LLMAC: A Global and Explainable Access Control Framework with Large Language Model
This addresses the need for adaptable and explainable access control systems in modern business environments, representing a novel integration of LLMs into security workflows.
The researchers tackled the problem of complex, dynamic access control in business organizations by introducing LLMAC, a framework that uses Large Language Models to unify traditional methods, achieving 98.5% accuracy and outperforming existing approaches like RBAC (14.5%) and ABAC (58.5%).
Today's business organizations need access control systems that can handle complex, changing security requirements that go beyond what traditional methods can manage. Current approaches, such as Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Discretionary Access Control (DAC), were designed for specific purposes. They cannot effectively manage the dynamic, situation-dependent workflows that modern systems require. In this research, we introduce LLMAC, a new unified approach using Large Language Models (LLMs) to combine these different access control methods into one comprehensive, understandable system. We used an extensive synthetic dataset that represents complex real-world scenarios, including policies for ownership verification, version management, workflow processes, and dynamic role separation. Using Mistral 7B, our trained LLM model achieved outstanding results with 98.5% accuracy, significantly outperforming traditional methods (RBAC: 14.5%, ABAC: 58.5%, DAC: 27.5%) while providing clear, human readable explanations for each decision. Performance testing shows that the system can be practically deployed with reasonable response times and computing resources.