© 2016 ACM. Recent years have seen an exponential growth of the collection and processing of data from heterogeneous sources for a variety of purposes. Several methods and techniques have been proposed to transform and fuse data into \useful" information. However, the security aspects concerning the fusion of sensitive data are often overlooked. This paper investigates the problem of data fusion and derived data control. In particular, we identify the requirements for regulating the fusion process and eliciting restrictions on the access and usage of derived data. Based on these requirements, we propose an attribute-based policy framework to control the fusion of data from di erent information sources and under the control of di erent authorities. The framework comprises two types of policies: access control policies, which define the authorizations governing the resources used in the fusion process, and fusion policies, which define constraints on allowed fusion processes. We also discuss how such policies can be obtained for derived data.
Original languageEnglish
Title of host publicationABAC 2016 - Proceedings of the 2016 ACM International Workshop on Attribute Based Access Control, co-located with CODASPY 2016
Number of pages11
StatePublished - 11 Mar 2016

    Research areas

  • Access control, Data fusion, Usage control

ID: 32864578