业务驱动的数据跨境风险机理研究

荣景峰; 陈思宇; 王艺洋; 牛俊; 刘徐杰; 周安顺; 付安民; 曹春杰; 张玉清

doi:10.11959/j.issn.1000-436x.2025105

您当前的位置：

首页 >

文章列表页 >

业务驱动的数据跨境风险机理研究

综述 | 更新时间：2025-07-04

- 业务驱动的数据跨境风险机理研究
- Business driven data cross border risk mechanism research
- 通信学报 2025年46卷第6期页码：251-269
- 作者机构：
  
  1.海南大学网络空间安全学院，海南海口 570228
  2.国家计算机网络入侵防范中心（中国科学院大学），北京 101408
  3.西安电子科技大学网络与信息安全学院，陕西西安 710126
  4.中国移动通信集团海南有限公司，海南海口 570311
  5.南京邮电大学信息与通信学院，江苏南京 210023
  6.中讯邮电咨询设计院有限公司，北京 100089
  7.南京理工大学计算机科学与技术学院，江苏南京 210023
- 作者简介：
  
  [ "荣景峰（1986- ），男，辽宁沈阳人，海南大学博士生，主要研究方向为数据安全、数据分级分类、数据跨境安全等。" ]
  [ "陈思宇（2000- ），男，四川成都人，海南大学硕士生，主要研究方向为数据安全、人工智能安全等。" ]
  [ "王艺洋（2001- ），男，湖北襄阳人，西安电子科技大学硕士生，主要研究方向为数据安全等。" ]
  [ "牛俊（1992- ），女，陕西西安人，博士，西安电子科技大学在站博士后，主要研究方向为人工智能安全等。" ]
  [ "刘徐杰（1982- ），男，广东普宁人，中国移动通信集团海南有限公司工程师，主要研究方向为网络安全渗透、APT攻击、数据安全跨境流动等。" ]
  [ "周安顺（1975- ），男，河南洛阳人，南京邮电大学博士生，中讯邮电咨询设计院有限公司正高级工程师，主要研究方向为网络安全等。" ]
  [ "付安民（1981- ），男，湖北通城人，博士，南京理工大学教授、博士生导师，主要研究方向为数据安全、密码学和隐私保护。" ]
  [ "曹春杰（1977- ），男，河北衡水人，博士，海南大学教授、博士生导师，主要研究方向为无线网络安全、区块链、人工智能安全等。" ]
  [ "张玉清（1966- ），男，陕西宝鸡人，博士，中国科学院大学教授、博士生导师，主要研究方向为网络与系统安全等。" ]
- 基金信息：
  
  国家重点研发计划基金资助项目(2023YFB3106400)
- DOI：10.11959/j.issn.1000-436x.2025105
  中图分类号： TP309.2
- 收稿日期：2024-10-27，
  
  修回日期：2025-03-31，
  
  纸质出版日期：2025-06-25
- 稿件说明：
移动端阅览
荣景峰,陈思宇,王艺洋等.业务驱动的数据跨境风险机理研究[J].通信学报,2025,46(06):251-269.

RONG Jingfeng,CHEN Siyu,WANG Yiyang,et al.Business driven data cross border risk mechanism research[J].Journal on Communications,2025,46(06):251-269.
荣景峰,陈思宇,王艺洋等.业务驱动的数据跨境风险机理研究[J].通信学报,2025,46(06):251-269. DOI： 10.11959/j.issn.1000-436x.2025105.

RONG Jingfeng,CHEN Siyu,WANG Yiyang,et al.Business driven data cross border risk mechanism research[J].Journal on Communications,2025,46(06):251-269. DOI： 10.11959/j.issn.1000-436x.2025105.

