CN113672479A - Data sharing method and device and computer equipment - Google Patents
Data sharing method and device and computer equipment Download PDFInfo
- Publication number
- CN113672479A CN113672479A CN202110459670.XA CN202110459670A CN113672479A CN 113672479 A CN113672479 A CN 113672479A CN 202110459670 A CN202110459670 A CN 202110459670A CN 113672479 A CN113672479 A CN 113672479A
- Authority
- CN
- China
- Prior art keywords
- data
- test
- analysis
- analysis test
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 86
- 238000004458 analytical method Methods 0.000 claims abstract description 197
- 238000012360 testing method Methods 0.000 claims abstract description 191
- 238000012544 monitoring process Methods 0.000 claims abstract description 61
- 238000012545 processing Methods 0.000 claims description 34
- 230000015654 memory Effects 0.000 claims description 19
- 238000012986 modification Methods 0.000 claims description 15
- 230000004048 modification Effects 0.000 claims description 15
- 230000002159 abnormal effect Effects 0.000 claims description 6
- 238000000586 desensitisation Methods 0.000 claims description 4
- 238000004590 computer program Methods 0.000 claims description 2
- 230000002123 temporal effect Effects 0.000 claims description 2
- 230000008569 process Effects 0.000 abstract description 25
- 238000007405 data analysis Methods 0.000 abstract description 16
- 238000007418 data mining Methods 0.000 abstract description 3
- 230000005611 electricity Effects 0.000 description 19
- 238000005065 mining Methods 0.000 description 8
- 230000006399 behavior Effects 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000012550 audit Methods 0.000 description 6
- 230000005540 biological transmission Effects 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 238000007726 management method Methods 0.000 description 6
- 238000011084 recovery Methods 0.000 description 4
- 239000000284 extract Substances 0.000 description 3
- 230000005856 abnormality Effects 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005265 energy consumption Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000010978 in-process monitoring Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/34—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment
- G06F11/3409—Recording or statistical evaluation of computer activity, e.g. of down time, of input/output operation ; Recording or statistical evaluation of user activity, e.g. usability assessment for performance assessment
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/32—Monitoring with visual or acoustical indication of the functioning of the machine
- G06F11/324—Display of status information
- G06F11/327—Alarm or error message display
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Quality & Reliability (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a data sharing method, a data sharing device and computer equipment, wherein the sharing method comprises the following steps: receiving data requirements of test analysts; distributing data authority to test analysts according to data requirements and a preset minimization rule; extracting initial data from a source database according to the data authority, generating an analysis test database, and monitoring the analysis test database; and when the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data, generating alarm information and revoking the data authority. By implementing the method, the permission is distributed according to the minimization principle by combining the received data requirements of the test analyst, and the safety monitoring is carried out on the whole data analysis and test process, so that the closed-loop safety control of the whole data sharing process is realized, the data safety protection level in the data analysis test service is improved, the data leakage hidden danger is prevented, the privacy safety of the data is ensured, and the data mining value is also realized.
Description
Technical Field
The invention relates to the field of data analysis and processing, in particular to a data sharing method and device and computer equipment.
Background
In the digital era, the data value is increasingly prominent, and the power industry has mass high-value data due to the existence of public service industry attributes, but data leakage can be caused due to the loss of protection strategies, so that more serious economic loss is caused, and even legal responsibility is caused. However, the high value in the mining data inevitably needs the addition of a third party to analyze and test the data, rather than the owner and manager of the data in the power industry, so that a huge hidden danger of data leakage exists in the data mining and analyzing process. Therefore, it is very important for owners and managers of power industry data to avoid hidden danger of data leakage in the process of utilizing data to exert value.
In the related art, a data encryption method or an auditing method is generally adopted to ensure the safety of data, but the methods have defects, the data encryption method can only ensure the safety of the data in the transmission process, and after the data is received by a third party, the data can be separated from the original safety control environment, so that the leakage risk exists; the auditing method can judge the data operation behavior only after the third party completes data analysis, so that the problem of data leakage is found to be lagged and not timely enough.
Disclosure of Invention
In view of this, embodiments of the present invention provide a data sharing method, an apparatus, and a computer device, so as to solve the problems in the related art that security beyond a data transmission process cannot be guaranteed and data leakage is found to be relatively delayed.
According to a first aspect, an embodiment of the present invention provides a data sharing method, including: receiving data requirements of test analysts; distributing data authority to the test analyst according to the data requirement and a preset minimization rule; extracting initial data from a source database according to the data authority, generating an analysis test database, and monitoring the analysis test database; and when the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data, generating alarm information and revoking the data authority.
Optionally, the extracting initial data from the source database according to the data permission to generate an analysis test database includes: determining a corresponding security protection strategy according to the type of the initial data, wherein the security protection strategy is at least one of encryption processing, desensitization processing, anonymization processing, scrambling processing and differential privacy processing; and processing the initial data according to the safety protection strategy to generate target data, and generating an analysis test database according to the target data.
