEE 5th International Conference on Collaboration and Internet Computing. Piscataway:IEEE Press, 2020: 314-321. |
[16] | ACEMOGLU D , MAKHDOUMI A , MALEKIAN A ,et al. Too much data:prices and inefficiencies in data markets[J]. American Economic Journal:Microeconomics, 2022,14(4): 218-256. |
[17] | BERGEMANN D , BONATTI A , SMOLIN A . The design and price of information[J]. American Economic Review, 2018,108(1): 1-48. |
[18] | FERNANDEZ R C , SUBRAMANIAM P , FRANKLIN M J . Data market platforms:trading data assets to solve data problems[J]. Proceedings of the VLDB Endowment, 2020,13(12): 1933-1947. |
[19] | OH H , PARK S , LEE G M ,et al. Personal data trading scheme for data brokers in IoT data marketplaces[J]. IEEE Access, 2019,7: 40120-40132. |
[20] | DIXIT A , SINGH A , RAHULAMATHAVAN Y ,et al. FAST DATA:a fair,secure,and trusted decentralized IIoT data marketplace enabled by blockchain[J]. IEEE Internet of Things Journal, 2023,10(4): 2934-2944. |
[21] | YU B B , ZHAO H J . Research on the construction of big data trading platform in China[C]// Proceedings of the 4th International Conference on Intelligent Information Technology.[S.l.:s.n.], 2019. |
[22] | GOLDFARB A , TUCKER C . Digital economics[J]. Journal of Economic Literature, 2019,57(1): 3-43. |
[23] | SHAPIRO C , VARIAN H R . Versioning:the smart way to sell information[J]. Harvard Business Review, 1998,76(6): 106-114. |
[24] | AGARWAL A , DAHLEH M , SARKAR T . A marketplace for data:an algorithmic solution[C]// Proceedings of 2019 ACM Conference on Economics and Computation. New York:ACM Press, 2019: 701-726. |
[25] | LI C , LI D Y , MIKLAU G ,et al. A theory of pricing private data[J]. ACM Transactions on Database Systems, 2012,39(4). |
[26] | CAI H , ZHU Y , LI J ,et al. Double auction for a data trading market with preferences and conflicts of interest[J]. The Computer Journal, 2019,62(10): 1490-1504. |
[27] | ACQUISTI A , TAYLOR C , WAGMAN L . The economics of privacy[J]. Journal of Economic Literature, 2016,54(2): 442-492. |
[28] | BALAZINSKA M , HOWE B , SUCIU D . Data markets in the cloud:an opportunity for the database community[J]. Proceedings of the VLDB Endowment, 2011,4(12): 1482-1485. |
[29] | ZHENG S L , PAN L X , HU D H ,et al. A blockchain-based trading platform for big da ta[C]// Proceedings of 2020 IEEE Conference on Computer Communications Workshops. Piscataway:IEEE Press, 2020: 991-996. |
[30] | SU G X , YANG W Y , LUO Z D ,et al. BDTF:a blockchain-based data trading framework with trusted execution environment[C]// Proceedings of 2020 16th International Conference on Mobility,Sensing and Networking. Piscataway:IEEE Press, 2021: 92-97. |
[31] | PEI J . A survey on data pricing:from economics to data science[J]. IEEE Transactions on Knowledge and Data Engineering, 2022,34(10): 4586-4608. |
[32] | 何培育, 王潇睿 . 我国大数据交易平台的现实困境及对策研究[J]. 现代情报, 2017,37(8): 98-105,153. |
HE P Y , WANG X R . Predicament and countermeasure research about big data trading platform in China[J]. Journal of Modern Information, 2017,37(8): 98-105,153. | |
[33] | DUCH-BROWN N , MARTENS B , MUELLER-LANGER F , . The economics of ownership,access and trade in digital data[J]. SSRN Electronic Journal, 2017,54. |
