Table of Content

01 July 2023, Volume 9 Issue 7

Previous Issue   

Challenges and Responses to Data Governance in China

2023, 9(7):  612. 

Asbtract ( )   PDF (924KB) ( )  

References | Related Articles | Metrics

At present, data can hold a substantial value in promoting economic and social development, and possess important strategic significance. Data governance has also been a significant topic and practical direction in the development of China’s digital economy and the construction of Digital China. By analyzing the difficulties in the following aspects of data rights confirmation, data security, data compliance, and data circulation, the institutional dilemmas and practical issues faced by data governance are being clarified. And a comprehensive approach for data governance has also been proposed, including protecting data rights and interests, strengthening compliance guidance, stimulating the vitality of the data market, and promoting technological empowerment. It is expected to advance the process of data governance in China.

A Mechanism Design for Compliance and Trusted Circulation of Data

2023, 9(7):  618. 

Asbtract ( )   PDF (957KB) ( )  

References | Related Articles | Metrics

The circulation of data factors is critical to the development of the digital economy and highquality development of the economy. A trusted and practical data circulation mechanism should satisfy the incentives of all relevant participants simultaneously. The mechanism should be accompanied by an immediate regulation mechanism in data right authentication, registration, circulation, delivery and settlement to protect national information security and individual privacy exante. The rules of the mechanism should be observable to all so that a trusted consensus is established. The difference in features of data from tangible and intangible assets in physical existence, legal authentication, exclusiveness in use and relevant supporting techniques implies that a trusted data circulation mechanism should combine both theories of law, economics, management science and information techniques in designing circulation form, supplyside incentive, consistency in operation and screening signals in demandside.

Research on the Progress of Crossborder Data Flow Governance

2023, 9(7):  624. 

Asbtract ( )   PDF (1036KB) ( )  

References | Related Articles | Metrics

While promoting the sharing of global data resources, the crossborder data flow will inevitably threaten data sovereignty and national security. The competition for the right to speak in international data with crossborder data flow governance as the game will become the focus of competition in the international community in the future. This paper introduces the background knowledge and constraints of crossborder data flow, investigates and compares the crossborder data flow governance models of the United States, the European Union, Russia, Japan, and Australia, and analyzes the current policy status and challenges of crossborder data flow governance in our country, on this basis, countermeasures and suggestions are proposed for the governance of crossborder data flow in our country from the perspective of data sovereignty, including promoting the classification supervision of crossborder data flow, innovating and developing crossborder data flow governance models, improving countermeasures against extraterritorial “longarm jurisdiction”, and actively participating in and leading the formulation of international governance rules.

Research and Thinking on Data Classification and Grading of Important Information Systems#br#

2023, 9(7):  631. 

Asbtract ( )   PDF (1882KB) ( )  

References | Related Articles | Metrics

With the development of information technology and networking, incidents surrounding data security are also increasing. The data as a new production factor, is particularly important to ensure the security of important data. The “Data Security Law of the People’s Republic of China” clearly stipulates that the country should establish a data classification and grading protection system to implement classification and grading protection for data. This paper will study China’s data safety management regulations and policies, analyze the the degree of impact and influening objects of data damage, propose specific data classification and grading methods, and provide security protection and governance measures under data classification and grading management based on the industry characteristics and application scenarios of government data. It will achieve the openness and sharing of the data under safety protection, and provide reference for the classification and classification protection of the data in the future.

Data Scarcity and Large Language Model Data Value Asymmetry

2023, 9(7):  637. 

Asbtract ( )   PDF (1095KB) ( )  

References | Related Articles | Metrics

With the rapid development of the large language model (LLM) industry, due to market competition situations, LLM scale has expanded rapidly. However meanwhile on the supply side, available training datasets is relatively insufficient and increasing scarce, especially highvalue ones cannot fulfill the exponential growth on LLM computation scale on the demand side. Status quo, under stringent institutional constraints on data factor, the operation mechanism of LLM has been proved with natural monopoly characteristics. Differences among economies in data governance philosophy and international section technical environment, and algorithm discrimination all increase value asymmetry between supply and demand, impact LLM data value distribution, and strengthen LLM owners’ data monopoly. For China’ LLM industry, although it confronts a series of technical constraints in the international section, however advantages of great potential in dataset endowment, both quantity and quality, could improve contributions for data value benefits accumulations. It is necessary to strengthen the construction of selfsupporting LLM platforms, input and output value indicators, international rules, and also an emphasis on policy guidance for the future development of LLM industry.

Research and Practice on Data Security Compliance Check  Technology for Operators

2023, 9(7):  643. 

