CN-121984780-A - Data privacy protection protocol analysis method, device and system based on dynamic rules

Abstract

The application relates to the technical field of information security, discloses a data privacy protection protocol analysis method, device and system based on dynamic rules, and aims to solve the problems of static solidification, insufficient rule dynamic perception and limited protocol compliance assessment of the existing privacy protection strategy. The method, the device and the system are characterized in that the protocol is modeled formally, privacy protection rules are dynamically acquired and converted, the model is checked based on the rules, and the model is automatically corrected when the model is not compliant and converted into instruction deployment. Through the scheme, the dynamic continuous intelligent control of the protocol is realized, and the privacy security guarantee and the compliance agility are obviously improved.

Inventors

• QIAN JIAWEI
• LIN BINGZHENG
• LIU YOUCHENG
• ZHANG MENGTING
• LI LINGFEI
• Hua Tianrong
• CHEN SILU
• LI JIANING
• WANG DAN

Assignees

• 上海立信会计金融学院

Dates

Publication Date

20260505

Application Date

20260317

Claims (6)

1. 1. The data privacy protection protocol analysis method based on the dynamic rule is characterized by comprising the following steps of: Acquiring a data privacy protection protocol to be analyzed, and converting the data privacy protection protocol into a predefined machine-readable protocol formalization model through a protocol formalization unit (100), wherein the protocol formalization model is a tagged Petri network model, a library (P) of the model represents the privacy state of a data object, transitions (T) represent privacy protection operation primitives acting on the data object, a token (M) represents a data instance to be processed, and each transition (T) is given a tag recorded with technical parameters required for executing the operation; dynamically acquiring privacy protection rules from a plurality of heterogeneous information sources including a regulation information release server, a threat information sharing platform and an internal service management system through a dynamic rule uptake and modeling unit (200), and uniformly converting the privacy protection rules into formal rule expressions capable of carrying out logical reasoning; performing, by a protocol analysis unit (300), a model verification analysis on the protocol formalized model based on the formalized rule expression to determine whether the data privacy protection protocol complies with all current dynamic privacy protection rules, the model verification analysis including generating a compliance analysis report containing a non-compliant execution path as an counterexample when the path is found; Under the condition that the model checking analysis judges that the data privacy protection protocol does not accord with at least one privacy protection rule, automatically carrying out adaptive modification on the protocol formal model by a protocol adaptive synthesis unit (400) according to the counterexample indicated in the compliance analysis report so as to generate a modified and compliant protocol formal model; and converting the corrected and verified compliance protocol formalized model into a specific instruction set which can be executed in the target data processing execution environment (30) through an execution environment dispatching unit (500), and deploying and executing, thereby completing the dynamic analysis and self-adaptive adjustment closed loop of the data privacy protection protocol.
2. 2. The method according to claim 1, wherein the step of dynamically obtaining privacy preserving rules and converting the privacy preserving rules into a unified formalized rule expression comprises: Periodically polling and pulling legal regulation term updates published in a structured XML format capable of characterizing jurisdictions, applicable data types, and processing behavior restrictions through a regulation compliance interface (210) configured within the dynamic rule ingestion and modeling unit (200); the threat information interface (220) is configured in the dynamic rule ingestion and modeling unit (200), is connected to a threat information sharing platform as a client conforming to TAXII protocol, and receives and analyzes novel attack vectors or vulnerability information which is issued in a STIX object format and aims at a specific privacy protection technology; And analyzing and formalizing the heterogeneous rule information received through the interfaces, uniformly converting the heterogeneous rule information into a computation tree logic CTL or a linear sequential logic LTL formula, and storing the computation tree logic CTL or the linear sequential logic LTL formula in a rule knowledge base.
3. 3. The method according to claim 1, wherein the step of converting the data privacy preserving protocol into a protocol formalization model, in particular comprises: Receiving a protocol definition text written in a privacy protocol description language PPDL, wherein the PPDL is provided with a grammar structure for defining data object states, privacy protection operation primitives, role rights and flow control logic; And mapping the static structure and the dynamic behavior of the protocol into the tagged Petri network model, wherein each privacy state defined in the protocol is mapped into a library (P), each privacy protection operation primitive is mapped into a transition (T), arcs connecting the library (P) and the transition (T) represent data flow and state transition paths, and all technical parameters required for executing the operation primitive are recorded in detail in the tag endowed with each transition (T) in the form of key value pairs, and the technical parameters comprise but are not limited to K value in K anonymization processing, budget epsilon value in differential privacy noise disturbance, or algorithm type and key length adopted by encryption operation.
4. 4. The method according to claim 1, wherein the step of performing a model verification analysis on the protocol formalized model comprises: expanding the input Petri network model with the tag to construct an reachable state diagram which completely describes all possible execution paths and state evolution of the protocol; for each LTL or CTL formalized rule expression phi in the rule knowledge base, converting its negative form ¬ phi into an equivalent non-deterministic Buch automaton NBA capable of accepting all execution paths violating the original rule phi; And searching for an acceptable running path consisting of an accepted state which can be accessed infinitely in the product automaton, if so, judging that a counterexample which violates the original rule phi is found, and recording the path as a non-compliance certificate in the compliance analysis report.
5. 5. The method of claim 1 or 4, wherein the step of automatically adapting the protocol formalization model comprises selectively performing according to a predetermined multi-level restoration strategy and according to the type of violation revealed in the counterexample: A first level of strategy, parameterized adjustment, in which when the counterexample indicates that the violation is caused by improper operation parameters, the counterexample path is analyzed, the counterexample path is positioned to the transition (T) causing the violation, and the technical parameter values recorded in the labels are directly modified so as to meet the requirement of the formalized rule expression; The method comprises the steps of a first level policy, an operation primitive replacement, a third level policy and a protocol flow reconstruction, wherein when a counterexample indicates that a violation is caused by a defect or inapplicability of a used privacy protection operation primitive, a privacy enhancement technology primitive library which is internally maintained and stores a large number of formal descriptions of the privacy protection operation primitive is queried, a functionally equivalent but technically compliant replacement primitive is searched, a non-compliant transition (T) part in an original model is replaced by a Petri network structure of the replacement primitive, and the protocol flow reconstruction comprises the steps of converting a protocol repair problem into a constraint satisfaction problem when the counterexample indicates that the violation is caused by a protocol structural defect, inputting a protocol function target, a data availability index and a current all-formal rule expression into an integrated satisfaction module theory SMT solver as constraint conditions, and searching in a predefined protocol operation primitive collection space by the solver to generate a protocol flow structure which meets all the constraint conditions and has new adding and deleting or rearranging steps.
6. 6. The method according to claim 1, wherein the step of converting the compliance protocol formalized model into a specific instruction set and deploying for execution, specifically comprises: In the execution environment scheduling unit (500), selecting a corresponding adapter from an adapter library containing a plurality of special adapters according to the type of the target data processing execution environment (30) to be deployed; Translating, by the selected adapter, the final compliant tagged Petri net model into a target environment specific executable artifact, wherein: If the target environment is a relational database, translating the target environment into a group of ordered SQL DML and DDL sentences or a stored process; if the target environment is a distributed computing platform, translating the target environment into a job configuration file and a driver script for APACHE SPARK or a Flink platform; If the target environment is a Trusted Execution Environment (TEE), compiling a secure computing portion of the protocol into code executing within the hardware isolation region and generating a corresponding policy signature file, and automatically deploying the generated executable artifacts into the target data processing execution environment (30) for operation through a corresponding API or deployment tool chain.

