摘要
针对企业大数据环境下散乱、粗放的数据安全防护问题,提出一种基于分类分级的数据全生命周期安全防护体系,设计实现了数据资产安全管控平台。首先,基于数据资产分类分级模型对数据资产进行细粒度的划分,有效界定了数据资产之间的价值差异,为企业制定精确、恰当的安全防护策略奠定了基础;其次,通过将加解密、防泄漏、跟踪取证等不同安全工具集成联动、统一配置,实现了对数据资产全生命周期的无缝保护;最后,基于分布式数据库HBase对海量审计日志进行分析处理,为管理员提供了快速告警取证和全方位的安全视图。分级加密实验中,数据量相同时,Speck算法的加密效率是AES-128的2.7倍,且随着数据量的快速增加,Speck的加密效率优势更加明显。平台的实际应用表明,分级防护策略、告警事件取证和数据资产的统一安全监控视图能够有效提高数据资产的安全防护能力。
Since the data security protection of corporation is scattered and coarse-grained under big data environment,a security protection architecture around the whole life cycle of data based on hierarchical classification was proposed,and a data security control platform was designed and implemented.Firstly,data assets were partitioned granularly based on the data hierarchical classification model,and then the difference in the value of data assets was expressed effectively,so that it is possible for corporation to make precise and appropriate security policy.Secondly,the integration of many different security tools achieves the whole life cycle security of data,such as encryption tool,leakage protection tool and forensic tool.Finally,huge amounts of audit logs were analyzed based on HBase,which is a distributed database,and then rapid forensics and full security view were provided.In the hierarchical encryption experiments,the encryption efficiency of Speck algorithm is 2.7times better than AES-128 on the same amount of data,and with the data size increases rapidly,the advantage of Speck is highlighted.From the practical applications,grading protection strategy,alarm event forensics and the united security view of data assets can effectively improve the security protection ability of data assets.
出处
《计算机应用》
CSCD
北大核心
2016年第A01期265-268,共4页
journal of Computer Applications
基金
中国科学院战略性先导科技专项(XDA06040601)
新疆维吾尔自治区科技专项(201230121)
关键词
数据资产
分类分级
加密
防泄漏
取证
data assets
hierarchical classification
encryption
leakage prevention
forensics