Asbtract ( )   PDF (889KB) ( )  

References | Related Articles | Metrics

In the context of the development of the global digital economy, data has become an important asset for enterprises. China positions data as one of the national basic strategic resources and innovative elements of social production. In recent years, the proliferation of ransomware attacks from hackers has posed a significant risk of data leakage to enterprise data security management. Secondly, unconscious data-sharing operations by employees during the production process are also an important way for enterprise data asset leakage. With the promulgation of the Data Security Law, regulatory agencies have made data security reviews a part of the industry security inspections for operators. Therefore, based on regulatory compliance, research and practice related inspection technologies to help operators enhance their security inspection capabilities, ensure data security, and meet the needs of compliance regulation and business development.

Study on Data Transparency Technologies

2023, 9(7):  643. 

Asbtract ( )   PDF (1140KB) ( )  

References | Related Articles | Metrics

Data transparency technologies (DTT) guarantees responsible innovation, by providing a technological scheme covering transparent data sources, transparent data processing, and transparent data usage, combined with a governance structure including an evaluation mechanism, feedback mechanism and responsibility mechanism. DTT allows data technology to be interpretable, traceable, and accountable. DTT provides insights to achieve the policy goals of data value production while ensuring data security, by meeting the requirements of Date Security Law, protecting user’s and consumer’s rights, making data technology in compliance with regulations, and promoting secured and orderly data flow.

Research and Application of EndtoEnd Traceability Technology for Government Data

2023, 9(7):  655. 

Asbtract ( )   PDF (1997KB) ( )  

References | Related Articles | Metrics

Along with the national digital government strategic layout’s continuous advancement, in order to give full play to the benefits of big data aggregation and analysis, the nodes of digital government deal with a large amount of important data, and the data communication and information sharing among the nodes, and the data security risk is exposed day by day, which brings a great challenge to trace the source of data leakage events. This paper first analyzes the risk scenario of digital government data leakage. Then, based on the domestic and foreign wellknown traceability models 7W, ProVOC and so on, the endtoend traceability model and technical method are proposed. The model is a comprehensive application of the annotation method and the reverse query method. The method is a scenariobased improvement of database watermarking, dynamic desensitization and other technologies, and makes use of big data and association analysis technology, the traceability technology and the landing practice strategy are formed through each link of the service data flow, including data marking, staining, data operation log association analysis. Finally, taking a government core node network environment as an example, the paper carries on the application practice research, and achieves the effect of successfully tracing the evidence chain of data leakage exit and data access transmission chain, it improves the traceability efficiency and accuracy of data security events.

Exploration and Research on Security Guarantee of Data  Transaction and Circulation

2023, 9(7):  662. 

Asbtract ( )   PDF (1035KB) ( )  

References | Related Articles | Metrics

tWith the continuous development of Internet technology, data transaction and circulation have become a global trend. However, the security problem of data transaction and circulation is also increasingly prominent. From the perspective of the security guarantee of data transaction and circulation, this paper discusses the security problems of data transaction and circulation, and puts forward a security framework and solutions in order to provide some references for the security guarantee of data transaction and circulation.

A Secure Data Sharing Scheme Supporting Finegrained Authorization

2023, 9(7):  667. 

Asbtract ( )   PDF (1681KB) ( )  

References | Related Articles | Metrics

Considering the problems such as centralized data storage and difficulty in data sharing in cloud computing environments, based on the combination of multiconditional proxy reencryption and attributebased proxy reencryption, a multiconditional attributebased threshold proxy reencryption scheme which supports multiple authorization conditions is proposed. The scheme supports finegrained access to ciphertext data under multiple keyword authorization conditions, and can limit the authorization conditions and scope of ciphertext sharing. Only when the attribute set meets the access structure in the ciphertext and the keywords are consistent with the keywords set in the ciphertext, users can access the data. This solution achieves finegrained access to ciphertext data under multiple keyword authorization conditions, supports flexible user revocation, prevents unauthorized decryption of ciphertext by conspirators, and protects the sensitive information of data owners. Through the provable security analysis, it is shown that under the general group model, the scheme can resist chosen plaintext attack; compared with other conditional proxy reencryption schemes, the functions it supports are more diverse.





The Necessary Principles in Personal Information Protection:  Legal Understanding, Practical Challenges and Resolutions

2023, 9(7):  675. 

Asbtract ( )   PDF (907KB) ( )  

References | Related Articles | Metrics

The principle of necessity, as a fundamental principle in personal information protection, limits the unreasonable and excessive processing of personal information by processors to protect the personal dignity, autonomy, and the ability to manage and control the risks of personal information security. However, conflicts between personal information protection and the characteristics of the Internet economy, as well as contradictions between the strict application of the principle of necessity and the needs for a free and open environment for innovation and development in the digital economy, have led to many practical difficulties in the implementation of the principle of necessity. This article starts with the concept positioning, institutional connection, and regulatory relief of the principle of necessity, proposing that the principle of necessity should be flexibly applied to ease the conflict and tension between personal information protection and effective data utilization, to achieve an effective balance between personal rights, corporate interests, and public interests, and promote the healthy development of the digital economy.Key word





The Fair Information Practice Principles for Personal Information  Protection in Digital Economy Era

2023, 9(7):  681. 

