As the volume of stored data continues to grow, identifying and protecting sensitive information within large repositories becomes increasingly challenging, especially when shared with multiple users with different roles and permissions. This work presents a system architecture for trusted data sharing with policy-driven access control, enabling selective protection of sensitive regions while maintaining scalability. The proposed architecture integrates four core modules that combine automated detection of sensitive regions, post-correction, key management, and access control. Sensitive regions are secured using a hybrid scheme that employs symmetric encryption for efficiency and Attribute-Based Encryption for policy enforcement. The system supports efficient key distribution and isolates key storage to strengthen overall security. To demonstrate its applicability, we evaluate the system on visual datasets, where Privacy-Sensitive Objects in images are automatically detected, reassessed, and selectively encrypted prior to sharing in a data repository. Experimental results show that our system provides effective PSO detection, increases macro-averaged F1 score (5%) and mean Average Precision (10%), and maintains an average policy-enforced decryption time of less than 1 second per image. These results demonstrate the effectiveness, efficiency and scalability of our proposed solution for fine-grained access control.

翻译：随着存储数据量的持续增长，在大规模存储库中识别和保护敏感信息变得日益困难，尤其是在与具有不同角色和权限的多个用户共享数据时。本文提出了一种支持可信数据共享的系统架构，该架构采用基于策略的访问控制，能够在保持可扩展性的同时实现对敏感区域的选择性保护。所提出的架构集成了四个核心模块，结合了敏感区域的自动检测、后校正、密钥管理和访问控制。敏感区域采用混合方案进行保护，该方案结合了对称加密的高效性和基于属性的加密的策略执行能力。系统支持高效的密钥分发，并通过隔离密钥存储来增强整体安全性。为验证其适用性，我们在视觉数据集上对该系统进行评估，其中图像中的隐私敏感对象在数据存储库共享前被自动检测、重新评估并选择性加密。实验结果表明，我们的系统能有效检测PSO，将宏平均F1分数提高了5%，平均精度均值提高了10%，并保持每幅图像的平均策略执行解密时间低于1秒。这些结果证明了我们提出的细粒度访问控制解决方案的有效性、高效性和可扩展性。