摘要

针对当前数据安全风险机理研究未能充分考虑跨境数据特有的风险形成原因及要素，难以全面揭示跨境数据风险的全貌与内在联系等问题。为此，提出了基于业务驱动的数据跨境风险机理研究。首先，应用Petri网抽象业务流程并收集过程资料数据。然后，基于过程资料数据抽取相关概念范畴并映射成演化网络叶子节点，同时依据风险因果理论构建风险演化网络。在此基础上，分析计算风险演化网络的相关系数，确定风险要素并系统阐释数据跨境风险机理的形成与演化过程。最后以调查问卷和历史数据分析方式验证分析结论，结果表明研究结论符合调研数据统计结果且与历史风险诱因高度契合。总体而言，所提研究可以为数据跨境风险量化评估提供理论支持，并为数据跨境风险应对提供决策依据。

Abstract

Existing research on data security risk mechanisms had not fully accounted for the unique formation causes and elements of cross-border data risks

limiting our understanding of their overall landscape and internal connections. In response

a business-driven approach was proposed to analyze cross-border data risk mechanisms. Firstly

Petri nets were emploied to abstract business processes and collect process data. Then

relevant conceptual categories were extracted and mapped to the leaf nodes of an evolving network. A risk evolution network was constructed based on risk causation theory

and its correlation coefficients were analyzed to identify key risk elements and elucidate the formation and evolution processes of cross-border data risks. Questionnaire surveys and historical data analysis validate the research findings

showing alignment with survey statistics and historical risk drivers. Overall

the proposed research offers theoretical support for the quantitative assessment of cross-border data risks and provides a decision-making basis for their management.

关键词

Keywords

references

GUO B N , WANG Y , ZHANG H , et al . Impact of the digital economy on high-quality urban economic development: evidence from Chinese cities [J ] . Economic Modelling , 2023 , 120 : 106194 .

孙雯倩 , 徐天辰 , 余佩厚 , 等 . 基于《个人信息保护法》的APP隐私政策合规性检测 [J ] . 计算机工程 , DOI: 10.19678/j.issn.1000-3428.0069804 http://dx.doi.org/10.19678/j.issn.1000-3428.0069804 .

SUN W Q , XU T C , YU P H , et al . Compliance testing of APP privacy policies based on personal information protection law [J ] . Computer Engineering , DOI: 10.19678/j.issn.1000-3428.0069804 http://dx.doi.org/10.19678/j.issn.1000-3428.0069804 .

张焕波 , 毛天羽 . 须高度重视美国《国际紧急经济权力法》 [C ] // 中国智库经济观察（2019） . 北京 : 社会科学文献出版社 , 2020 : 183 - 187 .

ZHANG H B , MAO T Y . Great importance must be attached to the international emergency economic powers act of the United States [C ] // China’s Think Tanks’ Prespective (2019) . Beijing : Social Sciences Academic Press (CHINA) , 2020 : 183 - 187 .

李卓卓 , 刘子轶 . 从分野到融合: 多学科视角下的数据跨境研究综述 [J ] . 情报杂志 , 2024 , 43 ( 12 ): 198 - 207 .

LI Z Z , LIU Z Y . From divergence to convergence: a review of cross-border data research from a multidisciplinary perspective [J ] . Journal of Intelligence , 2024 , 43 ( 12 ): 198 - 207 .

傅贵 , 陈奕燃 , 许素睿 , 等 . 事故致因“2-4” 模型的内涵解析及第6版的研究 [J ] . 中国安全科学学报 , 2022 , 32 ( 1 ): 12 - 19 .

FU G , CHEN Y R , XU S R , et al . Detailed explanations of 2-4 model and development of its 6 th version [J ] . China Safety Science Journal , 2022 , 32 ( 1 ): 12 - 19 .

徐拥军 , 王兴广 . 总体国家安全观下的跨境数据流动安全治理研究 [J ] . 图书情报知识 , 2023 , 40 ( 6 ): 20 - 30 .

XU Y J , WANG X G . Security governance of cross-border data flow under the holistic view of national security [J ] . Documentation , Information & Knowledge, 2023 , 40 ( 6 ): 20 - 30 .

来小鹏 , 马诗雅 . 我国商业数据跨境流动合规治理的问题与完善 [J ] . 行政管理改革 , 2024 ( 4 ): 43 - 53 .

LAI X P , MA S Y . Reform path of compliance governance of cross-border flow of commercial data in China [J ] . Administration Reform , 2024 ( 4 ): 43 - 53 .

吴晓明 , 初佳玉 , 付剑玫 . 企业数据跨境流动的风险防控研究 [J ] . 征信 , 2024 , 42 ( 4 ): 41 - 49 .

WU X M , CHU J Y , FU J M . Research on the risk prevention and control of cross-border flow of enterprise data [J ] . Credit Reference , 2024 , 42 ( 4 ): 41 - 49 .

