动态信任管理模型在农业科学数据安全领域的应用探索

doi:10.13998/j.cnki.issn1002-1248.2020.10.20-0444

摘要/Abstract

摘要： [目的/意义]为适应数据密集型农业科研范式的需要,农业科学数据的安全防护亟需向着动态化、自适应的方向发展。信任管理是保障数据安全的核心手段之一,其管理模型的动态化研究和应用探索具有十分重要的意义。[方法/过程]本文梳理了动态信任管理模型的发展历程和理论框架,分析了农业科学数据全生命周期的业务特点,总结了农业科学数据信任管理的现实需求,阐述了在农业科学数据安全领域实践动态信任管理模型的合理性和可行性。在此基础上,结合农业科研本身的业务特征,从用户信任、设备信任和应用信任3个层面探索了动态信任管理模型在农业科学数据安防领域的应用方法和要点。[结果/结论]研究展望了动态信任管理模型的应用前景和未来的发展方向,讨论了动态信任管理模型向动态流量管理和动态授权管理扩展以及和SDP相结合的可能性和必要性。

关键词: 动态信任管理, 数据安全, 农业, 科学数据

Abstract: [Purpose/Significance] In order to meet the needs of intensive agricultural data research, the security protection of agricultural data needs to be developed in a dynamic and adaptive direction. Trust management is one of the core means to ensure data security, the dynamic research and application exploration of its management model is of great significance. [Method/Process] This paper reviews the development process and theoretical framework of dynamic trust management model, analyzes the characteristics of the whole life cycle of agricultural data, summarizes the practical needs of trust management of agricultural data, and expounds the rationality and feasibility of practicing the dynamic trust management model in the field of agricultural data security. On the basis of the above research, combined with the business characteristics of agricultural research itself, this paper explores the application methods and key points of dynamic trust management model in the field of agricultural data security from the aspects of user trust, equipment trust and application trust. [Results/Conclusions] At the end of this paper, the application prospect and future development direction of dynamic trust management model are prospected. The possibility and necessity of expansion and development of a dynamic trust management model to dynamic traffic management and dynamic authorization management, as well as combining with SDP, are discussed.

Key words: dynamic trust management, data security, agricultural, scientific data

中图分类号:

G250

吴定峰, 刘婷婷, 王剑, 胡林. 动态信任管理模型在农业科学数据安全领域的应用探索[J]. 农业图书情报学报, 2020, 32(10): 16-24.

WU Dingfeng, LIU Tingting, WANG Jian, HU Lin. Applications of Dynamic Trust Management Model in Agricultural Scientific Data Security[J]. Journal of Library and Information Science in Agriculture, 2020, 32(10): 16-24.

