Technical Reports

HPL-2010-134

Click here for full text: PDF

APEX: Automated Policy Enforcement eXchange

Simske, Steven J.; Balinsky, Helen
HP Laboratories

HPL-2010-134

Keyword(s): Policy, Text Analysis, Policy Server, Policy Editor, Document Systems, Document System Components, Security

Abstract: The changing nature of document workflows, document privacy and document security merit a new approach to the enforcement of policy. We propose the use of automated means for enforcing policy, which provides advantages for compliance and auditing, adaptability to changes in policy, and compatibility with a cloud- based exchange. We describe the Automated Policy Enforcement eXchange (APEX) software system, which consists of: (1) a policy editor, (2) a policy server, (3) a local daemon on every PC/laptop to maintain local secure up-to-date storage and policy, and (4) local (policy-enforcing) wrappers to capture document- handling user actions such as document export, e-mail, print, edit and save. During the performance of relevant incremental change, or other user-elicited action, on a composite document, the document and its metadata are scanned for salient policy eliciting terms (PETs). The document is then partitioned based on relevant policies and the security policy for each part is determined. If the document contains no PETs, then the user-initiated actions are allowed; otherwise, alternative actions are suggested, including: (a) encryption, (b) redirecting to a secure printer and requiring authorization (e.g. PIN) for printing, and (c) disallowing printing until specific sensitive data is removed.

4 Pages

Additional Publication Information: To be presented at ACM DocEng 2010. Manchester UK.

External Posting Date: October 6, 2010 [Fulltext]. Approved for External Publication
Internal Posting Date: October 6, 2010 [Fulltext]

Back to Index