Optionally, the analysis test database comprises an analysis test benchmark library and an analysis test variance library.
Optionally, the method further comprises: establishing and generating an analysis test reference library according to the target data; responding to data modification operations on the analysis test reference library; generating an analysis test difference library based on the data modification operation; generating a virtual mapping database according to the analysis test reference library and the analysis test difference library; and when a data access request of the analysis testing personnel is received, calling the virtual mapping database.
Optionally, the method further comprises: and when a completion signal of the test analyst is received, generating an operation log of an analysis test database according to the monitoring data, deleting the analysis test database and revoking the data authority.
Optionally, the method further comprises: and according to the operation log, when the monitoring data are determined to be abnormal, revoking the data permission of the test analyst corresponding to the operation log.
Optionally, the method further comprises: the monitoring data anomalies includes generating temporal anomalies or accessing data anomalies.
According to a second aspect, an embodiment of the present invention provides a data sharing apparatus, including: the data requirement receiving module is used for receiving the data requirement of a test analyst; the data authority distribution module is used for distributing data authority to the test analyst according to the data requirement and a preset minimization rule; the monitoring module is used for extracting initial data from a source database according to the data authority, generating an analysis test database and monitoring the analysis test database; and the revocation module is used for generating alarm information and revoking the data authority when determining that the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data.
According to a third aspect, an embodiment of the present invention provides a computer device, including: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the one processor to cause the at least one processor to perform the steps of the data sharing method of the first aspect or any one of the embodiments of the first aspect.
According to a fourth aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a processor, implements the steps of the data sharing method described in the first aspect or any one of the implementation manners of the first aspect.
The technical scheme of the invention has the following advantages:
the invention provides a data sharing method, a data sharing device and computer equipment, wherein the sharing method comprises the following steps: receiving data requirements of test analysts; distributing data authority to test analysts according to data requirements and a preset minimization rule; extracting initial data from a source database according to the data authority, generating an analysis test database, and monitoring the analysis test database; and when the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data, generating alarm information and revoking the data authority.
By implementing the method and the device, the problems that safety outside a data transmission process cannot be guaranteed and data leakage is found to be lagged in the related technology are solved, the permission is distributed according to the minimization principle by combining the received data requirements of test analysts, the safety monitoring is carried out on the whole data analysis and test process, the closed-loop safety control of the whole data sharing process is realized, the data safety protection level in the data analysis test service is improved, the hidden danger of data leakage is prevented, the privacy safety of the data is guaranteed, and the mining value of the data is also realized.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a flowchart of a specific example of a data sharing method in an embodiment of the present invention;
FIG. 2 is a diagram illustrating a relationship between an analysis test reference library, an analysis test exception library, and a virtual mapping database in the data sharing method according to an embodiment of the present invention;
FIG. 3 is a diagram illustrating data rights allocation and data usage behavior in a data sharing method according to an embodiment of the present invention;
FIG. 4 is a diagram of a data sharing system according to an embodiment of the present invention;
FIG. 5 is a schematic block diagram of a specific example of a data sharing apparatus according to an embodiment of the present invention;
FIG. 6 is a diagram showing a specific example of a computer device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
With the advent of the digital era, the value contained in data is increasingly prominent, for example, in the power industry, the power industry has mass high-value data due to the public service industry attribute, but the value of the data needs to be mined by special third-party personnel, so that a greater hidden danger of data leakage exists in the data analysis and test process. Therefore, for data owners and managers in the power industry, data needs to be utilized to exert value and data leakage risks need to be prevented, however, in the existing related technologies, means such as data encryption and data auditing are generally used, and data privacy security in the data value mining process cannot be guaranteed.
That is to say, under the background of current big data and artificial intelligence technology, on one hand, the data value needs to be deeply mined by a third-party professional team, on the other hand, the situations of data loss management and disappointment, data privacy disclosure and the like after data control right transfer need to be prevented, based on the background, the embodiment of the invention provides a data sharing method, a device and computer equipment, which solve the problems that the traditional encryption method can only ensure the safety of the transmission process, once the data is received and decrypted by analysis testers, the data can be separated from the original safety control environment, for data owners and managers, the shared data has hidden danger of management loss and disappointment, and also solve the problems that whether the data operation behavior of the third-party data testers is in compliance after the data is analyzed, the data leakage is found to be lagged, and the closed-loop safety control of the data sharing whole process can not be realized, the data sharing method, the data sharing device and the computer equipment are used for reasonably distributing data permissions to data analysis testers, monitoring the operation of the data analysis testers of a third party in the whole process based on a generated analysis test database, realizing the prior data permission management approval, the in-process data use safety monitoring and the post data log audit, and realizing the closed-loop data safety control of the whole data sharing process.
