CN112800473B - Data processing method based on big data safety house - Google Patents
Data processing method based on big data safety house Download PDFInfo
- Publication number
- CN112800473B CN112800473B CN202110285868.0A CN202110285868A CN112800473B CN 112800473 B CN112800473 B CN 112800473B CN 202110285868 A CN202110285868 A CN 202110285868A CN 112800473 B CN112800473 B CN 112800473B
- Authority
- CN
- China
- Prior art keywords
- data
- processing
- big
- big data
- instruction set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Computing Systems (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a data processing method based on a big data safety house, which comprises the following steps: receiving a big data access processing request and generating a service token corresponding to the big data access processing request, wherein the service token has uniqueness; initializing a corresponding execution sandbox environment according to the service token, and putting a data subset and a data processing instruction set related to the big data access processing request into the execution sandbox environment; completing the big data access processing request in the execution sandbox environment, performing data security isolation processing on cross-domain data to obtain an isolation processing result, and performing desensitization processing to obtain a desensitization processing result; and releasing the execution sandbox environment, eliminating the data subset and the data processing instruction set, logging off the service token, and sending the desensitization processing result. The invention can improve the safety controllability of data.
Description
Technical Field
The invention relates to the technical field of big data processing, in particular to a data processing method based on a big data security house.
Background
The existing big data processing transmits processing logic codes to distributed data nodes for data operation processing through distributed services based on underlying big data storage. Although the mode executes localized data processing in multiple nodes through distributed deployment, the performance cost brought by network transmission is reduced as much as possible. However, the locally executed data processing task lacks an effective security management and control capability, and cannot ensure the security of data in the distributed data processing process. Especially when distributed data processing of a wide area network is involved, the existing big data processing mechanism is further unable to meet the requirements of security and confidentiality of data and high controllability of the available field of data.
Disclosure of Invention
The invention aims to provide a data processing method based on a big data safety house, and safety and controllability of data are improved.
The technical scheme adopted by the invention for solving the technical problems is as follows: the data processing method based on the big data safety house comprises the following steps:
(1) receiving a big data access processing request and generating a service token corresponding to the big data access processing request, wherein the service token has uniqueness;
(2) initializing a corresponding execution sandbox environment according to the service token, and putting a data subset and a data processing instruction set related to the big data access processing request into the execution sandbox environment;
(3) completing the big data access processing request in the execution sandbox environment, realizing the data security isolation processing of cross-domain data to obtain an isolation processing result, and performing desensitization processing on the isolation processing result to obtain a desensitization processing result;
(4) and releasing the execution sandbox environment, eliminating the data subset and the data processing instruction set, logging off the service token, and sending the desensitization processing result.
The step (1) further comprises a step of confirming the identity of the initiator after receiving the big data access processing request, and a service token corresponding to the big data access processing request is generated after the identity of the initiator passes.
And (3) after the data subset and the data processing instruction set related to the big data access processing request are placed in the execution sandbox environment in the step (2), the step of saving the extraction state, the data volume and the data set range of the data subset, and the loading state and the instruction set range of the data processing instruction set to a log is further included.
The step (3) further comprises the step of saving the data processing state, the result data volume and the desensitization condition to a log.
The step (4) further comprises saving the processing state and the result of the big data access processing request in a log.
Advantageous effects
Due to the adoption of the technical scheme, compared with the prior art, the invention has the following advantages and positive effects:
the invention adopts active data loading to ensure that the sandbox execution environment only stores limited related data subsets, avoids cross-domain data access leakage, adopts a unique service token to ensure that the data of the sandbox execution environment realizes safe isolation modes such as isolation caching, isolation register and isolation calculation and the execution safety of a processing instruction set, and ensures effective desensitization of the processing result after the sandbox execution through active desensitization.
The invention effectively solves the system contradiction between the execution efficiency and the data access safety control in the big data processing access through the technical scheme of safe and credible data loading, processing execution and active desensitization. The data security room mechanism realized by the invention can be widely applied to the safe and credible application of large data sources, and the social public data resources acquired with high cost are really, efficiently and safely applied to the commercial application of various industries, thereby improving the social benefit.
Drawings
FIG. 1 is a flow chart of the present invention.
