Guardado en:
Detalles Bibliográficos
Autores principales: Cheng, Ye, Xu, Minghui, Zhang, Yue, Li, Kun, Wu, Hao, Zhang, Yechao, Guo, Shaoyong, Qiu, Wangjie, Yu, Dongxiao, Cheng, Xiuzhen
Formato: Preprint
Publicado: 2025
Materias:
Acceso en línea:https://arxiv.org/abs/2505.23835
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
_version_ 1866915313042325504
author Cheng, Ye
Xu, Minghui
Zhang, Yue
Li, Kun
Wu, Hao
Zhang, Yechao
Guo, Shaoyong
Qiu, Wangjie
Yu, Dongxiao
Cheng, Xiuzhen
author_facet Cheng, Ye
Xu, Minghui
Zhang, Yue
Li, Kun
Wu, Hao
Zhang, Yechao
Guo, Shaoyong
Qiu, Wangjie
Yu, Dongxiao
Cheng, Xiuzhen
contents Access control in the Internet of Things (IoT) is becoming increasingly complex, as policies must account for dynamic and contextual factors such as time, location, user behavior, and environmental conditions. However, existing platforms either offer only coarse-grained controls or rely on rigid rule matching, making them ill-suited for semantically rich or ambiguous access scenarios. Moreover, the policy authoring process remains fragmented: domain experts describe requirements in natural language, but developers must manually translate them into code, introducing semantic gaps and potential misconfiguration. In this work, we present LACE, the Language-based Access Control Engine, a hybrid framework that leverages large language models (LLMs) to bridge the gap between human intent and machine-enforceable logic. LACE combines prompt-guided policy generation, retrieval-augmented reasoning, and formal validation to support expressive, interpretable, and verifiable access control. It enables users to specify policies in natural language, automatically translates them into structured rules, validates semantic correctness, and makes access decisions using a hybrid LLM-rule-based engine. We evaluate LACE in smart home environments through extensive experiments. LACE achieves 100% correctness in verified policy generation and up to 88% decision accuracy with 0.79 F1-score using DeepSeek-V3, outperforming baselines such as GPT-3.5 and Gemini. The system also demonstrates strong scalability under increasing policy volume and request concurrency. Our results highlight LACE's potential to enable secure, flexible, and user-friendly access control across real-world IoT platforms.
format Preprint
id arxiv_https___arxiv_org_abs_2505_23835
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Say What You Mean: Natural Language Access Control with Large Language Models for Internet of Things
Cheng, Ye
Xu, Minghui
Zhang, Yue
Li, Kun
Wu, Hao
Zhang, Yechao
Guo, Shaoyong
Qiu, Wangjie
Yu, Dongxiao
Cheng, Xiuzhen
Computation and Language
Access control in the Internet of Things (IoT) is becoming increasingly complex, as policies must account for dynamic and contextual factors such as time, location, user behavior, and environmental conditions. However, existing platforms either offer only coarse-grained controls or rely on rigid rule matching, making them ill-suited for semantically rich or ambiguous access scenarios. Moreover, the policy authoring process remains fragmented: domain experts describe requirements in natural language, but developers must manually translate them into code, introducing semantic gaps and potential misconfiguration. In this work, we present LACE, the Language-based Access Control Engine, a hybrid framework that leverages large language models (LLMs) to bridge the gap between human intent and machine-enforceable logic. LACE combines prompt-guided policy generation, retrieval-augmented reasoning, and formal validation to support expressive, interpretable, and verifiable access control. It enables users to specify policies in natural language, automatically translates them into structured rules, validates semantic correctness, and makes access decisions using a hybrid LLM-rule-based engine. We evaluate LACE in smart home environments through extensive experiments. LACE achieves 100% correctness in verified policy generation and up to 88% decision accuracy with 0.79 F1-score using DeepSeek-V3, outperforming baselines such as GPT-3.5 and Gemini. The system also demonstrates strong scalability under increasing policy volume and request concurrency. Our results highlight LACE's potential to enable secure, flexible, and user-friendly access control across real-world IoT platforms.
title Say What You Mean: Natural Language Access Control with Large Language Models for Internet of Things
topic Computation and Language
url https://arxiv.org/abs/2505.23835