刘益灯 , 宋歌 . DPF美欧数据跨境流动规则博弈及其镜鉴 [J ] . 世界经济研究 , 2024 ( 7 ): 29 - 42 .

LIU Y D , SONG G . The implications of cross-border data flow between the EU and the U.S. through data privacy framework [J ] . World Economy Studies , 2024 ( 7 ): 29 - 42 .

李金 , 徐姗 , 卓子寒 , 等 . 数据跨境流转的风险测度与分析: 基于数据出境统计信息的实证研究 [J ] . 管理世界 , 2023 , 39 ( 7 ): 180 - 201 .

LI J , XU S , ZHUO Z H , et al . Risk measurement and analysis for cross-border data flow: an empirical study based on statistics of outbound data [J ] . Journal of Management World , 2023 , 39 ( 7 ): 180 - 201 .

李金 , 张黎明 , 李建平 , 等 . 跨境数据传出机构的风险分类管控和影响因素分析 [J ] . 系统科学与数学 , 2022 , 42 ( 9 ): 2347 - 2366 .

LI J , ZHANG L M , LI J P , et al . Classified control and influencing factors for risks management in institutions with cross-border data flow [J ] . Journal of Systems Science and Mathematical Sciences , 2022 , 42 ( 9 ): 2347 - 2366 .

陈统 . 数据出境风险自评估机制的理解与适用 [J ] . 企业经济 , 2023 , 42 ( 4 ): 143 - 152 .

CHEN T . Understanding and application of self-assessment mechanism of data export risk [J ] . Enterprise Economy , 2023 , 42 ( 4 ): 143 - 152 .

PASCUAL H , ALAMO J M D , RODRIGUEZ D , et al . Hunter: tracing anycast communications to uncover cross-border personal data transfers [J ] . Computers & Security , 2024 , 141 : 103823 .

LI J , DONG W T , ZHANG C , et al . Development of a risk index for cross-border data movement [J ] . Data Science and Management , 2022 , 5 ( 3 ): 97 - 104 .

GUAMÁN D S , RODRIGUEZ D , ALAMO J M D , et al . Automated GDPR compliance assessment for cross-border personal data transfers in android applications [J ] . Computers & Security , 2023 , 130 : 103262 .

董克 , 吴佳纯 , 马廷灿 . 我国数据出境安全风险要素体系研究 [J ] . 情报理论与实践 , 2024 , 47 ( 6 ): 49 - 59 .

DONG K , WU J C , MA T C . Research of outbound data transfer security risk element system in China [J ] . Information Studies (Theory & Application) , 2024 , 47 ( 6 ): 49 - 59 .

MINIADOU K , LEONIDIS A , PAPADOPOULOS G T , et al . Encrypted biometric search: a deep learning approach to scalable and secure cross-border data exchange [C ] // Proceedings of the 2024 IEEE International Conference on Big Data (BigData) . Piscataway : IEEE Press , 2024 : 2794 - 2800 .

ZHANG C , LIU Y , XU M D , et al . Trans-border trusted data spaces: a general framework supporting trustworthy international data circulation [J ] . IEEE Access , 2025 , 13 : 30481 - 30496 .

KULKARNI M S , NAIK H L , BHARATHI S V . Textual analysis of privacy policies to understand the effect of GDPR [C ] // Proceedings of the 2023 2nd International Conference on Futuristic Technologies (INCOFT) . Piscataway : IEEE Press , 2023 : 1 - 5 .

HUANG X L , XIN C S , JI H J , et al . Cross-border data security risk analysis and development suggestions of the protection technologies for intelligent connected vehicles [C ] // Proceedings of the 2024 5th International Conference on Information Science, Parallel and Distributed Systems (ISPDS) . Piscataway : IEEE Press , 2024 : 257 - 262 .

ZHUANG Z X , LEE X D , WEI J Q , et al . CBCMS: a compliance management system for cross-border data transfer [C ] // Proceedings of the 2024 IEEE International Conference on Big Data (BigData) . Piscataway : IEEE Press , 2024 : 4789 - 4798 .

张璐 . 个人信息保护风险规范的建构机理与实现路径 [J ] . 江西财经大学学报 , 2022 ( 3 ): 126 - 136 .