The method provided by the embodiment of the invention can be applied to the power industry and the like, particularly, a power system can comprise a system control module, and the data sharing method provided by the embodiment of the invention can be applied to the system control module.
An embodiment of the present invention provides a data sharing method, which can be applied to a system control module in an electrical power system, as shown in fig. 1, and includes:
step S11: receiving data requirements of test analysts; in this embodiment, the test analyst may be a professional third-party person who performs data value mining, and is different from the owner and manager of the power industry data; the data requirement can be information such as data use content, data use range, data use time, data operation flow, access network address and the like determined by a test analyst according to actual data mining needs.
Step S12: distributing data authority to test analysts according to data requirements and a preset minimization rule; in this embodiment, the preset minimization principle may be that the allocation data and the authority are minimum; specifically, the data requirements of the test analysts are determined according to the received data requirements of the test analysts and preset minimization rules, that is, according to the business processes and historical data of the power industry, and then data permissions are allocated to the test analysts, where the data permissions may include roles of users who can access the data, network addresses which can be accessed, data ranges which can be accessed, data time which can be accessed, and the like.
Specifically, when the service corresponding to the data requirement can be extracted from the historical data, the minimum data use permission can be distributed to the test analyst according to the service flow in the historical data; when the service corresponding to the data requirement is a new service, the authority distributed to the test analyst needs to be determined through the review of the expert database.
Step S13: extracting initial data from a source database according to the data authority, generating an analysis test database, and monitoring the analysis test database;
in this embodiment, the source database may be a database storing all data of the power system, and may be a source database storing related data when the power system starts to operate; according to the data authority distributed to the test analyst by the system control module, corresponding data can be extracted from the source database, and an analysis test database is generated after the data is subjected to safety protection processing. The analysis test database is used for providing data for analysis testers, and based on the generated analysis test database, a system control module of the power system can monitor the data behaviors of the analysis testers through monitoring the analysis test database, namely through monitoring the data in the analysis test database used by the analysis testers.
Specifically, after the data authority distributed by the system control module for the analysis testing personnel passes the approval of the superior control module, the system control module may extract corresponding data from the source database according to the data authority, perform safety protection processing based on the extracted data, then generate the analysis testing database, complete the data preparation process for the analysis testing personnel, and perform continuous and uninterrupted monitoring and supervision on the analysis testing database.
Step S14: and when the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data, generating alarm information and revoking the data authority. In this embodiment, the monitoring data is generated according to a monitoring process of the system control module on the analysis test database, for example, the monitoring data may be data behavior of other monitored terminals (e.g., analysis testers) on the data in the analysis test database, and may be any one or more of a data calling operation, a data accessing operation, and a data modifying operation, for example.
Specifically, when it is monitored that the access time of other terminals (e.g., analysis testers) to the analysis test database exceeds a specified time within the data permission, it is determined that the data operation of a certain analysis tester corresponding to the monitored data on the analysis test database exceeds the preset data permission, and at this time, alarm information may be generated and sent to a security manager, or the data permission allocated to the corresponding analysis tester may be directly revoked.
In an optional embodiment, when monitoring the high-risk operation of a certain analysis tester according to the monitoring data, the method can directly generate alarm information and send the alarm information to a safety manager, or directly revoke the data authority allocated to the corresponding analysis tester; high risk operations may be operations that exceed data permissions, such as accessing highly sensitive data; or may be an operation within the data authority but dangerous, such as modifying, deleting, etc. the core data information of the analysis test database.
Specifically, when the analysis tester uses the data in the analysis test database, the monitoring data is correspondingly generated, the data operation behavior of the analysis tester is actually acquired and analyzed according to the monitoring data, which may include operations of adding and deleting data, network addresses of the used data, time of the used data, data operation flow and the like, and is compared with the data authority distributed in the above embodiment in real time, if a high-risk operation or a data operation exceeding the authority is found, an alarm is immediately given in real time, an alarm message is generated, or the data use authority of the analysis tester is blocked, that is, the data authority of the analysis tester corresponding to the monitoring data is cancelled. High-risk operations include, but are not limited to, operations of bulk delete of data, bulk modify of data for unknown logic, bulk query traversal of data for unknown logic, unauthorized access to data of high sensitivity level, and the like.
The invention provides a data sharing method, which comprises the following steps: receiving data requirements of test analysts; distributing data authority to test analysts according to data requirements and a preset minimization rule; extracting initial data from a source database according to the data authority, generating an analysis test database, and monitoring the analysis test database; and when the monitored data is determined to exceed the data authority, generating alarm information and revoking the data authority.
By implementing the method and the device, the problems that safety outside a data transmission process cannot be guaranteed and data leakage is found to be lagged in the related technology are solved, the permission is distributed according to the minimization principle by combining the received data requirements of test analysts, the safety monitoring is carried out on the whole data analysis and test process, the closed-loop safety control of the whole data sharing process is realized, the data safety protection level in the data analysis test service is improved, the hidden danger of data leakage is prevented, the privacy safety of the data is guaranteed, and the mining value of the data is also realized.
