面向数据合规的匿名通用流程与风险评估方法  

作　　者：袁煜琳 袁曙光 于晶[1,2,3] 陈驰 YUAN Yulin;YUAN Shuguang;YU Jing;CHEN Chi(Institute of Information Engineering,Chinese Academy of Sciences,Beijing 100085,China;School of Cyber Security,University of Chinese Academy of Sciences,Beijing 100049,China;Key Laboratory of Cyberspace Security Defense,Beijing 100085,China)

机构地区：[1]中国科学院信息工程研究所,北京100085 [2]中国科学院大学网络空间安全学院,北京100049 [3]网络空间安全防御重点实验室,北京100085

出　　处：《信息网络安全》2024年第12期1855-1870,共16页Netinfo Security

基　　金：中国科学院战略性先导科技专项(B类)[XDB0690303]。

摘　　要：个人隐私泄露是当前数据安全面临的严峻挑战。匿名技术通过对个人信息去标识化以降低隐私泄露的风险,但是不恰当的匿名处理流程会影响匿名结果,并且匿名数据仍存在一定程度的重识别风险。随着国内对数据安全流通监管的加强,如何面向数据合规,制定匿名流程,评估数据风险,对个人信息共享有重要意义。以往的匿名风险评估大多通过攻击模型判定安全性,忽视了匿名流程中的风险以及匿名数据的合规性。因此,文章提出一个匿名通用流程,并在此基础上,聚焦数据的安全性和合规性展开风险评估。安全性评估围绕流程风险和数据重识别风险提出配套的评估方法以及指标体系。合规性评估归纳现有标准并提出可量化的合规要求,在评估安全性的同时完成合规判定。文章设计匿名流程的仿真实验,验证了匿名通用流程的可行性,并通过模拟不同的风险场景,验证了风险评估方法可有效发现潜在威胁。The leakage of personal privacy has emerged as a critical challenge in data security.Anonymization can effectively reduce the risk of privacy leakage by deidentification of personal information.However,inappropriate data processing methods can affect the results.Moreover,a residual risk of re-identification remains after data release.As domestic security supervision on data circulation intensifies,it is of great significance for personal information sharing to establish a reasonable anonymization process and assess the residual risks of anonymized data under data compliance.The previous anonymous risk assessment primarily center on evaluating data security through attack models.Additionally,these studies often overlook inherent risks within the anonymous process itself and the compliance of anonymous data.Therefore,this article introduced an anonymization general process.Building upon it,a risk assessment around data security and compliance was devised.The risk assessment method focused on process risk and data re-identification risk.It contained a supporting evaluation method and index system.In compliance evaluation,this article summarized existing standards.It proposed quantifiable compliance requirements to ensure compliance while assessing data risks.Finally,this article conducted a simulation experiment of anonymous process to verify process feasibility.The experimental result verifies that the risk assessment method can effectively detect potential threats in anonymization by simulating different risk scenarios.

关 键 词：数据合规 匿名通用流程 匿名风险评估 流程风险 重识别风险 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]