ZHANG L . The construction mechanism and realization path of risk specifications for personal information protection [J ] . Journal of Jiangxi University of Finance and Economics , 2022 ( 3 ): 126 - 136 .

陈朝兵 , 吴钟灿 . 政府数据开放中隐私风险的形成: 一个理论分析框架 [J ] . 内蒙古社会科学 , 2023 , 44 ( 2 ): 38 - 46 .

CHEN C B , WU Z C . Formation of privacy risk in government data opening: a theoretical analysis framework [J ] . Inner Mongolia Social Sciences , 2023 , 44 ( 2 ): 38 - 46 .

王向明 , 王炳涵 . “ 数据要素×”助力新质生产力形成的作用机理与风险防范 [J ] . 河南社会科学 , 2024 , 32 ( 7 ): 10 - 21 .

WANG X M , WANG B H . The mechanism and risk prevention of “data elements ×” promoting the formation of new quality productive forces [J ] . Henan Social Sciences , 2024 , 32 ( 7 ): 10 - 21 .

石江瀚 , 佟泽华 , 孙晓彬 , 等 . 科研大数据风险传导的机理研究 [J ] . 情报理论与实践 , 2022 , 45 ( 4 ): 17 - 26 .

SHI J H , TONG Z H , SUN X B , et al . Mechanism on risk conduction for scientific research big data [J ] . Information Studies (Theory & Application) , 2022 , 45 ( 4 ): 17 - 26 .

WAIRIMU S , IWAYA L H , FRITSCH L , et al . On the evaluation of privacy impact assessment and privacy risk assessment methodologies: a systematic literature review [J ] . IEEE Access , 2024 , 12 : 19625 - 19650 .

HUSSAINI S S , RAHARJO B . Comprehensive risk evaluation model for data center security risk assessment [C ] // Proceedings of the 2024 10th International Conference on Wireless and Telematics (ICWT) . Piscataway : IEEE Press , 2024 : 1 - 6 .

FANG Z , ZHANG K , DIAO Y G , et al . Risk assessment based on dataflow dynamic hypergraph for cross-border data transfer [C ] // Proceedings of the 2024 IEEE 23rd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom) . Piscataway : IEEE Press , 2024 : 2504 - 2509 .

JIAO Z S , JIA W B , WANG H J , et al . Research on data security risk assessment methods for automobile enterprises [C ] // Proceedings of the 2024 4th International Conference on Big Data, Artificial Intelligence and Risk Management . New York : ACM Press , 2024 : 1020 - 1024 .

JIN M . Research on building of scientific data security risk governance capability maturity model [C ] // Proceedings of the 2023 3rd International Conference on Big Data, Artificial Intelligence and Risk Management . New York : ACM Press , 2023 : 773 - 780 .

梁燕 , 文泽鹏 , 刘丽 , 等 . 基于本体的动态业务流程建模方法 [J ] . 计算机仿真 , 2022 , 39 ( 11 ): 350 - 354 .

LIANG Y , WEN Z P , LIU L , et al . A dynamic business process modeling method based on ontology [J ] . Computer Simulation , 2022 , 39 ( 11 ): 350 - 354 .

COOK J E , WOLF A L . Automating process discovery through event-data analysis [C ] // Proceedings of the 1955 17th International Conference on Software Engineering . Piscataway : IEEE Press , 1995 : 73 - 82 .

吴肃然 , 李名荟 . 扎根理论的历史与逻辑 [J ] . 社会学研究 , 2020 , 35 ( 2 ): 75 - 98 .

WU S R , LI M H . Grounded theory:history and logic [J ] . Sociological Studies , 2020 , 35 ( 2 ): 75 - 98 .

EVANS G L . A novice researcher’s first walk through the maze of grounded theory: rationalization for classical grounded theory [J ] . Grounded Theory Review , 2013 , 22 ( 1 ): 145 - 163 .

SUDDABY R . From the editors: what grounded theory is not [J ] . Academy of Management Journal , 2006 , 49 ( 4 ): 633 - 642 .

付玮琼 . 核心企业主导的供应链金融模式风险机理研究 [J ] . 企业经济 , 2020 , 39 ( 1 ): 136 - 143 .

FU W Q . Research on the risk mechanism of supply chain finance model led by core enterprises [J ] . Enterprise Economy , 2020 , 39 ( 1 ): 136 - 143 .

杨海珍 , 程相娟 , 李妍 , 等 . 系统性金融风险关键成因及其演化机理分析: 基于文献挖掘法 [J ] . 管理评论 , 2020 , 32 ( 2 ): 18 - 28 .

YANG H Z , CHENG X J , LI Y , et al . An analysis of the key causes and evolution mechanism of systemic financial risk: based on literature mining method [J ] . Management Review , 2020 , 32 ( 2 ): 18 - 28 .

李晓英 , 陈维政 . 供应链风险形成机理研究 [J ] . 中国流通经济 , 2003 , 17 ( 9 ): 10 - 13 .

LI X Y , CHEN W Z . A study on mechanism of the formation of supply chain risks [J ] . China Business and Market , 2003 , 17 ( 9 ): 10 - 13 .

叶琼元 , 夏一雪 , 窦云莲 , 等 . 面向突发公共卫生事件的网络舆情风险演化机理研究 [J ] . 情报杂志 , 2020 , 39 ( 10 ): 100 - 106 .

YE Q Y , XIA Y X , DOU Y L , et al . On the evolution mechanism of online public opinion risk for public health emergent events [J ] . Journal of Intelligence , 2020 , 39 ( 10 ): 100 - 106 .

黄国桥 , 徐永胜 . 地方政府性债务风险的传导机制与生成机理分析 [J ] . 财政研究 , 2011 ( 9 ): 2 - 5 .

HUANG G Q , XU Y S . Analysis on the transmission mechanism and generation mechanism of local government debt risk [J ] . Public Finance Research , 2011 ( 9 ): 2 - 5 .

PASCARELLA G , ROSSI M , MONTELLA E , et al . Risk analysis in healthcare organizations: methodological framework and critical variables [J ] . Risk Management and Healthcare Policy , 2021 , 14 : 2897 - 2911 .

RAWSON A , BRITO M . A survey of the opportunities and challenges of supervised machine learning in maritime risk analysis [J ] . Transport Reviews , 2023 , 43 ( 1 ): 108 - 130 .

AYDIN M C , BIRINCIOĞLU E S . Flood risk analysis using gis-based analytical hierarchy process: a case study of Bitlis province [J ] . Applied Water Science , 2022 , 12 ( 6 ): 122 .

ETEMADINIA H , TAVAKOLAN M . Using a hybrid system dynamics and interpretive structural modeling for risk analysis of design phase of the construction projects [J ] . International Journal of Construction Management , 2021 , 21 ( 1 ): 93 - 112 .

ZHANG Y , ZOU Y J , SELPI , et al . Spatiotemporal interaction pattern recognition and risk evolution analysis during lane changes [J ] . IEEE Transactions on Intelligent Transportation Systems , 2023 , 24 ( 6 ): 6663 - 6673 .

WANG J , ZHANG K , LI J Y . Network awareness of security situation information security measurement method based on data mining [J ] . Journal of Intelligent & Fuzzy Systems , 2024 , 46 ( 1 ): 209 - 219 .

马冬青 , 崔涛 . 基于TOPSIS和GRA的信息安全风险评估 [J ] . 信息安全研究 , 2024 , 10 ( 5 ): 474 - 480 .

MA D Q , CUI T . Information security risk assessment based on TOPSIS and GRA [J ] . Journal of Information Security Research , 2024 , 10 ( 5 ): 474 - 480 .

ZHANG J C , ZHENG J , ZHANG Z , et al . ATT&CK-based advanced persistent threat attacks risk propagation assessment model for zero trust networks [J ] . Computer Networks , 2024 , 245 : 110376 .

马梓刚 , 麻荣宽 , 李贝贝 , 等 . SSPN-RA: 基于SS-petri网的工业控制系统安全一体化风险评估方法 [J ] . 计算机科学 , 2024 , 51 ( 10 ): 380 - 390 .

MA Z G , MA R K , LI B B , et al . SSPN-RA: security integration risk assessment method for ICS based on SS-petri net [J ] . Computer Science , 2024 , 51 ( 10 ): 380 - 390 .

