EthiMask: A Context-Aware Data Masking Framework for Privacy-Preserving Analytics Using Dynamic Trust Scoring and Differential Privacy
摘要
Background. The growing use of cloud analytics and AI solutions has increased the risks associated with privacy in organizations that deal with sensitive information. The conventional methods that are based on static access control and/or uniform anonymization are not adaptable to different roles, purposes of access, sensitivity, and trust levels, thereby either limiting analytics unnecessarily or not providing adequate protection for sensitive information. Objective. This work proposes the design of EthiMask, which is transparent in that it is fully traceable and auditable via explicit human-readable rules and parameters, and also has context-aware privacy middleware that adjusts the level of protection of the data in relation to its continuous trust assessment. Method(s). EthiMask integrates two Mamdani fuzzy inference systems: one classifies attribute sensitivity on GDPR-like categories [4], while the other calculates a real-time trust measure \(T(u,p,\sigma ,h)\) based on user role, purpose of use legitimacy, average attribute sensitivity, and user behavior history. A fully transparent decision matrix translates from (trust, sensitivity) pair to one of five graduated masking degrees (L1-L5). Finally, a shallow neural perceptron is trained on reproducing the fuzzy trust function while maintaining human interpretability. Findings. For the UCI Adult Census dataset, EthiMask yields meaningful sensitivity values (for example, race/sex \(\approx \) 0.79, demographic \(\approx \) 0.56) and reasonable trust values between 0.206 (untrusted) and 0.824 (trusted researcher). The neural perceptron faithfully approximates the complete fuzzy trust policy with a mean absolute error less than 0.04 with explicit negative sensitivity weighting. All decisions are traceable through the trust \(\times \) sensitivity matrix. Significance. EthiMask provides an auditable, practical, and regula- tion-compliant framework that combines rule-based privacy engineering with interpretable machine learning. It enables organizations to enforce fine-grained and context-aware data protection policies while providing clear and understandable explanations to data subjects, auditors, and regulators. In this paper, we use the term transparent to refer to systems in which every decision can be traced back to explicit, human-readable rules or parameters, allowing regulators, data protection officers, and data subjects to understand, verify, and audit privacy enforcement mechanisms without requiring specialized technical expertise.