Detailed Description
The invention will be further illustrated with reference to the following specific examples. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention. Further, it should be understood that various changes or modifications of the present invention may be made by those skilled in the art after reading the teaching of the present invention, and such equivalents may fall within the scope of the present invention as defined in the appended claims.
The embodiment of the invention relates to a data processing method based on a big data safety house, which comprises the following steps as shown in figure 1:
and (1) confirming the identity of an initiator of the request and the related big data access authority by authenticating the big data access processing request. After the authentication of the big data access processing request is completed in the step (1), the corresponding big data access processing request information and the corresponding authentication result are recorded in the log through the step (1 a).
And (2) for the big data access processing request which is authenticated and confirmed to be effective through the step (1), applying for and generating a corresponding unique service token for the safe and reliable execution and data isolation of the subsequent step. After the service token generation is completed in the step (2), recording a corresponding big data access request log in the log through the step (2a), and keeping the service token generated by the request.
And (3) initializing a corresponding execution sandbox environment based on the service token generated in the step (2). Extracting relevant data subsets according to the big data access processing request accepted in the step (1) and storing the relevant data subsets in an execution sandbox environment. After the initialization preparation of the sandbox environment is executed in the step (3), the corresponding data subset extraction state, the data volume, the data set range and other relevant information are recorded in the log through the step (3a) for subsequent verification.
And (4) loading a related data processing instruction set according to the large data access processing request accepted in the step (1) based on the service token generated in the step (2) and storing the loaded related data processing instruction set in an execution sandbox environment. After the data processing instruction set is loaded to the execution sandbox in the step (4), the relevant information such as the loading state, the instruction set range and the like of the corresponding data processing instruction set is recorded in the log through the step (4a) for subsequent verification.
And (5) starting the step (4) to load a data processing instruction set in the execution sandbox environment based on the service token generated in the step (2) to complete processing of the data subset stored in the step (3), so that data security isolation processing of cross-domain data is realized to obtain an isolation processing result, and desensitization processing is performed on the obtained isolation processing result. After the step (5) completes the execution of the data processing instruction set and generates a desensitization processing result, the step (5a) records relevant information such as corresponding data processing state, result data volume, desensitization condition and the like into a log for subsequent verification.
And (6) releasing the execution sandbox environment initialized in the step (3), and releasing and eliminating the corresponding data subset stored in the sandbox in the step (3) and the data processing instruction set loaded in the sandbox in the step (4). And (3) then, the step (6) logs off the unique service token generated by the step (2) and returns the desensitization processing result generated in the step (5) to the initiator of the big data access processing request. After the desensitization processing result is returned in the step (6), the processing state and the result of the final big data access processing request are recorded in a log through the step (6a) for subsequent verification.
The invention adopts active data loading to ensure that the sandbox execution environment only stores limited related data subsets, avoids cross-domain data access leakage, adopts a unique service token to ensure the data security isolation and the processing instruction set execution security of the sandbox execution environment, and ensures effective desensitization of the processing result after the sandbox execution through active desensitization.
Claims (5)
1. A data processing method based on a big data safety house is characterized by comprising the following steps:
(1) receiving a big data access processing request and generating a service token corresponding to the big data access processing request, wherein the service token has uniqueness;
(2) initializing a corresponding execution sandbox environment according to the service token, ensuring the data security isolation of the execution sandbox environment and the execution security of a processing instruction set, and putting a data subset and a data processing instruction set related to the big data access processing request into the execution sandbox environment;
(3) completing the big data access processing request in the execution sandbox environment, realizing the data security isolation processing of cross-domain data to obtain an isolation processing result, and performing desensitization processing on the isolation processing result to obtain a desensitization processing result;
(4) and releasing the execution sandbox environment, eliminating the data subset and the data processing instruction set, logging off the service token, and sending the desensitization processing result.
2. The data processing method based on the big data security house as claimed in claim 1, wherein the step (1) further comprises a step of confirming the identity of the initiator after receiving the big data access processing request, and the service token corresponding to the big data access processing request is generated after the identity of the initiator passes.
3. The big-data security house-based data processing method according to claim 1, wherein the step (2) of putting the data subset and the data processing instruction set related to the big data access processing request into the execution sandbox environment further comprises the step of saving the extraction state, the data amount and the data set range of the data subset, and the loading state and the instruction set range of the data processing instruction set into a log.