CHEN X H , ZHANG K S , CHEN B J , et al . Research on evaluation techniques for security threat levels of critical information assets in power grids [C ] // Proceedings of the 2025 IEEE 8th Information Technology and Mechatronics Engineering Conference (ITOEC) . Piscataway : IEEE Press , 2025 : 828 - 833 .

耿文莉 , 高梦瑜 . 基于灰色神经网络的云平台大数据安全风险评估 [J ] . 科学技术与工程 , 2021 , 21 ( 28 ): 11932 - 11937 .

GENG W L , GAO M Y . Security risk assessment of big data on cloud platform based on grey neural network [J ] . Science Technology and Engineering , 2021 , 21 ( 28 ): 11932 - 11937 .

CAO Z Y . Research on the application of building engineering informatization and security management based on BIM technology [C ] // Smart Infrastructures in the IoT Era . Berlin : Springer , 2025 : 495 - 511 .

邓汉年 , 周杰 , 杨波 , 等 . 基于随机Petri网的民机审定试飞实施流程建模与分析 [J ] . 计算机科学 , 2024 , 51 ( S1 ): 1075 - 1080 .

DENG H N , ZHOU J , YANG B , et al . Modeling and analysis of the implementation process of civil aircraft approval flight test based on stochastic Petri net [J ] . Computer Science , 2024 , 51 ( S1 ): 1075 - 1080 .

来小鹏 , 郭子訸 . 金融数据跨境流动的法律风险量化分析与规制建议 [J ] . 金融监管研究 , 2024 ( 4 ): 1 - 19 .

LAI X P , GUO Z H . Quantitative analysis and regulatory recommendations on the legal risks of cross-border financial data flows [J ] . Financial Regulation Research , 2024 ( 4 ): 1 - 19 .

姚可欣 , 付长军 , 郑伟明 , 等 . 基于着色Petri网的离散事件动态系统建模与仿真 [J ] . 新型工业化 , 2021 , 11 ( 9 ): 101 - 104 .

YAO K X , FU C J , ZHENG W M , et al . Modeling and simulation of discrete event dynamic systems based on colored Petri nets [J ] . The Journal of New Industrialization , 2021 , 11 ( 9 ): 101 - 104 .

FORRESTER J W . Industrial dynamics [J ] . Journal of the Operational Research Society , 1997 , 48 ( 10 ): 1037 - 1041 .

秦雅琴 , 董帅 , 谢济铭 , 等 . 基于行车风险场的高速公路交织区车辆轨迹预测方法 [J ] . 汽车安全与节能学报 , 2024 , 15 ( 6 ): 952 - 961 .

QIN Y Q , DONG S , XIE J M , et al . Methods for predicting vehicle trajectories in motorway weaving zones based on driving risk fields [J ] . Journal of Automotive Safety and Energy , 2024 , 15 ( 6 ): 952 - 961 .

LIU H , SHEN D , DABIĆ M , et al . A novel methodology for risk assessment considering risk higher order interactions and propagation effects [J ] . IEEE Transactions on Engineering Management , 2025 , 72 : 907 - 924 .

WANG X F , WANG T , ZHOU X , et al . Research on strategic risk identification method of equipment system development based on system dynamics [J ] . Journal of Systems Engineering and Electronics , 2023 , 34 ( 5 ): 1225 - 1234 .

LIU D , WANG K , DAI F X , et al . Network analysis on key causes of chemical accidents considering structural characteristics [J ] . Journal of Safety Science and Technology , 2021 , 17 ( 7 ): 71 - 76 .

GARVEY M D , CARNOVALE S , YENIYURT S . An analytical framework for supply network risk propagation: a Bayesian network approach [J ] . European Journal of Operational Research , 2015 , 243 ( 2 ): 618 - 627 .

HUANG W C , SHUAI B , ZHANG R , et al . A new system risk definition and system risk analysis approach based on improved risk field [J ] . IEEE Transactions on Reliability , 2020 , 69 ( 4 ): 1437 - 1452 .

浏览量

下载量

CSCD

文章被引用时，请邮件提醒。

提交

工具集

关联资源

面向数据跨域安全流通的访问控制研究综述

无人系统中离线强化学习的隐蔽数据投毒攻击方法

基于DSMM的数据分类分级探索与实践

基于多级代理许可区块链的联邦边缘学习模型

面向云存储的数据加密系统与技术研究