Automatic Generation of Attribute-Based Access Control Policies from Natural Language Documents  

作　　者：Fangfang Shan Zhenyu Wang Mengyao Liu Menghan Zhang 

机构地区：[1]College of Computer,Zhongyuan University of Technology,Zhengzhou,450007,China [2]Henan Key Laboratory of Cyberspace Situation Awareness,Zhengzhou,450001,China

出　　处：《Computers, Materials & Continua》2024年第9期3881-3902,共22页计算机、材料和连续体（英文）

基　　金：supported by the National Natural Science Foundation of China Project(No.62302540),please visit their website at https://www.nsfc.gov.cn/(accessed on 18 June 2024);The Open Foundation of Henan Key Laboratory of Cyberspace Situation Awareness(No.HNTS2022020),Further details can be found at http://xt.hnkjt.gov.cn/data/pingtai/(accessed on 18 June 2024);Natural Science Foundation of Henan Province Youth Science Fund Project(No.232300420422),you can visit https://kjt.henan.gov.cn/2022/09-02/2599082.html(accessed on 18 June 2024).

摘　　要：In response to the challenges of generating Attribute-Based Access Control(ABAC)policies,this paper proposes a deep learning-based method to automatically generate ABAC policies from natural language documents.This method is aimed at organizations such as companies and schools that are transitioning from traditional access control models to the ABAC model.The manual retrieval and analysis involved in this transition are inefficient,prone to errors,and costly.Most organizations have high-level specifications defined for security policies that include a set of access control policies,which often exist in the form of natural language documents.Utilizing this rich source of information,our method effectively identifies and extracts the necessary attributes and rules for access control from natural language documents,thereby constructing and optimizing access control policies.This work transforms the problem of policy automation generation into two tasks:extraction of access control statements andmining of access control attributes.First,the Chat General Language Model(ChatGLM)isemployed to extract access control-related statements from a wide range of natural language documents by constructing unique prompts and leveraging the model’s In-Context Learning to contextualize the statements.Then,the Iterated Dilated-Convolutions-Conditional Random Field(ID-CNN-CRF)model is used to annotate access control attributes within these extracted statements,including subject attributes,object attributes,and action attributes,thus reassembling new access control policies.Experimental results show that our method,compared to baseline methods,achieved the highest F1 score of 0.961,confirming the model’s effectiveness and accuracy.

关 键 词：Access control policy generation natural language deep learning 

分 类 号：TP39[自动化与计算机技术—计算机应用技术]