[34] | LV D L , ZHU S B , XU H Z ,et al. A review of big data security and privacy protection technology[C]// Proceedings of 2018 IEEE 18th International Conference on Communication Technology. Piscataway:IEEE Press, 2019:10821091. |
[35] | KOURID A , CHIKHI S . A comparative study of recent advances in big data for security and privacy[C]// Proceedings of Networking Communication and Data Knowledge Engineering. Singapore:Springer, 2018: 249-259. |
[36] | GOEL P , PATEL R , GARG D ,et al. A review on big data:privacy and security challenges[C]// Proceedings of 2021 3rd International Conference on Signal Processing and Communication. Piscataway:IEEE Press, 2021: 705-709. |
[37] | WIERINGA J , KANNAN P K , MA X ,et al. Data analytics in a privacy-concerned world[J]. Journal of Business Research, 2021,122: 915-925. |
[38] | MILOSLAVSKAYA N , MAKHMUDOVA A . Survey of big data information security[C]// Proceedings of 2016 IEEE 4th International Conference on Future Internet of Things and Cloud Workshops. Piscataway:IEEE Press, 2016: 133-138. |
[39] | ZHANG Q , . Research on quantitative analysis of security of network risk based on big data[C]// Proceedings of 2019 International Conference on Robots &Intelligent System. Piscataway:IEEE Press, 2019: 159-162. |
[40] | YIN L H , FENG J Y , XUN H ,et al. A privacy-preserving federated learning for multiparty data sharing in social IoTs[J]. IEEE Transactions on Network Science and Engineering, 2021,8(3): 2706-2718. |
[41] | HOLT T J , LAMPKE E . Exploring stolen data markets online:products and market forces[J]. Criminal Justice Studies, 2010,23(1): 33-50. |
[42] | ZHOU H K , GU M D . Protection method of network data privacy security issues based on blockchain technology[C]// Proceedings of International Conference on Applications and Techniques in Cyber Security and Intelligence. Cham:Springer, 2021: 526-533. |
[43] | 顾育豪, 白跃彬 . 联邦学习模型安全与隐私研究进展[J]. 软件学报, 2022:已录用. |
GU Y H , BAI Y B . Survey on security and privacy of federated learning models[J]. Journal of Software, 2022:accepted. | |
[44] | SUN G , CONG Y , DONG J H ,et al. Data poisoning attacks on federated machine learning[J]. IEEE Internet of Things Journal, 2022,9(13): 11365-11375. |
[45] | 李树栋, 贾焰, 吴晓波 ,等. 从全生命周期管理角度看大数据安全技术研究[J]. 大数据, 2017,3(5): 3-19. |
LI S D , JIA Y , WU X B ,et al. Techniques of big data security from the perspective of life cycle management[J]. Big Data Research, 2017,3(5): 3-19. | |
[46] | MATTIOLI M . Disclosing big data[J]. Minnesota Law Review, 2014,99(2): 535-583. |
[47] | WANG P . Research on security and privacy protection of database[J]. Applied Mechanics and Materials, 2014: 5873-5876. |
[48] | WHITWORTH B , FJERMESTAD J , MAHINDA E . The web of system performance[J]. Communications of the ACM, 2006,49: 92-99. |
[49] | DAVIS F D . Perceived usefulness,perceived ease of use,and user acceptance of information technology[J]. MIS Quarterly, 1989,13(3): 319-340. |
[50] | 杜自然, 窦悦, 易成岐 ,等. TID-MOP:面向数据交易所场景下的安全管控综合框架[J]. 数据分析与知识发现, 2022,6(1): 13-21. |