As an optional embodiment of the present invention, the step S13, extracting initial data from the source database according to the data authority, and generating an analysis test database, includes:
determining a corresponding security protection strategy according to the type of the initial data, wherein the security protection strategy is at least one of encryption processing, desensitization processing, anonymization processing, scrambling processing and differential privacy processing; and processing the initial data according to the safety protection strategy to generate target data, and generating an analysis test database according to the target data.
In this embodiment, the type of the initial data may be defined according to a preset power sensitive data classification, so as to determine a sensitive level and a sensitive category of the initial data, and an actual meaning of the data represented by the initial data, such as a specific address of the electricity consumer, identity information of the electricity consumer, and the like; and performing corresponding safety protection processing on the initial data according to the corresponding safety protection strategy to generate target data, and forming an analysis test database based on the target data.
Specifically, the analysis test system may be a database management unit in the system control module, and the analysis test system extracts corresponding initial data from the source database according to the data authority allocated to the received data demand, and generates an analysis test database after performing security protection processing on the initial data; or directly generating an analysis test database based on the initial data, and further performing safety protection processing on the analysis test database, wherein the processed database is the analysis test database containing the target data.
As an optional embodiment of the present invention, the analysis test database includes an analysis test benchmark library and an analysis test difference library.
In this embodiment, the analysis test database may include an analysis test reference library and an analysis test difference library, and specifically, the analysis test reference library may be an analysis test reference library including target data generated after performing security protection processing based on the initial data extracted by the system control module through the process described in the above embodiment; the analysis test difference library corresponds to a plurality of analysis test persons one to one, that is, one analysis test difference library corresponds to one analysis test person, and the system control module is provided with a corresponding exclusive analysis test difference library for each analysis test person, specifically, when the data operation of the analysis test person corresponding to the monitoring data is determined to be a data modification operation according to the monitoring data, for example, any one of an add-delete operation and a change operation can be performed, at this time, the analysis test person indicates that some data in the analysis test reference library needs to be modified or corrected, at this time, in order to ensure the uniqueness and the safety of the source database and the analysis test reference library, the modified data is stored againToAnalyzing the test difference library and correspondingly correcting the analysis test reference libraryAnd the position is changed to be used as a modification mark.
As an optional embodiment of the present invention, the data sharing method further includes:
firstly, establishing and generating an analysis test reference library according to target data; in this embodiment, after the initial data is subjected to security protection processing, target data is generated, and an analysis test reference library is constructed based on the target data. The specific process of performing security protection processing on the initial data may include:
firstly, scanning an analysis test reference library, and analyzing the class of the analysis test reference library, specifically, identifying various sensitive data and determining the sensitivity level of the various sensitive data according to the classification and classification definition of preset power sensitive data; specifically, when the data is used for representing the identity card number, the energy consumption data and the like of the electricity consumption user, the data characteristics are scanned, and when the data contains the data characteristics of the identity card number and the like, the data can be determined to belong to the power sensitive data.
Secondly, the power sensitive data which is not related to the data service corresponding to the currently received data requirement can be encrypted. For example, in annual electricity utilization check business, only the electricity utilization condition of users with abnormal electricity utilization is analyzed, and only quantity statistics is needed for normal electricity utilization users without electricity utilization data, so that the electricity utilization data of the normal users can be encrypted. Specifically, the electricity data of the normal user can be encrypted by fields through the SM1 algorithm, and the original data structure of the user data of the normal user is not changed.
Desensitization processing is required for user personal information related to data services corresponding to currently received data requirements. For example, when regional power consumption analysis is performed, a user power consumption address may be involved, and at this time, processing such as local shielding and truncation needs to be performed on address information, so that the purpose that the user power consumption address belongs to the region can be identified, a specific power consumption address of the user is not leaked, and the security of user privacy data is protected.
Anonymization processing is needed for power sensitive data which may be related to user personal information in data services corresponding to currently received data requirements. For example, when the user credit analysis is performed according to the power utilization condition of the user, only historical power utilization data and payment data of the user are needed, and information such as a specific identity card number and a home address of the user needs to be anonymized, so that specific information of the user can be prevented from being leaked, and unique identification and mapping can be performed on the power utilization data, the payment data and the like of the user.
For power sensitive data which may represent individual power utilization conditions of users in data services corresponding to currently received data demands, scrambling processing is required. For example, when the big data analysis technology is used for analyzing the electricity consumption behavior of the user, only clustering analysis is needed, association with the individual user is not needed, and at the moment, data can be scrambled, so that the individual user information and the individual user electricity consumption information are not associated on the premise of not changing the overall electricity consumption condition distribution of the user.
