中图分类号： N949；F49
文献标识码： A
DOI： 10.20044/j.csdg.2097-1788.2022.01.011
引用格式： 李建，王昊，姜苈峰，等. 基于内生安全的数据共享信息系统架构研究[J].网络安全与数据治理，2022，41(1)：70-77.

Research of data sharing information system architecture based on endogenous security

Abstract： Based on the study of the stage law of the development of data sharing informatization in China and the changes of the corresponding architecture system, combined with the requirements of Chinese data governance regulations and standards system and the development status of PKS independent computing system, this paper studies the architecture design principles and implementation schemes of data without breaking away from data ownership and active immunity in the trusted and secure computing environment, including the underlying trusted basic software and hardware system, the active audit defense system with zero trust applied at the upper layer，as well as the data sharing construction idea, construction content and implementation path of "Data is dominated by data owners+Centralized operation and maintenance of trusted network’s routing switching dominated by the third party of data transaction". Finally, it points out the new risks and problems that may be faced in the future data sharing application scenarios, and puts forward some comprehensive suggestions on building a new generation of information architecture system that meets the legal requirements and the concept of endogenous security.

Key words : PKS system；data sharing；endogenous security；trusted computing；zero trust；system architecture