LMN: A Tool for Generating Machine Enforceable Policies from Natural Language Access Control Rules using LLMs
This addresses the challenge for organizations, especially large ones, in efficiently implementing access control policies, though it is incremental as it applies existing LLM technology to a specific domain.
The paper tackles the problem of manually translating natural language access control policies into machine-enforceable ones, which is time-consuming and resource-intensive, by developing a free web-based tool called LMN that uses GPT-3.5 to automate this conversion, with extensive experiments confirming its usefulness.
Organizations often lay down rules or guidelines called Natural Language Access Control Policies (NLACPs) for specifying who gets access to which information and when. However, these cannot be directly used in a target access control model like Attribute-based Access Control (ABAC). Manually translating the NLACP rules into Machine Enforceable Security Policies (MESPs) is both time consuming and resource intensive, rendering it infeasible especially for large organizations. Automated machine translation workflows, on the other hand, require information security officers to be adept at using such processes. To effectively address this problem, we have developed a free web-based publicly accessible tool called LMN (LLMs for generating MESPs from NLACPs) that takes an NLACP as input and converts it into a corresponding MESP. Internally, LMN uses the GPT 3.5 API calls and an appropriately chosen prompt. Extensive experiments with different prompts and performance metrics firmly establish the usefulness of LMN.