Description

Data privacy protection protocol analysis method, device and system based on dynamic rules Technical Field The invention belongs to the technical field of information security, and particularly relates to a data privacy protection protocol analysis method, device and system based on dynamic rules. Background In the digital economic era, data is a core production element, and its flow and fusion are driving a new technological revolution and industrial revolution. The generation, aggregation and application of massive data make privacy protection of personal information and sensitive data increasingly prominent while promoting huge commercial value and social benefit. In order to cope with privacy disclosure risks and meet global compliance requirements, various data privacy protection technologies are induced in the field of information security, and the core objective is to balance data availability and privacy security and ensure the safety and controllability of the whole life cycle of data. In the prior art system, one type of mainstream scheme focuses on the desensitization processing of the data itself. For example, in chinese patent with publication number CN110443068B, by performing merging, grouping, decomposing and other structuring operations on the original data table carrying sensitive information, multiple anonymized data tables are generated, so as to solve the problem of protecting multiple privacy attributes in the scene of multiple data tables. According to the method, the risk of re-identifying the individual by an attacker through association analysis is reduced by disturbing the data association relationship, and under a static data release scene, the privacy protection intensity and the processing efficiency can be effectively improved by relying on a preset k-anonymity or l-diversity model, so that the data sharing requirement at the time is met. Another type of technical path focuses on the isolation and protection of data processing, typically represented by the privacy preserving machine learning system disclosed in China patent publication No. CN 109416721B. The system introduces a Trusted Execution Environment (TEE) and a data careless access mechanism, builds a hardware-level secure "enclave" isolated from the main operating system, and all sensitive data computations are completed therein. Even in an unreliable cloud or multiparty collaboration environment, confidentiality and integrity of data calculation can be guaranteed, bypass attack is resisted, center of gravity protection is changed from static desensitization to dynamic calculation safety, and strong support is provided for privacy protection in complex calculation tasks. However, as the application scenario evolves to fields of high dynamic property, strong interactivity and long period, such as real-time data flow analysis of internet of things, financial dynamic wind control, federal continuous learning and the like, the two technologies gradually show limitations. The core reason is that privacy risk is a dynamic variable related to data context, time, user behavior, and external threat intelligence, rather than a static predefinable problem. The scheme based on data table structure transformation is essentially a "static snapshot" protection paradigm, and privacy protection rules are solidified once set, and lack the ability to perceive and respond to changes in the data environment. When privacy requirements are updated along with the context, such as non-sensitive data becomes sensitive information due to association with other data sources, the system cannot adaptively adjust a protection strategy, a 'barrel effect' exists in the protection effect, and the overall safety is limited by weak links of preset rules. While the scheme based on the trusted execution environment can provide strong process level security, the key is to ensure the execution security of the computing protocol, rather than evaluate whether the protocol itself is adapted to the current risk level. The security protection box is like an irrevocable safe box, can protect the operation confidentiality in the box, but cannot judge whether the placed privacy policy matches with external threats, and gives policy making and adjusting responsibility to an external system or a person, and when facing to the threat of rapid change, the security vulnerability easily appears due to response lag. This state of the art reveals fundamental challenges in that the prior art either implements static, context-free data protection or provides protocol-independent computational process isolation, with a lack of "intelligent intermediate layers" between them that enable protocol-level dynamic analysis and adaptive tuning. The current privacy protection system generally lacks an endophytic mechanism, and cannot continuously analyze the effectiveness of a privacy protection protocol and drive policy optimization according to new regulations, real-time threats and