Techniques of optimizing policies in an information management system
First Claim
Patent Images
1. A method of managing information comprising:
- providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression having a variable, and the variable is defined in a first abstraction;
determining a subset of the plurality of rules and abstractions relevant to a target;
modifying the subset of rules and abstractions, wherein the modified subset of rules and abstractions is logically equivalent to the subset of rules and abstractions;
associating the modified subset of rules and abstractions to the target;
for the target, controlling access to the information based on the modified subset of rules and abstractions;
providing a rule having a first variable defined in the first abstraction of the subset of the plurality of rules and abstractions, wherein the first abstraction has a second variable defined in a second abstraction; and
evaluating the second variable, wherein when the second variable evaluates to a constant, and the modifying the subset of rules and abstractions comprises removing the second variable from the first abstraction.
3 Assignments
0 Petitions
Accused Products
Abstract
In an information management system, policies are optimized before they are associated to a device in order to increase evaluation speed or reduce space requirements, or both. Optimization techniques may include common subexpression elimination, constant folding, constant propagation, comparison optimization, dead code or subexpression removal, map or lookup table generation, policy rewriting, redundant policy elimination, heuristic-based policy ordering, or policy-format transformation, and combinations of these.
-
Citations
23 Claims
-
1. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression having a variable, and the variable is defined in a first abstraction; determining a subset of the plurality of rules and abstractions relevant to a target; modifying the subset of rules and abstractions, wherein the modified subset of rules and abstractions is logically equivalent to the subset of rules and abstractions; associating the modified subset of rules and abstractions to the target; for the target, controlling access to the information based on the modified subset of rules and abstractions; providing a rule having a first variable defined in the first abstraction of the subset of the plurality of rules and abstractions, wherein the first abstraction has a second variable defined in a second abstraction; and evaluating the second variable, wherein when the second variable evaluates to a constant, and the modifying the subset of rules and abstractions comprises removing the second variable from the first abstraction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression having a variable, and the variable is defined in a first abstraction; determining a subset of the plurality of rules and abstractions relevant to a target; modifying the subset of rules and abstractions, wherein the modified subset of rules and abstractions is logically equivalent to the subset of rules and abstractions; associating the modified subset of rules and abstractions to the target; for the target, controlling access to the information based on the modified subset of rules and abstractions; providing a rule having a first variable defined in the first abstraction of the subset of the plurality of rules and abstractions, wherein the first abstraction has a second variable defined in a second abstraction; and evaluating the second variable, wherein when the second variable evaluates to a constant, and the modifying the subset of rules and abstractions comprises; replacing the second variable from the first abstraction with the constant.
-
-
14. A method of managing information comprising:
-
providing a plurality of rules, wherein each of the plurality of rules comprises an expression; determining a subset of the plurality of rules relevant to a target; for the subset of the plurality of rules relevant to the target, determining portions of the expression not relevant to the target; for the subset of the plurality of rules relevant to the target, modifying the subset of rules by removing the portions of the expression not relevant to the target; associating the modified subset of rules to the target; and for the target, controlling access to the information based on the modified subset of rules, wherein a selected rule of the subset of rules has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, each of the first abstraction and the second abstraction represents at least one of a class of entities or a class of actions having a role in managing of the information, and the second variable evaluates to a constant, and the modifying the subset of rules comprises; for the selected rule, removing the second variable from the first abstraction. - View Dependent Claims (15)
-
-
16. A method of managing information comprising:
-
providing a plurality of rules, wherein each of the plurality of rules comprises an expression; determining a subset of the plurality of rules relevant to a target; for the subset of the plurality of rules relevant to the target, determining portions of the expression not relevant to the target; for the subset of the plurality of rules relevant to the target, modifying the subset of rules by removing the portions of the expression not relevant to the target; associating the modified subset of rules to the target; and for the target, controlling application usage based on the modified subset of rules, wherein a selected rule of the subset of rules has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, each of the first abstraction and the second abstraction represents at least one of a class of entities or a class of actions having a role in managing of the information, and the second variable evaluates to a constant, and the modifying the subset of rules comprises; for the selected rule, removing the second variable from the first abstraction.
-
-
17. A method of managing information comprising:
-
providing a plurality of rules, wherein each of the plurality of rules comprises an expression; determining a subset of the plurality of rules relevant to a target; for the subset of the plurality of rules relevant to the target, identifying a common subexpression in at least a first rule, wherein the first rule has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, each of the first abstraction and the second abstraction represents at least one of a class of entities or a class of actions having a role in managing of the information, and the second variable evaluates to a constant; for the first rule, replacing the second variable from the first abstraction with the constant; assigning the common subexpression to a variable; in the subset of the plurality of rules, replacing the common subexpression with the variable in at least the first rule; associating the modified subset of the plurality of rules to the target; and for the target, controlling access to the information based on the modified subset of the plurality of rules. - View Dependent Claims (18, 19, 20)
-
-
21. A method of managing information comprising:
-
providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression; determining a subset of the plurality of rules and a subset of the plurality of abstractions relevant to a target; for the subset of the plurality of rules and the subset of the plurality of abstractions relevant to the target, identifying a common subexpression, wherein a first rule of the subset of rules has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, and the second variable evaluates to a constant; for the first rule, removing the second variable from the first abstraction; assigning the common subexpression to a variable; in the subset of the plurality of rules and the subset of the plurality of abstractions, replacing the common subexpression with the variable in at least the first rule; associating the modified subset of the plurality of rules and the subset of the plurality of abstractions to the target; and for the target, controlling access to the information based on the modified subset of the plurality of rules and the subset of the plurality of abstractions. - View Dependent Claims (22, 23)
-
Specification