Asbtract ( )   PDF (939KB) ( )  

References | Related Articles | Metrics

The fair information practice principles are the ideological origin of global personal information protection, which includes informed consent, clear purpose, use restrictions, information minimization and so on. With the development of the digital economy, personal information protection based on the fair information practice principles is challenged at the root. The digital economy uses data as production factors to create economic value. Due to the inseparability of data and information, the balance between individual control and social utilization, the cornerstone of the fair information practice principles, has been broken by the development mode of the digital economy. In the era of the digital economy, in order to balance the conflict and game between personal information protection and data use, the foothold of personal information protection should be improved from personal control to social control, and then the fair information practice principles, of personal information protection should be reconstructed.

Research on Vulnerability Text Feature Classification Technology  Based on BERT

2023, 9(7):  687. 

Asbtract ( )   PDF (944KB) ( )  

References | Related Articles | Metrics

With the development of informatization and the increase of network applications, many software and hardware products are affected by various types of cybersecurity vulnerabilities. Vulnerability analysis and management often require people to classify large amounts of vulnerability intelligence texts. In order to efficiently and accurately determine the category of the vulnerability described by the vulnerability intelligence text, this paper proposes a cybersecurity vulnerability classification model based on BERT (bidirectional encoder representation from Transformers). First, the vulnerability classification dataset is constructed, and the pretrained model represents the vulnerability intelligence text as feature vectors. Then the feature vectors complete the classification through the classifier. At last, we use the test set to evaluate the classification effect. In our experiment, we use TextCNN, TextRNN, TextRNN_Att, fastText and the proposed model to classify 48000 vulnerability intelligence texts containing vulnerability descriptions. Experimental results show that the proposed model scored the highest on the classification evaluation indicators on the test set, and it can be effectively applied to cybersecurity vulnerability classification tasks and reduce manual workload.

Application Study on Weibo Network Public Opinion Communication  Based on Social Network Analysis

2023, 9(7):  693. 

Asbtract ( )   PDF (1645KB) ( )  

References | Related Articles | Metrics

Hot topics of public concerns over social events often capture wide attention. Research on the social network structure of the events helps the guidance on network public opinion in a more effective way. Analyzing three aspects of density interval, centrality and cohesive subgroup that is based on social network analysis (SNA) and Ucinet software, we focus on the hot topics of public concerns over social events in recent five years between 2017 and 2022, and we study in this paper the network public opinion communication of the topics through social media platform Weibo and how it applied research in the network structure of social events. The result presents the network structure of high connectivity between nodes, low interaction and core positions of some Weibo common users nodes and Weibo celebrities nodes in their increasing influence. Therefore, ordinary audience, to a certain extent, are much more likely to get attracted to and involved in network public opinion on hot topics of public concerns over social events. The conclusion of this application study on social network analysis can provide a theoretical reference for the strategies relating to guidance on network public opinion.

Design of Network Security Protection System for Meteorological  Big Data Cloud Platform

2023, 9(7):  701. 

Asbtract ( )   PDF (1588KB) ( )  

References | Related Articles | Metrics

This paper designs a security protection system based on the continuous adaptive risk and trust assessment and security responsibility sharing model in accordance with the current network security needs of the meteorological big data cloud platform. With the protection of the meteorological big data cloud platform as the object, the five stages of security protection, including decisionmaking planning, defense in depth, monitoring and early warning, security response and security evaluation, are carried out around security management, security technology and security operation, which fully ensure the security operation of the meteorological big data cloud platform, and provide a new idea and new mode for the network security protection of the meteorological cloud platform in the future.

Application and Implementation of Commercial Cryptographic  Algorithm in Securities Industry

2023, 9(7):  707. 

Asbtract ( )   PDF (3040KB) ( )  

References | Related Articles | Metrics

This paper introduces the background of the application of commercial cryptographic algorithm, analyzes the current situation and security risks of the cryptographic application of the securities online trading system, and proposes a new online trading cryptographic application scheme witch is explained in detail from three aspects of system architecture, key cryptographic technologies involved and key cryptographic application scenarios, demonstrates the important role played by the State Secret in strengthening user identity authentication and data transmission encryption, improves the drawbacks of traditional solutions that rely on hardware USBKey to achieve cryptographic functions. The research is also useful for other industries to promote the application of commercial cryptographic algorithm.