4. The big-data security house-based data processing method as claimed in claim 1, wherein the step (3) further comprises the step of saving the data processing state, the result data volume and the desensitization condition to a log.
5. The big-data security house-based data processing method according to claim 1, wherein the step (4) further comprises saving the processing status and the result of the big data access processing request in a log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110285868.0A CN112800473B (en) | 2021-03-17 | 2021-03-17 | Data processing method based on big data safety house |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110285868.0A CN112800473B (en) | 2021-03-17 | 2021-03-17 | Data processing method based on big data safety house |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112800473A CN112800473A (en) | 2021-05-14 |
| CN112800473B true CN112800473B (en) | 2022-01-04 |
Family
ID=75817115
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110285868.0A Active CN112800473B (en) | 2021-03-17 | 2021-03-17 | Data processing method based on big data safety house |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112800473B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113065126B (en) * | 2021-06-03 | 2022-05-27 | 北京数安行科技有限公司 | Personal information compliance method and device based on distributed data sandbox |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103080873A (en) * | 2010-04-12 | 2013-05-01 | 谷歌公司 | Extension framework for input method editor |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8276152B2 (en) * | 2007-12-05 | 2012-09-25 | Microsoft Corporation | Validation of the change orders to an I T environment |
| CN108234223B (en) * | 2018-04-19 | 2021-09-07 | 郑州云海信息技术有限公司 | Safety service design method of data center integrated management system |
| US10776196B2 (en) * | 2018-08-29 | 2020-09-15 | International Business Machines Corporation | Systems and methods for anomaly detection in a distributed computing system |
| CN110399209B (en) * | 2019-07-26 | 2022-02-25 | 中国工商银行股份有限公司 | Data processing method, system, electronic device and storage medium |
| CN112329007B (en) * | 2021-01-06 | 2021-04-13 | 睿至科技集团有限公司 | Sensitive data controllable sharing system and method |
-
2021
- 2021-03-17 CN CN202110285868.0A patent/CN112800473B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103080873A (en) * | 2010-04-12 | 2013-05-01 | 谷歌公司 | Extension framework for input method editor |
Non-Patent Citations (2)
| Title |
|---|
| Execution of Big Data Analytics in Automotive Industry using Hortonworks Sandbox;Sukhpreet Singh et al;《IEEE》;20200901;158-163 * |
| 大数据环境下数字图书馆信息安全策略研究;程罗德;《图书馆学刊》;20200130;第42卷(第1期);74-79 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112800473A (en) | 2021-05-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110096857B (en) | Authority management method, device, equipment and medium for block chain system | |
| CN107911373B (en) | A kind of block chain right management method and system | |
| US20200175583A1 (en) | Blockchain-based leasing | |
| CN103475484B (en) | USB key authentication methods and system | |
| CN103139200A (en) | Single sign-on method of web service | |
| CN101827101A (en) | Information asset protection method based on credible isolated operating environment | |
| CN109756446A (en) | A kind of access method and system of mobile unit | |
| CN112800473B (en) | Data processing method based on big data safety house | |
| CN103500202A (en) | Security protection method and system for light-weight database | |
| CN113395406B (en) | Encryption authentication method and system based on power equipment fingerprint | |
| CN105022939A (en) | Information verification method and device | |
| CN115941171A (en) | Network key exchange negotiation method, device and network equipment | |
| CN111884814A (en) | Method and system for preventing counterfeiting of intelligent terminal | |
| CN101702724A (en) | Safe control method and device of network access | |
| CN107645474B (en) | Method and device for logging in open platform | |
| CN102983969B (en) | Security login system and security login method for operating system | |
| CN112580114B (en) | Information processing method, device, equipment and storage medium | |
| CN106548097A (en) | The operation method and device of network device software | |
| US20230303032A1 (en) | Cloud-based keyless entry system | |
| CN110990111B (en) | Method and system for verifying virtual trusted root in cloud environment | |
| CN103559430A (en) | Application account management method and device based on android system | |
| CN105516134A (en) | Authentication method and system for system integration | |
| CN115296795A (en) | System and method for processing hybrid encryption information and on communication chip | |
| CN111369246B (en) | Calling authentication method and device of intelligent contract, electronic equipment and storage medium | |
| US9098266B1 (en) | Data layer service availability |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |