Table of Content

    10 April 2022, Volume 8 Issue 4
    Data Security and Governance in the Context of Digital Economy
    2022, 8(4):  316. 
    Asbtract ( )   PDF (452KB) ( )  
    Related Articles | Metrics
    Challenges and Countermeasures of Artificial Intelligence Security Governance
    2022, 8(4):  318. 
    Asbtract ( )   PDF (2934KB) ( )  
    References | Related Articles | Metrics
    AbstractThe development of artificial intelligence has gone through several ups and downs. In recent years, it has once again attracted the great attention of academia and industry. Its technology is being rapidly applied in various fields and has become a new round of strategic technology for countries to realize industrial transformation and upgrading. However, the indepth application of artificial intelligence with machine learning as the core technology has brought about increasingly prominent technical and social risks. This paper summarizes and analyzes the security risks faced by artificial intelligence and its governance status from three aspects: potential security vulnerabilities, excessive abuse, and social ethics. To further deal with the issue of AI security governance, this paper puts forward solutions and suggestions from the perspectives of technology, standards, and laws, aiming to provide an idea for the establishment of AI security governance systems and industrial applications. Meanwhile, this paper also gives a direction for the exploration of AI security technology research.Key wordsartificial intelligence; security governance; machine learning; social ethics; lasws and regulations
    Data Security Governance Technology and Practice in Big Data Applications
    2022, 8(4):  326. 
    Asbtract ( )   PDF (2139KB) ( )  
    References | Related Articles | Metrics
    The wide application of big data technology makes data burst into unprecedented value and vitality. However, due to the large amount of data, multiple data sources, and complex data access relationships, data security lacks refined and standardized management, and the importance of data security governance becomes increasingly prominent. By analyzing data security problems in existing big data applications and common pitfalls in data security governance, this paper puts forward the ideas, principles and methods of data security governance, and with classification and grading as the entry point, presents the technical architecture of data security governance. Finally, taking the big data platform as an example, presents the application practice of data security governance technology.
    Research on Industry Practice of Data Security Governance
    2022, 8(4):  333. 
    Asbtract ( )   PDF (1170KB) ( )  
    References | Related Articles | Metrics
    AbstractData security governance is an important aspect of data governance, which is an important means to ensure data integrity, confidentiality, availability, and prevent data processing activities from bringing security risks to individuals, society, countries, etc., and cooperate with business growth. There is no unified understanding of the data security governance framework at home and abroad. This paper puts forward the index system of data security governance based on the policy and regulation system and national standard system of data security governance. And from the civil aviation industry, enterprise industry, financial industry, energy industry, and retail industry practice analysis, put forward the policy recommendations of data security governance to give assistance to the construction of  data security governance system in China.Key wordsdata security; data security governance; policies and regulations; index system; industry practice
    Computing Force Network Security Architecture and Data Security Governance Technology
    2022, 8(4):  340. 
    Asbtract ( )   PDF (2657KB) ( )  
    Related Articles | Metrics
    As a new information infrastructure which provides deep integration of computing force and network services, computing force network (CFN) provides important support for national cyber power, digital China and smart society. At present, the planning and construction of CFN has entered a critical period, and the work related to CFN security is gradually advancing, but the systematic security architecture has not been formed. This paper summarizes the relevant research progress of CFN, analyzes the security opportunities and challenges faced by CFN, and proposes a security reference architecture based on sorting out the key security technologies, so as to provide a reference for promoting the construction of CFN security system and deploying CFN security mechanism.Key words computing force network; new information infrastructure; security reference architecture; orchestration security; privacy computation; data security; artificial intelligence
    Attribute Encryption Mechanism and Application for Ubiquitous  Sensing Network Data Center
    2022, 8(4):  351. 
