Go to DBLP homepageLitroACP: A Lightweight and Robust Framework for Extracting Access Control Policies from Specifications
Abstract: Access control is essential for safeguarding data in various enterprise systems. However, creating initial access control policies from high-level specifications is time-consuming and error-prone, and it can introduce security risks. Automated Access Control Policy (ACP) generation is crucial to simplify this process. Despite advancements, challenges such as the lack of standardized datasets, coarse-grained policy extraction, and high resource demands remain. We propose LitroACP, a lightweight and robust method for fine-grained policy extraction. By leveraging Named Entity Recognition (NER) and integrating language models, LitroACP introduces three key modules: ACPUIE for semi-automated data annotation, DisAdver for identifying policy decisions, and GLiACP for extracting critical policy components. The extracted components can be further synthesized into structured access control policies based on the identified decision type. LitroACP enhances the use of limited real-world datasets through Projected Gradient Descent (PGD) adversarial training on DistilBERT. Experimental data comes from diverse industries, including healthcare and education, and LitroACP bridges the gap between general knowledge and access control policy domain knowledge through pre-trained models. Compared with three existing frameworks, LitroACP achieves an average F1-score of 93.77% for Natural Language Access Control Policy (NLACP) identification, 77.69% for policy component extraction, and 85.2% for policy decision identification. These results underscore the effectiveness of our framework and provide a solid basis for releasing an open dataset to facilitate further research (Dataset and Code are available at https://github.com/AmberQZ/LitroACP.)
External IDs:dblp:conf/caise/ZhangXHGZW25
Loading