参考文献

[1] BLAZE M, FEIGENBAUM J, LACY J.Decentralized trust management[C]. Proceedings of the 17th symposium on security and privacy, Oakland: IEEE computer society press, 1996: 164-173.
[2] BLAZE M, FEIGENBAUM J, IOANNIDIS J, et al.The role of trust management in distributed systems security[C]. Secure internet programming: issues for mobile and distributed objects, Berlin: Springer-Verglag, 1999: 185-210.
[3] POVEY D.Developing electronic trust policies using a risk management model[C]. Proc. of the 1999 CQRE congress, 1999: 1-16.
[4] 吴晓凌. 面向服务的动态信任模型和信任管理[D]. 武汉: 武汉大学, 2012.
[5] GAMBETTA D.Can we trust trust?//Trust: Making and breaking cooperative relations[C]. Oxford: Basil Blackwell, 1990: 213-238.
[6] ABDUL-RAHMAN A, HAILES S.A distributed trust model[C]. Proceedings of the 1997 workshop on new security paradigms, New York, USA: ACM Press, 1998: 48-60.
[7] ABDUL-RAHMAN A, HAILES S.Using recommendations for man-aging trust in distributed systems[C]. Proc. of the IEEE Malaysia int’l conf. on communication’97, 1997.
[8] 李承,汪为农.分布式信任模型直接信任的模糊计算方法[J].计算机应用与软件,2004(8): 84-86.
[9] ABDUL-RAHMAN A, HAILES S.Supporting trust in virtual communities[C]. Proceedings of the 33rd Hawaii international conference on system sciences, Maui, Hawaii, 2000: 6007-6016.
[10] CHANG E, THOMSON P, DILLON T, et al.The fuzzy and dynamic nature of trust[C]. LNCS 3592, Berlin: Springer-Verlag, 2005: 161-174.
[11] 常俊胜, 王怀民, 尹刚. DyTrust: 一种P2P系统中基于时间帧的动态信任模型[J]. 计算机学报, 2006, 29(8): 1301-1306.
[12] 方群, 吉逸, 吴国新, 等. 一种基于行程编码的P2P网络动态信任模型[J]. 软件学报, 2009, 20(6): 1602-1616.
[13] 郭磊涛, 杨寿保, 王菁, 等. P2P网络中基于矢量空间的分布式信任模型[J]. 计算机研究与发展, 2006, 43(9): 1564-1570.
[14] 梁军涛, 蒋晓原. 一种基于推荐的Web服务信任模型[J]. 计算机工程, 2007, 33(15): 52-54.
[15] 李小勇, 桂小林. 可信网络中基于多维决策属性的信任量化模型[J]. 计算机学报, 2009, 3(32): 405-415.
[16] 代战锋, 温巧燕, 李小标. P2P网络环境下的推荐信任模型方案[J]. 北京邮电大学学报, 2009, 32(3): 69-72.
[17] CONRAN M. Zero trust: Single packet authorization passive authorization[EB/OL]. (2019-06-18) [2020-03-05]. https://network-insight.net/2019/06/zero-trust-single-packet-authorization-passive-authorization/.
[18] ROSE S, BORCHERT O, MITCHELL S, et al.NIST. SP. 800-207-draft2 zero trust architecture[S]. Gaithersburg: National institute of standards and technology special publication, Maryland, United States, 2020.
[19] EVAN G, DOUG B.Zero trust networks: building secure systems in untrusted networks[B]. Sebastopol, CA: O'Reilly media, 2017.
[20] ARIN G R, DAMIANI E, DIVIMERCATI D C, et al.Assessing efficiency of trust management in Peer-to-Peer systems[J]. IEEE, 2005, 20(13/15): 368-373.
[21] SONG S, HWANG K, ZHOU R, et al.Trusted P2P transactions with fuzzy reputation aggregation[J]. IEEE internet computing, 2005, 9(6): 24-34.
[22] SUN Y, YU W, HAN Z, et al.Information theoretic framework of trust modeling and evaluation for ad hoc networks[J]. IEEE Journal on Selected Areas in Communications, 2006, 249(2): 305-319.
[23] 代战锋, 温巧燕, 李小标. P2P网络环境下的推荐信任模型方案[J]. 北京邮电大学学报, 2009, 32(3): 69-72.