    Asbtract ( )   PDF (1330KB) ( )  
    Related Articles | Metrics
    There are many cases of attribute revocation in the database. When encrypting database, attribute revocation affects the effect of data byte recursion. In order to improve the efficiency of attribute based encryption, an attributebased encryption method for sensitive information ubiquitous in sensor networks is proposed. Estimate the data scale of sensor network nodes, normalize the relevant information, and establish mapping conditions between attribute bases. Select the sensitive information attribute of the data center, control the data byte recursion, randomly match the selected value of the channel, and develop the attributebased encryption scheme. Set the sensing network’s operating parameters, introduce the information structure of the data center, and apply the encryption method based on the cipher text strategy, the encryption method based on the Internet of things, and the designed encryption method to participate in the test. The test results show that the designed encryption method has the lowest encryption time and the best timeliness.Key words sensor network; data center; sensitive information; attribute based; attribute revocation; byte recursion
    DCR Defense Mechanism of Federated Learning Model for  Data Governance Poison
    2022, 8(4):  357. 
    Asbtract ( )   PDF (1091KB) ( )  
    Related Articles | Metrics
    Federated learning is a new mode of data security governance, which can make available data invisible, but federated learning is facing the threat of model poisoning attack, and its security needs to be improved. To this end, a Dynamic Cacheable Revocable (DCR) model poison defense mechanism based on federated learning is proposed. Based on the lossbased model poisoning defense method, the Dynamic threshold is calculated and used before each iteration. It makes the enemy unable to know the defense mechanism a priori, which increases the difficulty of the enemy’s attack. Moreover, the buffer period is set in the mechanism to reduce the risk of benign nodes being “killed by mistake”. At the same time, the system stores the global model parameters of each round. In case of model poisoning, the global model parameters before the round in buffer period are reloaded to achieve callback. The callable setting can reduce the negative impact of model poisoning attack on the global model, so that the federated learning model can still achieve convergence with good performance after being attacked, and ensure the security and performance of the federated learning model. Finally, in the experimental environment of TFF, the defense effect and model performance of this mechanism are verified.Key words data governance; federated learning; model poisoning; malicious node; dynamic cacheable revocable
    Secure Sharing Scheme of Sensitive Data Based on Blockchain
    2022, 8(4):  364. 
    Asbtract ( )   PDF (2009KB) ( )  
    Related Articles | Metrics
    At present, blockchain technology mainly realized the protection and verification of data subjects in data sharing applications, and for sensitive data, it should also focus on the storage and supervision of user behavior and authorized information. In this regard, this paper proposes a blockchainbased secure sharing scheme for sensitive data: a basic environment for secure sharing and data verification is built through technologies such as consortium blockchain and interplanetary file system. Then the secure sharing of sensitive data, reliable storage of user’s behavior and reasonable supervision of authorized information can be realized by sensitive data storage and sharing algorithms. The system implementation and analysis show that the scheme can share all kinds of sensitive data securely, ensure the security of storage, access and authorization of sensitive data, and meet the needs of sensitive data sharing.
    An Architecture Based on Multi Class SubChains for Government Data  Quality Management
    2022, 8(4):  374. 
    Asbtract ( )   PDF (1658KB) ( )  
    References | Related Articles | Metrics
    The multiclass subchains architecture is based on blockchain technology to solve the problem of both ownership and formalization in government data being shared and reprocessed. A collaborative verification mechanism between the data owner and the datareprocessor is proposed to ensure the dataowner can monitor and authorize the procedure of data being reprocessed. At the same time, the thirdparty standard certification procedure is added to ensure the standardization of data. Based on the treestyle organization of data, a single node’s single rule verification mode in a traditional blockchain is extended to dynamically build a rulebased collaborative verification procedure for the data owner, the datareprocessor, and the  thirdparty standard authority. The multiclass subchains architecture can effectively solve the problem for the dataowner to supervise the processing of data, track the sharing history of data, and standardize the format of data in the quality management of government data.Key wordsrule set; ledger organization; blockchain; multichains verification; government data quality
    Exploration on the Construction of Data Security System of Industrial  Internet Platform in Energy Industry
    2022, 8(4):  386. 