For data services corresponding to currently received data requirements, the related power sensitive data features are very obvious, and even if measures such as anonymity and scrambling are taken, the data services can still be positioned to individual users, and differential privacy processing is required. For example, when analyzing the electricity consumption and the operation condition of an enterprise and public institution, the electricity consumption characteristics of a large electricity consumption client in a certain area are very obvious, which family the data belongs to can be judged only through the electricity consumption, at the moment, the electricity consumption data needs to be processed by adopting a differential privacy technology, and the individual data privacy of the large electricity consumption client is hidden on the premise of not changing the global specific characteristics.
Secondly, responding to data modification operation of the analysis test reference library; in this embodiment, the data modification operation may be sent by an analysis tester, and specifically, the analysis tester calculates data included in the analysis test reference library, and determines the data modification operation on the analysis test reference library according to the obtained calculation result and the historical experience database; the system control module can monitor the data modification operation of the analysis testing personnel on the analysis testing reference library.
Secondly, generating an analysis test difference library based on data modification operation; generating a virtual mapping database according to the analysis test reference library and the analysis test difference library; in this embodiment, when a certain analysis tester needs to perform an add/delete/modify operation on data in the analysis test reference library, the data after the add/delete/modify operation is stored in the analysis test difference library, which may be a corresponding analysis test difference library set for each analysis tester by system control. Specifically, the data after the add/delete/modify operation is stored in the analysis test difference library, and a modification mark is added to a corresponding position in the analysis test reference library, so that the data accessed by the current analysis tester can be ensured, the analysis test reference library is used as the reference for the add/delete/modify operation, the analysis test difference library which is used as the reference for the add/delete/modify operation is used, and the analysis test reference library and the analysis test difference library are mapped through virtual data to form a virtual mapping database facing the analysis tester.
Specifically, the schematic diagrams of the analysis test reference library, the analysis test difference library and the virtual mapping database may be as shown in fig. 2, where data that a user does not need to add or delete is represented in a non-filled box in the analysis test reference library, data that a user needs to add or delete is represented in a filled box, that is, a modification mark made by the system control module, data after the user performs addition or deletion is represented in a box with a filled mark in the analysis test difference library, and a virtual mapping database for an analysis tester is formed through virtual data mapping.
Secondly, when a data access request of an analysis tester is received, the virtual mapping database is called. In this embodiment, when an analysis tester needs to query access data, it is an analysis tester who directly faces the virtual mapping database, and when data that does not need to be added or deleted needs to be accessed again, the analysis tester can call the analysis test reference library to provide data for the analysis tester by accessing the virtual mapping database; when the data needing to be added or deleted needs to be accessed again, the analysis test difference library can be called to provide data for analysis testers by accessing the virtual mapping database.
As an optional embodiment of the present invention, the data sharing method further includes:
and when a completion signal of a test analyst is received, generating an operation log of the analysis test database according to the monitoring data, deleting the analysis test database and revoking the data authority. In this embodiment, when a completion signal of the test analyst is received, it is determined that the test analysis has completed using the analysis test database at this time, and the previously assigned data usage right needs to be recycled and archived at this time.
Specifically, when the data service of the analysis tester is completed, the system control module may receive a corresponding completion signal, and determine that the analysis tester applies for the recovery of the advanced data permission according to the completion signal, or by the method described in the above embodiment, the data access time specified in the data permission allocated to the analysis tester is 1 hour, and at this time, the use time of 1 hour has been reached, and at this time, the data permission also needs to be recovered, that is, the data permission is revoked.
Specifically, the revocation process of the data right may include: in the process described in the above embodiment, the system control module may allocate corresponding data access permissions and data operation permissions to each analysis tester according to the requirements of each analysis tester, that is, open the analysis test database to each analysis tester according to different data permissions, and allocate a unique data access operation account and an analysis test difference library dedicated to the account to each analysis tester.
When the data authority is revoked, firstly, the data access account of the analysis tester is closed, then, a data operation log is generated according to the monitoring data, then, the analysis test benchmark library, the analysis test difference library and the data operation log of the analysis tester are stored and filed, the data in the analysis test benchmark library and the analysis test difference library are deleted, the resources of the analysis test benchmark library and the analysis test difference library are revoked, the recovery and filing of the data use authority are completed, and the revocation of the data authority is also completed.
As an optional embodiment of the present invention, the data sharing method further includes: and according to the operation log, when the monitoring data are determined to be abnormal, the data authority of the test analyst corresponding to the operation log is cancelled. The monitoring data exception comprises a generation time exception or an access data exception.
In this embodiment, according to the generated operation log, performing associated audit on historical data operation of an analysis tester, including but not limited to historical data application and operation audit of the same network address, data operation historical habit audit of an analysis test workbench, data knowledge background and historical data operation associated audit of the analysis tester, and the like.