DU Z R , DOU Y , YI C Q ,et al. TID-MOP:the comprehensive framework of security management and control in the scenario of data exchange[J]. Data Analysis and Knowledge Discovery, 2022,6(1): 13-21. | |
[51] | HAO M , LI H W , LUO X Z ,et al. Efficient and privacy-enhanced federated learning for industrial artificial intelligence[J]. IEEE Transactions on Industrial Informatics, 2020,16(10): 6532-6542. |
[52] | 艾瑞咨询. 2022年中国隐私计算行业研究报告[R]. 2022. |
iResearch. 2022 China privacy computing industry research report[R]. 2022. | |
[53] | FUJIMOTO D , MIYACHI R , MATSUMOTO T . A threat of malicious hardware using onchip voltmeter[C]// Proceedings of 2017 Asia-Pacific International Symposium on Electromagnetic Compatibility. Piscataway:IEEE Press, 2017: 96-98. |
[54] | 国家工业信息安全发展研究中心, 北京大学光华管理学院, 苏州工业园区管理委员会,等. 中国数据要素市场发展报告(2021—2022)[R]. 2022. |
The National Industrial Information Security Development Research Center, Guanghua School of Management, Suzhou Industrial Park Administrative Committee,et al. China data factor market development report (2021—2022)[R]. 2022. | |
[55] | 袁康, 鄢浩宇 . 数据分类分级保护的逻辑厘定与制度构建:以重要数据识别和管控为中心[J]. 中国科技论坛, 2022(7): 167-177. |
YUAN K , YAN H Y . The logic elucidation and system construction of categorical and hierarchical data protection-centering on the recognition and protection of important data[J]. Forum on Science and Technology in China, 2022(7): 167-177. | |
[56] | 王建冬, 于施洋, 黄倩倩 . 数据要素基础理论与制度体系总体设计探究[J]. 电子政务, 2022(2): 2-11. |
WANG J D , YU S Y , HUANG Q Q . Research on the basic theory of data elements and the overall design of institutional system[J]. E-Government, 2022(2): 2-11. | |
[57] | 黄倩倩, 王建冬, 陈东 ,等. 超大规模数据要素市场体系下数据价格生成机制研究[J]. 电子政务, 2022(2): 21-30. |
HUANG Q Q , WANG J D , CHEN D ,et al. Research on data price generation mechanism under the ultra-largescale data factor market system[J]. E-Government, 2022(2): 21-30. | |
[58] | 文英姿, 曲杨, 张旭东 ,等. 数据交易相关法规比较研究[J]. 大数据, 2022,8(3): 66-77. |
WEN Y Z , QU Y , ZHANG X D ,et al. Comparative study on laws and regulations related to data transaction[J]. Big Data Research, 2022,8(3): 66-77. | |
[59] | 王丽颖, 王花蕾 . 美国数据经纪商监管制度对我国数据服务业发展的启示[J]. 信息安全与通信保密, 2022,20(3): 10-18. |
WANG L Y , WANG H L . Enlightenments of American data brokers supervision mechanism to China data service industry[J]. Information Security and Communications Privacy, 2022,20(3): 10-18. | |
[60] | 曾铮, 王磊 . 数据要素市场基础性制度:突出问题与构建思路[J]. 宏观经济研究, 2021(3): 85-101. |
ZENG Z , WANG L . The fundamental institutions of the data factor market:main obstacles and the ways to remove[J]. Macroeconomics, 2021(3): 85-101. | |
[61] | 鄢浩宇 . 数据要素市场培育的制度需求与法治保障[J]. 中国矿业大学学报(社会科学版), 2023:已录用. |
YAN H Y . System construction and legal governance for the cultivation of the data element market[J]. Journal of China University of Mining & Technology (Social Sciences), 2023:accepted. | |
[62] | 谢安明, 金涛, 周涛 . 个人信息去标识化框架及标准化[J]. 大数据, 2017,3(5): 20-29. |
XIE A M , JIN T , ZHOU T . Personal information de-identification architecture and standardization[J]. Big Data Research, 2017,3(5): 20-29. | |
[63] | 何文竹, 彭长根, 王毛妮 ,等. 面向结构化数据集的敏感属性识别与分级算法[J]. 计算机应用研究, 2020,37(10): 3077-3082. |
HE W Z , PENG C G , WANG M N ,et al. Sensitive attribute recognition and classification algorithm for structure dataset[J]. Application Research of Computers, 2020,37(10): 3077-3082. | |
[64] | 刘金 . 基于数据特征的敏感数据识别方法[J]. 信息通信, 2016,29(2): 240-241. |
LIU J . Sensitive data identification method based on data characteristics[J]. Information & Communications, 2016,29(2): 240-241. | |
[65] | 王利朋, 关志, 李青山 ,等. 区块链数据安全服务综述[J]. 软件学报, 2023,34(1): 1-32. |
WANG L P , GUAN Z , LI Q S ,et al. Survey on blockchain-based security services[J]. Journal of Software, 2023,34(1): 1-32. | |
[66] | NASONOV D , VISHERATIN A A , BOUKHANOVSKY A . Blockchain-based transaction integrity in distributed big data marketplace[C]// Proceedings of 2018 18th International Conference on Computational Science,New York:ACM Press, 2018: 569-577. |
[67] | TAN W T , LI L , ZHOU Z Q ,et al. Blockchain-based distributed power transaction mechanism considering credit management[J]. Energy Reports, 2022,8: 565-572. |
[68] | GUPTA P , DEDEOGLU V , KANHERE S S ,et al. TrailChain:traceability of data ownership across blockchain-enabled multiple marketplaces[J]. Journal of Network and Computer Applications, 2022,203. |
[69] | DAI W Q , DAI C K , CHOO K K R ,et al. SDTE:a secure blockchain-based data trading ecosystem[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 725-737. |
[70] | ZHENG K N , ZHENG L J , GAUTHIER J ,et al. Blockchain technology for enterprise credit information sharing in supply chain finance[J]. Journal of Innovation &Knowledge, 2022,7(4). |
[71] | ZHANG J L , ZHAO Y C , WANG J Y ,et al. FedMEC:improving efficiency of differentially private federated learning via mobile edge computing[J]. Mobile Networks and Applications, 2020,25(6): 2421-2433. |
[72] | 郑婷一, 庞亮, 靳小龙 . 平台经济中的数据与算法安全[J]. 大数据, 2022,8(4): 56-66. |
ZHENG T Y , PANG L , JIN X L . Data and algorithm security in platform economy[J]. Big Data Research, 2022,8(4): 56-66. | |
[73] | TANG H Y , QIAO Y N , YANG F ,et al. dMOBAs:a data marketplace on blockchain with arbitration using sidecontracts mechanism[J]. Computer Communications, 2022,193: 10-22. |
[74] | DELLAROCAS C . Reputation mechanism design in online trading environments with pure moral hazard[J]. Information Systems Research, 2005,16(2): 209-230. |
[75] | FAN K F , LI F , YU H Y ,et al. A blockchain-based flexible data auditing scheme for the cloud service[J]. Chinese Journal of Electronics, 2021,30(6): 1159-1166. |
[76] | 杜平 . 加强基础制度体系建设加快构建全国一体化数据交易市场体系[J]. 数据, 2022(8): 49-51. |
DU P . Strengthen the construction of basic system and accelerate the construction of national integrated data trading market system[J]. Data, 2022(8): 49-51. | |
[77] | 国家发展改革委, 中央网信办, 工业和信息化部,等. 关于印发《全国一体化大数据中心协同创新体系算力枢纽实施方案》的通知[Z]. 2021. |
National Development and Reform Commission, Office of the Central Cyberspace Affairs Commission, Ministry of Industry and Information Technology,et al. Guiding opinions on accelerating the construction of a national integrated big data center collaborative innovation system[Z]. 2021. |
[1] | 黄丽华, 杜万里, 吴蔽余. 基于数据要素流通价值链的数据产权结构性分置[J]. 大数据, 2023, 9(2): 5-15. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|