LLM-Based Fine-Grained ABAC Policy Generation

Khang Mai; Nakul Ghate; Jongmin Lee; Razvan Beuran

doi:10.5220/0013225500003899

LLM-Based Fine-Grained ABAC Policy Generation

Khang Mai, Nakul Ghate, Jongmin Lee, Razvan Beuran

2025

Abstract

The central practice in the development of Attribute-Based Access Control (ABAC) is policy generation, for which supervised machine-learning approaches can achieve state-of-the-art performance. However, the scarcity of training data poses challenges for supervised solutions, limiting their practical application. Recently, large language models (LLMs) have demonstrated extraordinary proficiency in various language processing tasks, offering the potential for policy mining in scenarios with only a few training examples. This paper presents an LLM-based generation of fine-grained ABAC policies. The approach utilizes multiple LLMs in a mixture-of-agents mechanism to consider the ABAC scenario from diverse perspectives. Multi-turn interaction and retrieval augmented generation are combined to generate and prepare adequate LLM prompting context. In the evaluation, we conduct experiments within an Industrial Control System (ICS) network, ensuring that the ABAC policies align with specific security guidelines. We explore the feasibility of utilizing policies generated by LLMs directly in the access control decision-making process. By leveraging ground truth data, we implement an optimization module that refines the priority values of these policies, ultimately achieving an impressive F1 score of 0.994, showing that LLMs have the potential to generate fine-grained ABAC policies for real IT networks.

Download

Paper Citation

in Harvard Style

Mai K., Ghate N., Lee J. and Beuran R. (2025). LLM-Based Fine-Grained ABAC Policy Generation. In Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP; ISBN 978-989-758-735-1, SciTePress, pages 204-212. DOI: 10.5220/0013225500003899

in Bibtex Style

@conference{icissp25,
author={Khang Mai and Nakul Ghate and Jongmin Lee and Razvan Beuran},
title={LLM-Based Fine-Grained ABAC Policy Generation},
booktitle={Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP},
year={2025},
pages={204-212},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013225500003899},
isbn={978-989-758-735-1},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 11th International Conference on Information Systems Security and Privacy - Volume 2: ICISSP
TI - LLM-Based Fine-Grained ABAC Policy Generation
SN - 978-989-758-735-1
AU - Mai K.
AU - Ghate N.
AU - Lee J.
AU - Beuran R.
PY - 2025
SP - 204
EP - 212
DO - 10.5220/0013225500003899
PB - SciTePress