Specifically, although the data used by a single application is not sensitive, the data of historical multiple applications may be combined into sensitive data in association, and the data authority of the analysis tester should be warned or revoked.
For another example, a certain analysis tester historically performs data services at working day time, and when it is monitored that the generation time of the operation log is an abnormal time period, for example, data operation of a high-frequency word is performed at night, at this time, an alarm should be given or the data authority of the analysis tester should be revoked.
For another example, for a certain analysis tester, although data used by a single application is not sensitive, in combination with the analysis test business data knowledge background, data privacy may be leaked, and data authority of the analysis tester should be alarmed or revoked.
The data sharing method provided by the invention can realize the safe sharing of data based on the virtual mapping database, and realizes the prior authority distribution, the in-process monitoring, the after-operation audit and the end data recovery of the data by combining the analysis test reference library, the analysis test difference library and the virtual mapping database, thereby improving the data safety protection level in the data analysis test service. The data analysis test service is oriented, on the premise of carrying out overall-process closed-loop safety control on analysis test data sharing, a data environment is provided for analysis testers, data privacy safety can be guaranteed, data value mining is not hindered, and data safety and value mining are both achieved.
In an alternative embodiment, the process of assigning data rights and the process of generating monitoring data and the process of monitoring are described in detail with reference to fig. 3: in the process of assigning data permissions, firstly, a data application of an analysis tester is received, and then the system control module can assign the data permissions to the analysis tester in sequence, which specifically includes: defining an accessible database and a data table for the analysis tester, and an executable operation set, namely a set of operations which can be performed on the database by the analysis tester, and further comprising an accessible time period and an accessible address field;
specifically, in the monitoring process of the monitoring data, a test analyst monitors data operations of the analysis test database in real time, and when receiving a data access operation, compares the database, the data table, the time node, and the IP address accessed at this time corresponding to the data access operation with information included in the data authority to see whether an abnormality occurs, and also needs to count a received operation set executed for the analysis test database to see whether an abnormality occurs by comparing the operation set with a set of operations that the analysis analyst specified in the data authority can operate on the database.
In an optional embodiment, as shown in fig. 4, the data sharing method in the foregoing embodiment is described in detail, specifically, according to data requirements of a plurality of analysis testers, a system control module allocates corresponding data permissions to each analysis tester, extracts corresponding data from a source database, generates an analysis test reference library, and sets a corresponding analysis test difference library for each analysis tester, when an analysis tester performs data operation on an analysis test reference library, a data operation process starts to be monitored, and a management auditor corresponding to the system control module may implement management and control on data security, which may specifically include abnormal alarm, high-risk blocking, data permission recovery, sensitive data protection, and the like.
An embodiment of the present invention provides a data sharing apparatus, as shown in fig. 5, including:
the data requirement receiving module 21 is used for receiving the data requirement of the test analyst; the detailed implementation can be referred to the related description of step S11 in the above method embodiment.
The data authority distribution module 22 is used for distributing data authority to the test analyst according to the data requirement and a preset minimization rule; the detailed implementation can be referred to the related description of step S12 in the above method embodiment.
The monitoring module 23 is configured to extract initial data from a source database according to the data permission, generate an analysis test database, and monitor the analysis test database; the detailed implementation can be referred to the related description of step S13 in the above method embodiment.
And the revocation module 24 is configured to generate alarm information and revoke the data authority when it is determined that the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data. The detailed implementation can be referred to the related description of step S14 in the above method embodiment.
The invention provides a data sharing device, comprising: the data requirement receiving module 21 is used for receiving the data requirement of the test analyst; the data authority distribution module 22 is used for distributing data authority to the test analyst according to the data requirement and a preset minimization rule; the monitoring module 23 is configured to extract initial data from a source database according to the data permission, generate an analysis test database, and monitor the analysis test database; and the revocation module 24 is used for generating alarm information and revoking the data authority when the monitored data is determined to exceed the data authority.
By implementing the method and the device, the problems that safety outside a data transmission process cannot be guaranteed and data leakage is found to be lagged in the related technology are solved, the permission is distributed according to the minimization principle by combining the received data requirements of test analysts, the safety monitoring is carried out on the whole data analysis and test process, the closed-loop safety control of the whole data sharing process is realized, the data safety protection level in the data analysis test service is improved, the hidden danger of data leakage is prevented, the privacy safety of the data is guaranteed, and the mining value of the data is also realized.
An embodiment of the present invention further provides a computer device, as shown in fig. 6, the computer device may include a processor 31 and a memory 32, where the processor 31 and the memory 32 may be connected by a bus 30 or in another manner, and fig. 6 takes the example of connection by the bus 30 as an example.
The processor 31 may be a Central Processing Unit (CPU). The Processor 31 may also be other general purpose processors, Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components, or combinations thereof.
The memory 32, which is a non-transitory computer readable storage medium, may be used for storing non-transitory software programs, non-transitory computer executable programs, and modules, such as program instructions/modules corresponding to the data sharing method in the embodiments of the present invention. The processor 31 executes various functional applications and data processing of the processor by executing non-transitory software programs, instructions and modules stored in the memory 32, that is, implements the data sharing method in the above method embodiments.
The memory 32 may include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function; the storage data area may store data created by the processor 31, and the like. Further, the memory 32 may include high speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory 32 may optionally include memory located remotely from the processor 31, and these remote memories may be connected to the processor 31 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The one or more modules are stored in the memory 32 and, when executed by the processor 31, perform the data sharing method as in the embodiment shown in fig. 1.
The details of the computer device can be understood with reference to the corresponding related descriptions and effects in the embodiment shown in fig. 1, and are not described herein again.
The embodiment of the present invention further provides a non-transitory computer readable medium, where the non-transitory computer readable storage medium stores computer instructions, and the computer instructions are used to enable a computer to execute the data sharing method described in any of the above embodiments, where the storage medium may be a magnetic Disk, an optical Disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a Flash Memory (Flash Memory), a Hard Disk (Hard Disk Drive, abbreviated as HDD), or a Solid-State Drive (SSD); the storage medium may also comprise a combination of memories of the kind described above.
It should be understood that the above examples are only for clarity of illustration and are not intended to limit the embodiments. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. And obvious variations or modifications therefrom are within the scope of the invention.
Claims (10)
1. A method for sharing data, comprising:
receiving data requirements of test analysts;
distributing data authority to the test analyst according to the data requirement and a preset minimization rule;
extracting initial data from a source database according to the data authority, generating an analysis test database, and monitoring the analysis test database;
and when the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data, generating alarm information and revoking the data authority.
2. The method of claim 1, wherein the extracting initial data from a source database according to the data authority to generate an analysis test database comprises:
determining a corresponding security protection strategy according to the type of the initial data, wherein the security protection strategy is at least one of encryption processing, desensitization processing, anonymization processing, scrambling processing and differential privacy processing;
and processing the initial data according to the safety protection strategy to generate target data, and generating an analysis test database according to the target data.
3. The method of claim 2, wherein the analytical test database comprises an analytical test benchmarking library and an analytical test variation library.
4. The method of claim 3, further comprising:
establishing and generating an analysis test reference library according to the target data;
responding to data modification operations on the analysis test reference library;
generating an analysis test difference library based on the data modification operation;
generating a virtual mapping database according to the analysis test reference library and the analysis test difference library;
and when a data access request of the analysis testing personnel is received, calling the virtual mapping database.
5. The method of claim 1, further comprising:
and when a completion signal of the test analyst is received, generating an operation log of an analysis test database according to the monitoring data, deleting the analysis test database and revoking the data authority.
6. The method of claim 5, further comprising:
and according to the operation log, when the monitoring data are determined to be abnormal, revoking the data permission of the test analyst corresponding to the operation log.
7. The method of claim 6, wherein monitoring for data anomalies comprises generating temporal anomalies or accessing data anomalies.
8. A data sharing apparatus, comprising:
the data requirement receiving module is used for receiving the data requirement of a test analyst;
the data authority distribution module is used for distributing data authority to the test analyst according to the data requirement and a preset minimization rule;
the monitoring module is used for extracting initial data from a source database according to the data authority, generating an analysis test database and monitoring the analysis test database;
and the revocation module is used for generating alarm information and revoking the data authority when determining that the data operation corresponding to the monitoring data exceeds the data authority according to the monitoring data.
9. A computer device, comprising: at least one processor; and a memory communicatively coupled to the at least one processor; wherein the memory stores instructions executable by the one processor to cause the at least one processor to perform the steps of the data sharing method of any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the data sharing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110459670.XA CN113672479A (en) | 2021-04-27 | 2021-04-27 | Data sharing method and device and computer equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110459670.XA CN113672479A (en) | 2021-04-27 | 2021-04-27 | Data sharing method and device and computer equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113672479A true CN113672479A (en) | 2021-11-19 |
Family
ID=78538090
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110459670.XA Pending CN113672479A (en) | 2021-04-27 | 2021-04-27 | Data sharing method and device and computer equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113672479A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114154132A (en) * | 2022-02-10 | 2022-03-08 | 北京华科软科技有限公司 | Data sharing method based on service system |
| CN115225392A (en) * | 2022-07-20 | 2022-10-21 | 广州图创计算机软件开发有限公司 | Safety protection system for smart library |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098254A (en) * | 2007-05-25 | 2008-01-02 | 上海众恒信息产业有限公司 | Data security control method and apparatus for information system |
| CN104462559A (en) * | 2014-12-25 | 2015-03-25 | 广东电子工业研究院有限公司 | Mainstream relation type database table mode objectification and virtualization mechanism |
| CN107689954A (en) * | 2017-08-21 | 2018-02-13 | 国家电网公司 | Power information system monitoring method and device |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN109766322A (en) * | 2018-12-30 | 2019-05-17 | 三盟科技股份有限公司 | A kind of data share exchange method and system |
| CN110290138A (en) * | 2019-06-27 | 2019-09-27 | 苏宁消费金融有限公司 | Limitation login method and system suitable for test database |
| CN111177782A (en) * | 2019-12-30 | 2020-05-19 | 智慧神州(北京)科技有限公司 | Method and device for extracting distributed data based on big data and storage medium |
| CN111191279A (en) * | 2019-12-21 | 2020-05-22 | 河南中原云信信息技术有限公司 | Big data safe operation space implementation method and system oriented to data sharing service |
| CN111651508A (en) * | 2020-04-27 | 2020-09-11 | 平安城市建设科技(深圳)有限公司 | Operation and maintenance data management method and device, electronic equipment and storage medium |
-
2021
- 2021-04-27 CN CN202110459670.XA patent/CN113672479A/en active Pending
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101098254A (en) * | 2007-05-25 | 2008-01-02 | 上海众恒信息产业有限公司 | Data security control method and apparatus for information system |
| CN104462559A (en) * | 2014-12-25 | 2015-03-25 | 广东电子工业研究院有限公司 | Mainstream relation type database table mode objectification and virtualization mechanism |
| CN107689954A (en) * | 2017-08-21 | 2018-02-13 | 国家电网公司 | Power information system monitoring method and device |
| CN108418676A (en) * | 2018-01-26 | 2018-08-17 | 山东超越数控电子股份有限公司 | A kind of data desensitization method based on permission |
| CN109766322A (en) * | 2018-12-30 | 2019-05-17 | 三盟科技股份有限公司 | A kind of data share exchange method and system |
| CN110290138A (en) * | 2019-06-27 | 2019-09-27 | 苏宁消费金融有限公司 | Limitation login method and system suitable for test database |
| CN111191279A (en) * | 2019-12-21 | 2020-05-22 | 河南中原云信信息技术有限公司 | Big data safe operation space implementation method and system oriented to data sharing service |
| CN111177782A (en) * | 2019-12-30 | 2020-05-19 | 智慧神州(北京)科技有限公司 | Method and device for extracting distributed data based on big data and storage medium |
| CN111651508A (en) * | 2020-04-27 | 2020-09-11 | 平安城市建设科技(深圳)有限公司 | Operation and maintenance data management method and device, electronic equipment and storage medium |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114154132A (en) * | 2022-02-10 | 2022-03-08 | 北京华科软科技有限公司 | Data sharing method based on service system |
| CN114154132B (en) * | 2022-02-10 | 2022-05-20 | 北京华科软科技有限公司 | Data sharing method based on service system |
| CN115225392A (en) * | 2022-07-20 | 2022-10-21 | 广州图创计算机软件开发有限公司 | Safety protection system for smart library |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Khan et al. | Cloud log forensics: Foundations, state of the art, and future directions | |
| US20160156671A1 (en) | Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| CN108833514A (en) | Audit log processing method, device and Log Audit System based on block chain | |
| US10212169B2 (en) | Enforcing data security in a cleanroom data processing environment | |
| CN112560027A (en) | Data safety monitoring system | |
| CN114372286A (en) | Data security management method and device, computer equipment and storage medium | |
| CN110443048A (en) | Data center looks into number system | |
| CN111726353A (en) | Sensitive data grading protection method and grading protection system based on numerical control system | |
| CN112329031A (en) | Data authority control system based on data center | |
| CN109657492B (en) | Database management method, medium, and electronic device | |
| CN103414585A (en) | Method and device for building safety baselines of service system | |
| CN113672479A (en) | Data sharing method and device and computer equipment | |
| CN113495920A (en) | Content auditing system, method and device based on block chain and storage medium | |
| CN105635320A (en) | Method and equipment for calling configuration information | |
| CN113792308A (en) | Government affair sensitive data oriented security behavior risk analysis method | |
| CN113132318A (en) | Active defense method and system for information safety of power distribution automation system master station | |
| CN114372098A (en) | Platform and method for protecting and mining power data middling station private data based on privileged account management | |
| CN116561785A (en) | Information data processing method and device, electronic equipment and storage medium | |
| CN114218194A (en) | Data bank safety system | |
| CN117459327B (en) | Cloud data transparent encryption protection method, system and device | |
| Manikandakumar et al. | Security and Privacy Challenges in Big Data Environment | |
| CN112149112A (en) | Enterprise information security management method based on authority separation | |
| Wu et al. | Public cloud security protection research | |
| Guo | Management system for secure mobile application development |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Global energy Internet Research Institute Co., Ltd Document name: Notification of conformity |
|
| DD01 | Delivery of document by public notice | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |