Differential Privacy Based Access Control

The huge availability of data is giving organizations the opportunity to develop and consume new data-intensive applications (e.g., predictive analytics). However, data often contain personal and confidential information, and their usage and sharing come with security and legal risks; so there is the need of devising appropriate, task specific, data release mechanisms to find the balance between advantages of big data and the potential risks. We propose a novel privacy-aware access control model, based on differential privacy. The model allows for data access at different privacy levels, generating an anonymized data set according to the privacy clearance of each request. The architecture also supports re-negotiation of the privacy level, in return of fulfilling a set of obligations. We also show, how the model can address the privacy and utility requirements, in an human-resource motivated use-case with a classification task. The model provides a flexible access control, improving data availability, while guaranteeing a certain level of privacy.