Techniques of optimizing policies in an information management system

US 8,150,816 B2
Filed: 12/22/2006
Issued: 04/03/2012
Est. Priority Date: 12/29/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing information comprising:

providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression having a variable, and the variable is defined in a first abstraction;

determining a subset of the plurality of rules and abstractions relevant to a target;

modifying the subset of rules and abstractions, wherein the modified subset of rules and abstractions is logically equivalent to the subset of rules and abstractions;

associating the modified subset of rules and abstractions to the target;

for the target, controlling access to the information based on the modified subset of rules and abstractions;

providing a rule having a first variable defined in the first abstraction of the subset of the plurality of rules and abstractions, wherein the first abstraction has a second variable defined in a second abstraction; and

evaluating the second variable, wherein when the second variable evaluates to a constant, and the modifying the subset of rules and abstractions comprises removing the second variable from the first abstraction.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In an information management system, policies are optimized before they are associated to a device in order to increase evaluation speed or reduce space requirements, or both. Optimization techniques may include common subexpression elimination, constant folding, constant propagation, comparison optimization, dead code or subexpression removal, map or lookup table generation, policy rewriting, redundant policy elimination, heuristic-based policy ordering, or policy-format transformation, and combinations of these.

Citations

23 Claims

1. A method of managing information comprising:
- providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression having a variable, and the variable is defined in a first abstraction;
  
  determining a subset of the plurality of rules and abstractions relevant to a target;
  
  modifying the subset of rules and abstractions, wherein the modified subset of rules and abstractions is logically equivalent to the subset of rules and abstractions;
  
  associating the modified subset of rules and abstractions to the target;
  
  for the target, controlling access to the information based on the modified subset of rules and abstractions;
  
  providing a rule having a first variable defined in the first abstraction of the subset of the plurality of rules and abstractions, wherein the first abstraction has a second variable defined in a second abstraction; and
  
  evaluating the second variable, wherein when the second variable evaluates to a constant, and the modifying the subset of rules and abstractions comprises removing the second variable from the first abstraction.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises:
    - determining a characteristic of the target;
      
      removing a portion of at least one of the plurality of rules based on the characteristic of the target.
  - 3. The method of claim 2 wherein the characteristic of the target comprises at least one of a device type of the target, a user associated with the target, a group associated with the target, an application executing on the target, or a capability of the target.
  - 4. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises:
    - determining a characteristic of the target; and
      
      removing a portion of at least one of the plurality of abstractions based on the characteristic of the target.
  - 5. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises removing one or more constant subexpressions from the rules, an expression comprises at least one subexpression, and one or more constant subexpressions evaluate to a constant.
  - 6. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises replacing a constant subexpression in a rule with a constant, and an expression comprises at least one subexpression.
  - 7. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises removing constant subexpressions from the abstractions, and an expression comprises at least one subexpression.
  - 8. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises replacing a constant subexpression in an abstraction with a constant, and an expression comprises at least one subexpression.
  - 9. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises removing a subexpression having a variable from a rule when the subexpression evaluates to a constant, and an expression comprises at least one subexpression.
  - 10. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises removing a subexpression of a rule when the subexpression evaluates to a Boolean true, and an expression comprises at least one subexpression.
  - 11. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises removing a subexpression from a rule when the subexpression evaluates to a Boolean false, and an expression comprises at least one subexpression.
  - 12. The method of claim 1 wherein the modifying the subset of rules and abstractions comprises replacing a variable in a rule with a constant when a value of the variable evaluates to a constant.

13. A method of managing information comprising:
- providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression having a variable, and the variable is defined in a first abstraction;
  
  determining a subset of the plurality of rules and abstractions relevant to a target;
  
  modifying the subset of rules and abstractions, wherein the modified subset of rules and abstractions is logically equivalent to the subset of rules and abstractions;
  
  associating the modified subset of rules and abstractions to the target;
  
  for the target, controlling access to the information based on the modified subset of rules and abstractions;
  
  providing a rule having a first variable defined in the first abstraction of the subset of the plurality of rules and abstractions, wherein the first abstraction has a second variable defined in a second abstraction; and
  
  evaluating the second variable, wherein when the second variable evaluates to a constant, and the modifying the subset of rules and abstractions comprises;
  
  replacing the second variable from the first abstraction with the constant.

