New System Architecture Enables Policy-Driven Secure Data Sharing with Hybrid Encryption

Global: New System Architecture Enables Policy-Driven Secure Data Sharing with Hybrid Encryption

Researchers have introduced a framework that allows large, multi‑user data repositories to protect sensitive information through policy‑driven access control while preserving scalability. The solution combines automated detection of privacy‑sensitive objects (PSOs) with a hybrid encryption scheme that leverages symmetric cryptography for speed and attribute‑based encryption (ABE) for fine‑grained policy enforcement.

Core Components of the Architecture

The design integrates four primary modules: (1) automated PSO detection, (2) post‑detection correction, (3) key management, and (4) access‑control enforcement. Detection relies on machine‑learning models to locate sensitive regions in visual data, after which a correction step refines the selections before encryption.

Hybrid Encryption Strategy

Sensitive regions are encrypted using a two‑layer approach. A symmetric key encrypts the data efficiently, while the same key is wrapped with ABE, enabling decryption only for users whose attributes satisfy the defined policy. This separation isolates key storage and supports rapid key distribution across the system.

Evaluation on Visual Datasets

To assess practicality, the authors applied the architecture to image repositories containing PSOs. Experimental results indicated a 5% increase in macro‑averaged F1 score and a 10% rise in mean average precision for object detection, demonstrating improved identification accuracy. Decryption under policy constraints averaged under 1 second per image, confirming the solution’s responsiveness.

Scalability and Security Implications

The modular design permits deployment across distributed storage environments without substantial performance penalties. By isolating key material and employing attribute‑based controls, the system mitigates risks associated with unauthorized data exposure, even when multiple users with varying permissions access the same repository.

Potential Applications

Beyond visual data, the architecture could be adapted for other media types where selective protection is required, such as medical records or proprietary corporate assets. Its policy‑centric model aligns with emerging data‑privacy regulations that demand granular access controls.

This report is based on information from arXiv, licensed under Academic Preprint / Open Access. Based on the abstract of the research paper. Full text available via ArXiv.