Intent-Based Access Control: Using LLMs to Intelligently Manage Access Control
CoRR(2024)
摘要
In every enterprise database, administrators must define an access control
policy that specifies which users have access to which assets. Access control
straddles two worlds: policy (organization-level principles that define who
should have access) and process (database-level primitives that actually
implement the policy). Assessing and enforcing process compliance with a policy
is a manual and ad-hoc task. This paper introduces a new paradigm for access
control called Intent-Based Access Control for Databases (IBAC-DB). In IBAC-DB,
access control policies are expressed more precisely using a novel format, the
natural language access control matrix (NLACM). Database access control
primitives are synthesized automatically from these NLACMs. These primitives
can be used to generate new DB configurations and/or evaluate existing ones.
This paper presents a reference architecture for an IBAC-DB interface, an
initial implementation for PostgreSQL (which we call LLM4AC), and initial
benchmarks that evaluate the accuracy and scope of such a system. We find that
our chosen implementation, LLM4AC, vastly outperforms other baselines,
achieving near-perfect F1 scores on our initial benchmarks.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要