14. A method of managing information comprising:
- providing a plurality of rules, wherein each of the plurality of rules comprises an expression;
  
  determining a subset of the plurality of rules relevant to a target;
  
  for the subset of the plurality of rules relevant to the target, determining portions of the expression not relevant to the target;
  
  for the subset of the plurality of rules relevant to the target, modifying the subset of rules by removing the portions of the expression not relevant to the target;
  
  associating the modified subset of rules to the target; and
  
  for the target, controlling access to the information based on the modified subset of rules,wherein a selected rule of the subset of rules has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, each of the first abstraction and the second abstraction represents at least one of a class of entities or a class of actions having a role in managing of the information, and the second variable evaluates to a constant,and the modifying the subset of rules comprises;
  
  for the selected rule, removing the second variable from the first abstraction.
- View Dependent Claims (15)
- - 15. The method of claim 14 wherein the for the selected rule, removing the second variable from the first abstraction is replaced byfor the selected rule, replacing the second variable from the first abstraction with the constant.

16. A method of managing information comprising:
- providing a plurality of rules, wherein each of the plurality of rules comprises an expression;
  
  determining a subset of the plurality of rules relevant to a target;
  
  for the subset of the plurality of rules relevant to the target, determining portions of the expression not relevant to the target;
  
  for the subset of the plurality of rules relevant to the target, modifying the subset of rules by removing the portions of the expression not relevant to the target;
  
  associating the modified subset of rules to the target; and
  
  for the target, controlling application usage based on the modified subset of rules,wherein a selected rule of the subset of rules has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, each of the first abstraction and the second abstraction represents at least one of a class of entities or a class of actions having a role in managing of the information, and the second variable evaluates to a constant,and the modifying the subset of rules comprises;
  
  for the selected rule, removing the second variable from the first abstraction.

17. A method of managing information comprising:
- providing a plurality of rules, wherein each of the plurality of rules comprises an expression;
  
  determining a subset of the plurality of rules relevant to a target;
  
  for the subset of the plurality of rules relevant to the target, identifying a common subexpression in at least a first rule,wherein the first rule has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, each of the first abstraction and the second abstraction represents at least one of a class of entities or a class of actions having a role in managing of the information, and the second variable evaluates to a constant;
  
  for the first rule, replacing the second variable from the first abstraction with the constant;
  
  assigning the common subexpression to a variable;
  
  in the subset of the plurality of rules, replacing the common subexpression with the variable in at least the first rule;
  
  associating the modified subset of the plurality of rules to the target; and
  
  for the target, controlling access to the information based on the modified subset of the plurality of rules.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17 wherein the access to the information comprises sending an e-mail message.
  - 19. The method of claim 17 wherein the access to the information comprises editing a cell in a spreadsheet.
  - 20. The method of claim 17 wherein the for the first rule, replacing the second variable from the first abstraction with the constant is replaced byfor the first rule, removing the second variable from the first abstraction.

21. A method of managing information comprising:
- providing a plurality of rules and a plurality of abstractions, wherein each of the plurality of abstractions represents at least one of a class of entities or a class of actions having a role in managing of the information and each of the plurality of rules comprises an expression;
  
  determining a subset of the plurality of rules and a subset of the plurality of abstractions relevant to a target;
  
  for the subset of the plurality of rules and the subset of the plurality of abstractions relevant to the target, identifying a common subexpression,wherein a first rule of the subset of rules has a first variable defined in a first abstraction, the first abstraction has a second variable defined in a second abstraction, and the second variable evaluates to a constant;
  
  for the first rule, removing the second variable from the first abstraction;
  
  assigning the common subexpression to a variable;
  
  in the subset of the plurality of rules and the subset of the plurality of abstractions, replacing the common subexpression with the variable in at least the first rule;
  
  associating the modified subset of the plurality of rules and the subset of the plurality of abstractions to the target; and
  
  for the target, controlling access to the information based on the modified subset of the plurality of rules and the subset of the plurality of abstractions.
- View Dependent Claims (22, 23)
- - 22. The method of claim 21 wherein the access to the information comprises forwarding an e-mail message.
  - 23. The method of claim 21 wherein the access to the information comprises saving a document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Nextlabs
Original Assignee
Nextlabs
Inventors
Lim, Keng
Primary Examiner(s)
Hoang, Son T

Application Number

US11/615,553
Publication Number

US 20070156670A1
Time in Patent Office

1,929 Days
Field of Search

707/694, 707/791
US Class Current

707/694
CPC Class Codes

G06F 11/3438   monitoring of user actions ...

G06F 16/122   using management policies b...

G06F 16/13   File access structures, e.g...

G06F 16/176   Support for shared access t...

G06F 16/93   Document management systems

G06F 21/6218   to a system of files or obj...

G06F 2221/2101   Auditing as a secondary aspect

G06F 9/468   Specific access rights for ...

H04L 63/10   for controlling access to d...

H04L 63/101   Access control lists [ACL]

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 63/205   involving negotiation or de...

Techniques of optimizing policies in an information management system

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques of optimizing policies in an information management system

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links