How to measure the security of different privacy computing technologies? For the first time, Wei Tao of Ant Group explained five types of security levels

On June 28, the “2022 Big Data Industry Summit” was held in Beijing. The forum brought together experts, scholars and industry professionals in the field of big data, and discussed the current status and trends of the current data element industry development. Wei Tao, Vice President and Chief Technology Security Officer of Ant Group, was invited to participate in the main forum and delivered a keynote speech on “Data Encryption Era: Development and Security”. Evaluating the security of privacy computing technologies of different technical categories plays a key role in the application of privacy computing technologies.

The “Big Data Industry Summit” has been held for 7 sessions, guided by the China Academy of Information and Communications Technology and the China Communications Standards Association, and hosted by the China Communications Standards Association Big Data Technology Standards Promotion Committee (CCSA TC601). An authoritative platform for industrial exchanges and cooperation.

Wei Tao believes that in 2022, no matter in terms of regulations, policy requirements or technological maturity, the entire data circulation field will bid farewell to the era of data plaintext and start a new journey in the era of data encryption. Privacy computing is a key technology for the safe flow of data in the era of data encryption. Under the current cross-network-based privacy computing model, many operations that directly compute plaintext data must be converted into tens of thousands of cross-network interactions, which brings a series of bottlenecks. Technologies in the era of data privacy need to meet the requirements of stability, performance, applicability, cost, and security.

How to compare the security of different privacy computing technologies is an emerging challenge globally. Current privacy computing technology security classification standards are often formulated for a single technical route. In application scenarios, it is difficult to cross and compare various technical routes with each other. In addition, private computing technologies continue to innovate, and existing security classification standards cannot perform security assessments on emerging private computing technologies, which limits the application and development of new technologies. Wei Tao believes that in different scenarios, when the cost of different orders of magnitude is paid in privacy computing, there should be corresponding benefits in all dimensions, and there should be a relatively common ruler to measure the security side. This plays a key role in the application of privacy computing technology.

Wei Tao said that Ant Group is currently trying to make some macro-level security classifications for the “data secret state” realized by privacy computing technology. According to the increasing degree of privacy computing security performance, the general security classification is divided into five categories, in order: Baseline protection level, audit traceability level, breadth protection level, in-depth inspection level, and safety certification level. It is hoped that privacy computing will be implemented from a propaganda slogan to a substantial security requirement.

“There is no absolute security for a product. The essence of the security measurement of a privacy computing system is to evaluate how much effort an attacker needs to make and how much uncertainty to overcome to break through a given security protection guarantee, resulting in the consequences or risks of information leakage.” In general, the five general security classifications reviewed by Ant Group comprehensively and accurately cover the different security level requirements that privacy computing systems should meet in reality, and can calibrate the security level of privacy computing systems across technical categories.

Wei Tao also said that the field of data circulation is about to start a new journey in the era of data encryption, which will be the coexistence of multiple technologies. The standard and evaluation of the general classification of privacy computing security will be the key cornerstone. It also requires the joint efforts of industry partners to continuously improve The overall level of the industry promotes the development of the data element industry.

Leifeng.com

This article is reprinted from: https://www.leiphone.com/category/industrynews/wMZ5CxZ7Vttrwku0.html
This site is for inclusion only, and the copyright belongs to the original author.

Leave a Comment