Go to NeurIPS 2025 Workshop Lock-LLM homepagePermissioned LLMs: Enforcing Access Control in Large Language Models
Keywords: LLM, access control, security, PEFT
Abstract: In enterprise settings, organizational data is segregated, siloed and carefully protected by elaborate access control frameworks. These access control structures can completely break down if an LLM fine-tuned on the siloed data serves requests, for downstream tasks, from individuals with disparate access privileges. We propose Permissioned LLMs, a new class of LLMs that superimpose the organizational data access control structures on query responses they generate. We formalize abstractions underpinning the means to determine whether access control enforcement happens correctly over LLM query responses. Our formalism introduces the notion of a relevant response that can be used to prove whether a Permissioned LLM mechanism has been implemented correctly. We also introduce a novel metric, called access advantage, to empirically evaluate the efficacy of a Permissioned LLM mechanism. We introduce three novel Permissioned LLM mechanisms that build on Parameter Efficient Fine-Tuning to achieve the desired access control. We furthermore present two instantiations of access advantage--(i) Domain Distinguishability Index (DDI) based on Membership Inference Attacks, and (ii) Utility Gap Index (UGI) based on LLM utility evaluation. We demonstrate the efficacy of our Permissioned LLM mechanisms through extensive experiments on five public datasets in addition to evaluating the validity of DDI and UGI metrics for quantifying access control in LLMs.
Submission Number: 11
Loading