U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Translating Natural Language Specifications into Access Control Policies by Leveraging Large Language Models

Published

Author(s)

Sherifdeen Lawal, Xingmeng Zhao, Anthony Rios, Ram Krishnan, David Ferraiolo

Abstract

This paper investigates the application of large language models (LLMs) for the automated translation and information extraction of access control policies from a natural language source. Prior research in this domain have predominantly relied on manual methods, traditional natural language processing (NLP), or a hybrid approach involving machine learning and artificial neural networks combined with NLP techniques. We demonstrate a significant advancement by leveraging the power of LLMs to achieve improved efficiency and accuracy in these tasks. Our study focuses on applying cutting-edge prompt engineering techniques designed to optimize LLM performance in the specific context of access control policy information extraction. The findings highlight the potential of LLMs to streamline the process of converting human-readable requirements into formal, machine-interpretable policies, ultimately contributing to the automation and security of access control systems.
Proceedings Title
2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA)
Conference Dates
October 28-31, 2024
Conference Location
Washington, DC, US
Conference Title
The Sixth IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications
Pub Type
Conferences

Download Paper

https://doi.org/10.1109/TPS-ISA62245.2024.00048
Local Download

Keywords

Natural Language Specification, Access Control Policies, Large Language Models (LLMs), Prompt Engineering, Attribute-Based Access Control (ABAC)
Identity and access management

Citation

Lawal, S. , Zhao, X. , Rios, A. , Krishnan, R. and Ferraiolo, D. (2025), Translating Natural Language Specifications into Access Control Policies by Leveraging Large Language Models, 2024 IEEE 6th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), Washington, DC, US, [online], https://doi.org/10.1109/TPS-ISA62245.2024.00048, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=958734 (Accessed February 1, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created January 16, 2025, Updated January 29, 2025