Role templates for content-based access control
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A fine-grained access control system for XML documents
ACM Transactions on Information and System Security (TISSEC)
ACSW '07 Proceedings of the fifth Australasian symposium on ACSW frontiers - Volume 68
Differential access for publicly-posted composite documents with multiple workflow participants
Proceedings of the 10th ACM symposium on Document engineering
Proceedings of the 11th ACM symposium on Document engineering
Access control requirements for structured document in cloud computing
International Journal of Grid and Utility Computing
Hi-index | 0.00 |
The changing nature of document workflows, document privacy and document security merit a new approach to the enforcement of policy. We propose the use of automated means for enforcing policy, which provides advantages for compliance and auditing, adaptability to changes in policy, and compatibility with a cloud-based exchange. We describe the Automated Policy Enforcement eXchange (APEX) software system, which consists of: (1) a policy editor, (2) a policy server, (3) a local daemon on every PC/laptop to maintain local secure up-to-date storage and policy, and (4) local (policy-enforcing) wrappers to capture document-handling user actions such as document export, e-mail, print, edit and save. During the performance of relevant incremental change, or other user-elicited action, on a composite document, the document and its metadata are scanned for salient policy eliciting terms (PETs). The document is then partitioned based on relevant policies and the security policy for each part is determined. If the document contains no PETs, then the user-initiated actions are allowed; otherwise, alternative actions are suggested, including: (a) encryption, (b) redirecting to a secure printer and requiring authorization (e.g. PIN) for printing, and (c) disallowing printing until specific sensitive data is removed.