    Asbtract ( )   PDF (2470KB) ( )  
    References | Related Articles | Metrics
    Energy is the foundation and driving force of the progress of human civilization, and it is related to the national economy and people’s livelihood, and national security. The rise and fall of the energy industry directly affect the development of the national economy. In recent years, my country’s energy industry has actively embraced the blue ocean of the digital economy and has regarded digital transformation as an important means of reducing costs, increasing efficiency and expanding the business. At present, this has also formed a broad consensus within the energy industry. Under the empowerment of the new generation of information technology, the digital transformation of the energy industry has been gradually accelerated, and the energy industry Internet platform has continuously improved the data processing and analysis capabilities of business systems to help the intelligent upgrade of the industry. At the same time, in order to ensure the application ecology of the energy industry Internet platform and the security of important data in the process of energy digital transformation, it is imperative to do a good job in the data security of the energy industry Internet platform. Based on actual needs, in the process of building an industrial Internet platform, the energy industry can create a data security defenseindepth system for failures with cypher as the core and multiple technical means such as access control and security auditing while energy data is circulating at a high speed.Key words energy industry; digital transformation; industrial Internet platform; cryptography; security protection
    Model of Data Security Governance Based on Business Scenarios
    2022, 8(4):  392. 
    Asbtract ( )   PDF (1743KB) ( )  
    References | Related Articles | Metrics
    With the rapid development of the digital economy, all countries around the world regard data assets as important resources that may affect national security, and have taken actions to issue laws and regulations related to data security in order to comprehensively improve data security capabilities. In this context, organizations involved in data processing activities on the one hand need to face constraints related to data security policy requirements; on the other hand, they want to protect the data that may affect the vital interests of the organization. Therefore, in addition to data security compliance work, it is also necessary to implement data securityrelated requirements effectively. Based on the organization’s own business, the realization of business goals as the driving force is the key element of sustainable improvement of data security capability. This paper reviews the typical data security framework and proposes a data security governance model based on business scenarios, which can provide some references for organizations to carry out data security governance work.Key words business scenarios; data security governance model; data flow transformation; data classification and grading; data security operation; data security risks
    An Access Control Model Based on Data Classification and Grading  System for Education Cloud Platform
    2022, 8(4):  400. 
    Asbtract ( )   PDF (2511KB) ( )  
    References | Related Articles | Metrics
    The education cloud platform is one of the key infrastructures for education digitization construction. It unifies business data from different departments and organizations to eliminate information silos and reduce the redundant construction of information systems. However, although the education cloud platform realizes data sharing, it also seriously influences the security of data resources because of its open and dynamic characteristics. Considering the data management and control of the education cloud platform, this paper proposes an access control model based on data classification and grading system. The model comprehensively considers the security factors such as data class, security grade, life cycle and sensitive level, and tags the data from multidimension views. The secure tag is integrated with the rolebased access control policy to construct a twostage authorization model of coarsegrained filtering and finegrained control for managing data. The prototype system proves that the proposed model can restrict data sharing and prevent users from overprivileged manipulation.Key wordscloud platform; data security; access control model; data classification and grading; secure tag; RBAC
    Legal Discussion on Internet Platform Data Ownership Governance
    2022, 8(4):  408. 
    Asbtract ( )   PDF (906KB) ( )  
    References | Related Articles | Metrics
    The twodimensional fire v. Meituan unfair competition dispute triggered a “3Q war” in the SaaS field. The two courts made completely opposite judgments on the same case. The source of the contradiction lies in the failure to determine the ownership of the property rights of Internet platform data clear. Under the premise that my country has not established data rights, there are many dilemmas in the solution of establishing data rights, which can easily lead to legal rigidity, which is not conducive to the good operation of the market.  In the field of competition law, many principles coexist, and the criteria for identification are vague. Therefore, this issue should be resolved within the current legal framework, and from the perspective of competition law, five factors that affect the ownership of Internet platform data property rights should be considered: the nature of user data, the degree of contribution of Internet platform to data, the subjective purpose and substantive effects of data obtained by thirdparty platforms and the actual effect of using the data and after the data rights are divided, the impact of consumer interests, market competition order and social public interests will be reviewed and determined.Key words data; ownership of rights; Internet platform; unfair competition; five factor analysis