A Policy System for Control of Data Fusion Processes and Derived Data

Abstract

The paper proposes an attribute-based policy framework for a coalition setting in which multiple parties provide data to be used in data fusion processes while at the same time retaining control of how their own data are used in these processes. The framework consists of three main types of policies: (a) access control policies - these allow one to specify controls on the fusion process (e.g., which user can use which data fusion tool) and on the input data to the fusion process; (b) fusion policies - these allow one to specify whether data needs to be pre-processed before being used (for example, whether data must be anonymized before being used, or encrypted and thus fusions must be performed on encrypted data); and, (c) derived data usage policies - these allow one to specify who is authorized to access the data resulting from the fusion. As all these policies are attribute-based policies, they support high-level, flexible, and expressive policy specifications. The paper also briefly discusses technologies for supporting policy enforcement and novel approaches supporting the automatic generation of policies.