Data Masking

Concept

Data involved in any data-masking or obfuscation must remain meaningful at several levels:

• The data must remain meaningful for the application logic.
• The data must undergo enough changes so that it is not obvious that the masked data is from a source of production data.

Keyword

• PII: Personally Identifiable Information.
• EI: explicit identifiers.
• QI: Quasi-identifiers.
• SD: Sensitive data.
• NSD: Nonsensitive data.

Algorithm

• Randomization
• Generalization
• K-Anonimization
• L-Diversity
• T-Closeness

Static data masking (SDM)

data at rest.

Dynamic data masking (DDM)

data in transit.

Techniques

• Substitution

• Shuffling

• Number and date variance

• Encryption

• Nulling out or deletion

• Masking out

• Additional complex rules

Other

• Management
• Rule
• Audit

Links

• Data masking
• Static Versus Dynamic Data Masking
• 美团数据仓库-数据脱敏
• 大数据与数据脱敏
• Data privacy、Principle and Practices精简（一）
• Data privacy、Principle and Practices精简（二）
• k-anonimity、l-diversity 和 t-closeness

---

• Author：HyperJ
• Source：HyperJ’s Blog
• Link：Data Masking