“…Policy derivation for access control has been investigated based on resource hierarchies [11], goal decomposition [12], action decomposition [13], data classification [14], ontology [15], etc. In usage control, several enforcements exist at and across different layers of abstraction in various types of systems [2,3,5,[16][17][18].…”