| The data middle office(DMO)is a new generation of data management platform developed after the data warehouse,data lake,and big data platform.It is used to support large-scale multi-party business collaboration,data governance and shared use within a large group or between enterprises that are highly correlated.Existing DMO’s architecture,data authentication,data provenance and related technologies are confronted with two key security problems: weak trust in business models and zero trust in technical architectures.On the one hand,in order to accelerate digital transformation,organizations are willing to share data and build unified data services.However,they are concerned about whether the data provided by them would be used illegally,and whether the data provided by the other party would be authentic,valid,or already tampered with.The weak trust of this business model makes it difficult for the DMO to fully release the value of data.On the other hand,the DMO is characterized by the large-scale multi-party data aggregation and the deep coupling with the business.Data theft or tampering in the DMO will lead to catastrophic consequences.Therefore,to establish the technical architecture of the DMO,it is necessary to perform independent and repeat verification on all distributed interface calls.The zero trust in technical architecture has greatly increased the technical complexity of the DMO,and significantly reduced operating efficiency.The blockchain technology outstands with many advantages.It can build a multi-party trust relationship through the consensus mechanism,the data on the chain cannot be tampered with through the distributed ledger,and the logical structure of the code on the chain makes behavior and data inseparable.Therefore,this paper proposes a blockchain-based data middle office(BC-DMO)architecture.Furthermore,this paper puts forward BC-DMO-oriented subject-object authentication,data provenance,abnormal behavior detection,and data privacy protection methods to provide a “1+4” DMO security solution.The proposed architecture and relative methods can effectively solve the problems of weak trust in the business model and zero trust in the technical architecture in the DMO.The main work and contributions of this paper are as follows:(1)Two BC-DMO subject-object authentication methods which are based on multi-dimensional label based dual control model and smart contract are proposed respectively.First of all,a dual control model is proposed to solve the security problem of difficult identity authentication caused by the dynamic change of subject and object.The model conducts subject-object authentication based on multi-dimensional tags,and realizes the first level of control over object access and circulation.At the same time,it uses machine learning methods,combined with domain knowledge,to train automatic tag identifiers to automatically tag objects.By comparing the subject identification label with the label automatically identified by the machine,the model achieves the second level of control over object access and circulation.Secondly,aiming at the problem of difficult access control caused by data replication and flow in a distributed environment,a generation algorithm of smart contracts and Hash chains is proposed.Through the generated smart contract and Hash chain,the total number of times that the subject can access the object within a specific time range is limited,thereby achieving fine-grained control of object access rights in a distributed environment.The experimental results show that the throughput of the subject-object authentication algorithm can reach 2000 entries per second.The recall rate and accuracy rate of the tag identification algorithm are 89.3% and 93.75%,respectively,which demonstrates effective control over the access time and number of visits of objects.(2)To address the problem of data transaction provenance in BC-DMO,a process mining-based method with three steps is proposed.Firstly,since the blockchain data transaction log cannot be applied to existing process mining algorithms directly,a transaction log content extraction framework is proposed.The framework converts blockchain transaction logs through element extraction,content verification,and log generation.Algorithms of process mining can then be employed to implement the provenance of data transaction.Secondly,a parallel genetic process mining algorithm based on GPU is proposed to solve the problem that traditional process mining algorithms cannot deal with the massive log data in BC-DMO efficiently.This algorithm puts forward a causal matrix chromosome encoding method.It can effectively establish the genetic representation of the causal matrix on the GPU by using three arrays to encode content,identification and position,respectively.However,genetic process mining algorithms often fall into local optimum during the evolution process,and therefore they are difficult to mine process models with high-quality.To solve this problem,a random search-based process Miner(PSOMiner)is proposed.A new fitness function is proposed considering the completeness,precision and simplicity of the process model.Based on the causality matrix,an iterative search operator for the process model is designed by using the evolutionary calculation method.When the search evolution of the process model falls into premature maturity,the point-to-local mutation strategy is used to jump out of the local optimum.Experimental results demonstrate that this method can realize process mining on transaction log of blockchain data.Compared with CPU-based genetic process mining algorithms,this method has obvious advantages in solution accuracy and convergence speed,achieving speedup ratios of 36.4 and 47.2 respectively on the two experimental event logs.Compared with three existing classic process mining algorithms,the PSOMiner algorithm has strong search ability and fast convergence speed.(3)A BC-DMO abnormal behavior detection method based on time series classification is proposed.Since BC-DMO gathers large-scale multi-party data and is extremely easy to become the target of cyber-attacks,an abnormal behavior detection algorithm based on time series classification is proposed.The algorithm selects shapelets with strong classification ability and differences through random sampling and utility evaluation.Then,a random shapelet forest classifier is built to detect abnormal behavior in BC-DMO data access.The RSFID algorithm is verified on UNIT and KDD CUP 99 data sets.The effectiveness of the RSFID algorithm is proved by test results.(4)BC-DMO data privacy protection method based on zero-knowledge proof is proposed.To better deal with the privacy issues existed when transactions are completed in BC-DMO,based on the Paillier encryption algorithm,a blockchain privacy protection algorithm that can both encrypt transaction data and support zero-knowledge proof is proposed.Firstly,the ciphertext after the transaction and the evidence required in the zero-knowledge proof process are generated on the application side.Then the legality of the transaction result is verified on the smart contract side using the evidence.The results show that,tested with 64-bit transaction data,the method can not only protect the privacy of users when completing transactions in the blockchain,but also realize the key generation and encryption and decryption with millisecond-level time consumption. |
