DAVE: A Policy-Enforcing LLM Spokesperson for Secure Multi-Document Data Sharing

TL;DR

DAVE introduces a policy-enforcing LLM spokesperson that enables secure, fine-grained data sharing through natural language interfaces, avoiding costly manual redactions and enhancing control over sensitive information.

Contribution

The paper proposes a novel architecture for a policy-enforcing LLM spokesperson with virtual redaction, formalizes policy violations, and outlines an initial integration prototype for secure multi-document sharing.

Findings

Formalization of policy-violating information disclosure

Introduction of virtual redaction at query time

Outline of an evaluation methodology for security and utility

Abstract

In current inter-organizational data spaces, usage policies are enforced mainly at the asset level: a whole document or dataset is either shared or withheld. When only parts of a document are sensitive, providers who want to avoid leaking protected information typically must manually redact documents before sharing them, which is costly, coarse-grained, and hard to maintain as policies or partners change. We present DAVE, a usage policy-enforcing LLM spokesperson that answers questions over private documents on behalf of a data provider. Instead of releasing documents, the provider exposes a natural language interface whose responses are constrained by machine-readable usage policies. We formalize policy-violating information disclosure in this setting, drawing on usage control and information flow security, and introduce virtual redaction: suppressing sensitive information at query time without modifying source documents. We describe an architecture for integrating such a spokesperson with Eclipse Dataspace Components and ODRL-style policies, and outline an initial provider-side integration prototype in which QA requests are routed through a spokesperson service instead of triggering raw document transfer. Our contribution is primarily architectural: we do not yet implement or empirically evaluate the full enforcement pipeline. We therefore outline an evaluation methodology to assess security, utility, and performance trade-offs under benign and adversarial querying as a basis for future empirical work on systematically governed LLM access to multi-party data spaces.