[24] HEY T, TANSLEY S, TOLLE K M.The fourth paradigm: Data-intensive scientific discovery[J]. External research, Microsoft research, Redmond, 2011, 99(8): 24-32.
[25] 毕达天, 曹冉, 杜小民. 科学数据共享研究现状与展望[J]. 图书情报工作, 2019, 63(24): 69-76
[26] OECD. OECD principles and guidelines for access to research data from public funding[EB/OL]. [2018-09-01]. http://www.oecd.org/science/scitech/38500813.pdf.
[27] USGS. USGS Data Management Training Modules: USGS Science DataLifecyle[EB/OL].[2016-08-11]. https://oedbreeze.cr.usgs.gov/dm-sdl/.
[28] 黎建辉, 沈志宏, 孟小峰. 科学大数据管理: 概念、技术与系统[J]. 计算机研究与发展, 2017, 54(2): 235-247.
[29] MARK D W, MICHEL D, IJSBRAND J A, et al.Addendum: the FAIR guiding principles for scientific data management and stewardship[J]. Scientific data, 2019, 6(1).
[30] 李成赞, 张丽丽, 侯艳飞, 等. 科学大数据开放共享: 模式与机制[J]. 情报理论与实践, 2017, 40(11): 45-51.
[31] 李云婷, 温亮明, 张丽丽, 等. 科学数据共享系统的现状与趋势[J]. 农业大数据学报, 2019, 1(4): 86-97.
[32] 陈明奇, 黎建辉, 郑晓欢, 等. 科学大数据的发展态势及建议[J]. 中国教育信息化, 2016(21): 5-9.
[33] 程学旗, 靳小龙, 王元卓, 等. 大数据系统和分析技术综述[J]. 软件学报, 2014, 25(9): 1889-1908.
[34] 王秉, 吴超. 基于安全大数据的安全科学创新发展探讨[J]. 科技管理研究, 2017, 37(1): 37-43.
[35] 张丽丽, 黎建辉. 科研数据的开放: 进展、模式与新探索[J]. 大数据, 2016, 2(6): 25-33.
[36] 赵刚. 大数据[M]. 北京: 电子工业出版社, 2016.
[37] RACHEL K.Whitepaper: Practical challenges for researchers in data sharing: Review[J]. Learned publishing, 2018, 31(4): 417-419.
[38] 温亮明, 张丽丽, 黎建辉. 大数据时代科学数据共享伦理问题研究[J]. 情报资料工作, 2019, 40(2): 38-44.
[39] 苏震, 赵文彦. 基于区块链的智慧农业应用分析与设计[J]. 农业图书情报学报, 2020, 32(3): 44-53.
[40] 杨明, 丁龙, 许艳. 基于区块链的医疗数据云存储共享方案[J]. 南京信息工程大学学报(自然科学版), 2019, 11(5): 590-595.
[41] 丁伟, 王国成, 许爱东, 等. 能源区块链的关键技术及信息安全问题研究[J]. 中国电机工程学报, 2018, 38(4): 1026-1034, 1279.
[42] MASSIMILIANO A, ALESSANDRA D E B, DOUGLAS D J, et al. Security and trust in cloud application life-cycle management[J]. Future generation computer systems, 2020, 111: 934-936.
[43] 赵江华, 穆舒婷, 王学志, 等. 科学数据众包处理研究[J]. 计算机研究与发展, 2017, 54(2): 284-294.
[44] MARTIN L, JITKA K.Big and open linked data analytics ecosystem: Theoretical background and essential elements[J]. Government information quarterly, 2019, 36(1).
[45] 吴林, 吴超, 吴娥. 大数据视域下安全信息资源管理模式研究[J]. 科技管理研究, 2020, 40(9): 156-162.
[46] WANG B, WU C, HUANG L, et al.Using data-driven safety decision-making to realize smart safety management in the era of big data:A theoretical perspective on basic questions and their answers[J]. Journal of Cleaner Production, 2019, 201: 1595-1604
[47] ZHOU Q Y, SUN W Y, ZHANG H C.A new simple model trust-region method with generalized barzilai-borwein parameter for large-scale optimization[J]. Science China(mathematics), 2016, 59(11): 2265-2280.
[48] 蔡冉, 张晓兵. 零信任身份安全解决方案[J]. 信息技术与标准化, 2019(9): 46-49.
[49] MATT C.Software defined perimeter (SDP): Creating a new network perimeter[EB/OL]. Network world (online).[2020-05-20]. https://www.networkworld.com/article/3402258/software-defined-perimeter-sdp-creating-a-new-network-perimeter.html.
[50] MOUBAYED A, REFAEY A, SHAMI A.Software-defined perimeter (SDP): State of the art secure solution for modern networks[J]. IEEE network, 2019, 33(5): 226-233.