As the volume of stored data continues to grow, identifying and protecting sensitive information within large repositories becomes increasingly challenging, especially when shared with multiple users with different roles and permissions. This work presents a system architecture for trusted data sharing with policy-driven access control, enabling selective protection of sensitive regions while maintaining scalability. The proposed architecture integrates four core modules that combine automated detection of sensitive regions, post-correction, key management, and access control. Sensitive regions are secured using a hybrid scheme that employs symmetric encryption for efficiency and Attribute-Based Encryption for policy enforcement. The system supports efficient key distribution and isolates key storage to strengthen overall security. To demonstrate its applicability, we evaluate the system on visual datasets, where Privacy-Sensitive Objects in images are automatically detected, reassessed, and selectively encrypted prior to sharing in a data repository. Experimental results show that our system provides effective PSO detection, increases macro-averaged F1 score (5%) and mean Average Precision (10%), and maintains an average policy-enforced decryption time of less than 1 second per image. These results demonstrate the effectiveness, efficiency and scalability of our proposed solution for fine-grained access control.

翻译：随着存储数据量的持续增长，在大规模存储库中识别和保护敏感信息变得日益困难，尤其是在与具有不同角色和权限的多个用户共享数据时。本文提出了一种支持可信数据共享的系统架构，采用基于策略的访问控制机制，能够在保持可扩展性的同时实现对敏感区域的选择性保护。该架构集成了四个核心模块，结合了敏感区域的自动检测、后校正、密钥管理和访问控制功能。敏感区域采用混合方案进行保护：使用对称加密保证效率，并采用基于属性的加密实现策略执行。该系统支持高效的密钥分发，并通过隔离密钥存储来增强整体安全性。为验证其适用性，我们在视觉数据集上对该系统进行评估，其中图像中的隐私敏感对象会在数据存储库共享前被自动检测、重新评估并选择性加密。实验结果表明，我们的系统能够有效检测PSO，将宏平均F1分数提升5%，平均精度均值提升10%，并保持每幅图像的平均策略执行解密时间低于1秒。这些结果证明了我们提出的细粒度访问控制解决方案在有效性、效率和可扩展性方面的优势。