Saved in:
Bibliographic Details
Main Authors: Vatsa, Adarsh, Patel, Pratyush, Eiers, William
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2503.11573
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866913736325857280
author Vatsa, Adarsh
Patel, Pratyush
Eiers, William
author_facet Vatsa, Adarsh
Patel, Pratyush
Eiers, William
contents Cloud compute systems allow administrators to write access control policies that govern access to private data. While policies are written in convenient languages, such as AWS Identity and Access Management Policy Language, manually written policies often become complex and error prone. In this paper, we investigate whether and how well Large Language Models (LLMs) can be used to synthesize access control policies. Our investigation focuses on the task of taking an access control request specification and zero-shot prompting LLMs to synthesize a well-formed access control policy which correctly adheres to the request specification. We consider two scenarios, one which the request specification is given as a concrete list of requests to be allowed or denied, and another in which a natural language description is used to specify sets of requests to be allowed or denied. We then argue that for zero-shot prompting, more precise and structured prompts using a syntax based approach are necessary and experimentally show preliminary results validating our approach.
format Preprint
id arxiv_https___arxiv_org_abs_2503_11573
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Synthesizing Access Control Policies using Large Language Models
Vatsa, Adarsh
Patel, Pratyush
Eiers, William
Software Engineering
Artificial Intelligence
Cryptography and Security
68P25
Cloud compute systems allow administrators to write access control policies that govern access to private data. While policies are written in convenient languages, such as AWS Identity and Access Management Policy Language, manually written policies often become complex and error prone. In this paper, we investigate whether and how well Large Language Models (LLMs) can be used to synthesize access control policies. Our investigation focuses on the task of taking an access control request specification and zero-shot prompting LLMs to synthesize a well-formed access control policy which correctly adheres to the request specification. We consider two scenarios, one which the request specification is given as a concrete list of requests to be allowed or denied, and another in which a natural language description is used to specify sets of requests to be allowed or denied. We then argue that for zero-shot prompting, more precise and structured prompts using a syntax based approach are necessary and experimentally show preliminary results validating our approach.
title Synthesizing Access Control Policies using Large Language Models
topic Software Engineering
Artificial Intelligence
Cryptography and Security
68P25
url https://arxiv.org/abs/2503.11573