Synthesizing Access Control Policies using Large Language Models

• URL: http://arxiv.org/abs/2503.11573v1
• Date: Fri, 14 Mar 2025 16:40:25 GMT
• Title: Synthesizing Access Control Policies using Large Language Models
• Authors: Adarsh Vatsa, Pratyush Patel, William Eiers,
• Abstract summary: Cloud compute systems allow administrators to write access control policies that govern access to private data.<n>While policies are written in convenient languages, such as AWS Identity and Access Management Policy Language, manually written policies often become complex and error prone.<n>In this paper, we investigate whether and how well Large Language Models (LLMs) can be used to synthesize access control policies.
• Score: 0.5762345156477738
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cloud compute systems allow administrators to write access control policies that govern access to private data. While policies are written in convenient languages, such as AWS Identity and Access Management Policy Language, manually written policies often become complex and error prone. In this paper, we investigate whether and how well Large Language Models (LLMs) can be used to synthesize access control policies. Our investigation focuses on the task of taking an access control request specification and zero-shot prompting LLMs to synthesize a well-formed access control policy which correctly adheres to the request specification. We consider two scenarios, one which the request specification is given as a concrete list of requests to be allowed or denied, and another in which a natural language description is used to specify sets of requests to be allowed or denied. We then argue that for zero-shot prompting, more precise and structured prompts using a syntax based approach are necessary and experimentally show preliminary results validating our approach.

Related papers

• LMN: A Tool for Generating Machine Enforceable Policies from Natural Language Access Control Rules using LLMs [0.435105239054559]
  Rules or guidelines called Natural Language Access Control Policies (NLACPs) can't be directly used in a target access control model like Attribute-based Access Control (ABAC) manually translating the NLACP rules into Machine Enforceable Security Policies (MESPs) is both time consuming and resource intensive. We have developed a free web-based tool called LMN (LLMs for generating MESPs from NLACPs) that takes an NLACP as input and converts it into a corresponding MESP.
  arXiv  Detail & Related papers  (2025-02-18T02:45:46Z)
• Few-shot Policy (de)composition in Conversational Question Answering [54.259440408606515]
  We propose a neuro-symbolic framework to detect policy compliance using large language models (LLMs) in a few-shot setting.<n>We show that our approach soundly reasons about policy compliance conversations by extracting sub-questions to be answered, assigning truth values from contextual information, and explicitly producing a set of logic statements from the given policies.<n>We apply this approach to the popular PCD and conversational machine reading benchmark, ShARC, and show competitive performance with no task-specific finetuning.
  arXiv  Detail & Related papers  (2025-01-20T08:40:15Z)
• LLMs for Generalizable Language-Conditioned Policy Learning under Minimal Data Requirements [50.544186914115045]
  This paper presents TEDUO, a novel training pipeline for offline language-conditioned policy learning.<n>TEDUO operates on easy-to-obtain, unlabeled datasets and is suited for the so-called in-the-wild evaluation, wherein the agent encounters previously unseen goals and states.
  arXiv  Detail & Related papers  (2024-12-09T18:43:56Z)
• Extracting Database Access-control Policies From Web Applications [5.193592261722995]
  It is difficult for humans to discern what policy is embedded in application code and what data the application may access.<n>This paper tackles policy extraction: the task of extracting the access-control policy embedded in an application by summarizing its data queries.<n>We introduce Ote, a policy extractor for Ruby-on-Rails web applications.
  arXiv  Detail & Related papers  (2024-11-18T08:58:11Z)
• PolicyLR: A Logic Representation For Privacy Policies [34.73520882451813]
  We propose PolicyLR, a new paradigm that offers a comprehensive machine-readable representation of privacy policies. PolicyLR converts privacy policies into a machine-readable format using valuations of atomic formulae. We demonstrate PolicyLR in three privacy tasks: Policy Compliance, Inconsistency Detection and Privacy Comparison Shopping.
  arXiv  Detail & Related papers  (2024-08-27T07:27:16Z)
• ChatSOP: An SOP-Guided MCTS Planning Framework for Controllable LLM Dialogue Agents [52.7201882529976]
  We propose SOP-guided Monte Carlo Tree Search (MCTS) planning framework to enhance controllability of dialogue agents.<n>To enable this, we curate a dataset comprising SOP-annotated multi-scenario dialogues, generated using a semi-automated role-playing system with GPT-4o.<n>We also propose a novel method that integrates Chain of Thought reasoning with supervised fine-tuning for SOP prediction.
  arXiv  Detail & Related papers  (2024-07-04T12:23:02Z)
• Intent-Based Access Control: Using LLMs to Intelligently Manage Access Control [6.2859996652179]
  This paper introduces a new paradigm for access control called Intent-Based Access Control for Databases (IBAC-DB) In IBAC-DB, access control policies are expressed more precisely using a novel format, the natural language access control matrix (NLACM) This paper presents a reference architecture for an IBAC-DB interface, an initial implementation for (which we call LLM4AC), and initial benchmarks that evaluate the accuracy of such a system.
  arXiv  Detail & Related papers  (2024-02-11T23:50:12Z)
• Interpreting User Requests in the Context of Natural Language Standing Instructions [89.12540932734476]
  We develop NLSI, a language-to-program dataset consisting of over 2.4K dialogues spanning 17 domains. A key challenge in NLSI is to identify which subset of the standing instructions is applicable to a given dialogue.
  arXiv  Detail & Related papers  (2023-11-16T11:19:26Z)
• Policy Search for Model Predictive Control with Application to Agile Drone Flight [56.24908013905407]
  We propose a policy-search-for-model-predictive-control framework for MPC. Specifically, we formulate the MPC as a parameterized controller, where the hard-to-optimize decision variables are represented as high-level policies. Experiments show that our controller achieves robust and real-time control performance in both simulation and the real world.
  arXiv  Detail & Related papers  (2021-12-07T17:39:24Z)
• OpenPrompt: An Open-source Framework for Prompt-learning [59.17869696803559]
  We present OpenPrompt, a unified easy-to-use toolkit to conduct prompt-learning over PLMs. OpenPrompt is a research-friendly framework that is equipped with efficiency, modularity, and extendibility.
  arXiv  Detail & Related papers  (2021-11-03T03:31:14Z)
• PolicyQA: A Reading Comprehension Dataset for Privacy Policies [77.79102359580702]
  We present PolicyQA, a dataset that contains 25,017 reading comprehension style examples curated from an existing corpus of 115 website privacy policies. We evaluate two existing neural QA models and perform rigorous analysis to reveal the advantages and challenges offered by PolicyQA.
  arXiv  Detail & Related papers  (2020-10-06T09:04:58Z)
• Fast Compliance Checking with General Vocabularies [0.0]
  We introduce an OWL2 profile for representing data protection policies. With this language, a company's data usage policy can be checked for compliance with data subjects' consent. We exploit IBQ reasoning to integrate specialized reasoners for the policy language and the vocabulary's language.
  arXiv  Detail & Related papers  (2020-01-16T09:08:00Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.