SoK: Access Control Policy Generation from High-level Natural Language Requirements
This work addresses the problem of access control failures for organizations, but it is incremental as it reviews existing literature rather than proposing a new solution.
The paper conducted a systematic literature review of 49 publications to identify limitations in existing graphical and automated tools for generating access control policies from natural language requirements, aiming to improve usability and reliability to prevent data breaches.
Administrator-centered access control failures can cause data breaches, putting organizations at risk of financial loss and reputation damage. Existing graphical policy configuration tools and automated policy generation frameworks attempt to help administrators configure and generate access control policies by avoiding such failures. However, graphical policy configuration tools are prone to human errors, making them unusable. On the other hand, automated policy generation frameworks are prone to erroneous predictions, making them unreliable. Therefore, to find ways to improve their usability and reliability, we conducted a Systematic Literature Review analyzing 49 publications, to identify those tools, frameworks, and their limitations. Identifying those limitations will help develop effective access control policy generation solutions while avoiding access control failures.