The increasing adoption of generative artificial intelligence, particularly conversational Large Language Models (LLMs), has presented new opportunities for addressing challenges in software development. This paper explores the potential of LLMs in generating eXtensible Access Control Markup Language (XACML) policies. This paper investigates current solutions and strategies for leveraging LLMs to produce verified, secure, compliant access control policies. Specifically, by discussing current methods for enhancing LLM performances in generating structured text, it introduces a pipeline approach that integrates conversational LLMs with syntactic and semantic validators. This approach ensures correctness and reliability of the generated policies. Our proposal is showcased by using real policies and compares various LLMs’ performances (ChatGPT, Claude, Gemini, and LLaMA). Our findings suggest a promising direction for future developments in automated access control policy formulation, bridging the gap between human intent and machine interpretation.
From plain English to XACML policies: an AI-based pipeline approach
Paratore M. T.
;Marchetti E.;Calabro' A.
2025
Abstract
The increasing adoption of generative artificial intelligence, particularly conversational Large Language Models (LLMs), has presented new opportunities for addressing challenges in software development. This paper explores the potential of LLMs in generating eXtensible Access Control Markup Language (XACML) policies. This paper investigates current solutions and strategies for leveraging LLMs to produce verified, secure, compliant access control policies. Specifically, by discussing current methods for enhancing LLM performances in generating structured text, it introduces a pipeline approach that integrates conversational LLMs with syntactic and semantic validators. This approach ensures correctness and reliability of the generated policies. Our proposal is showcased by using real policies and compares various LLMs’ performances (ChatGPT, Claude, Gemini, and LLaMA). Our findings suggest a promising direction for future developments in automated access control policy formulation, bridging the gap between human intent and machine interpretation.| File | Dimensione | Formato | |
|---|---|---|---|
|
From plain English to XACML.pdf
accesso aperto
Descrizione: From Plain English to XACML Policies: An AI-Based Pipeline Approach
Tipologia:
Documento in Post-print
Licenza:
Creative commons
Dimensione
664.55 kB
Formato
Adobe PDF
|
664.55 kB | Adobe PDF | Visualizza/Apri |
|
Paratore et al_ScitePress-2025.pdf
accesso aperto
Descrizione: s, Lda Original language English Volume Editors Ciccozzi F., Pires L.F., Bordeleau F. From Plain English to XACML Policies: An AI-Based Pipeline Approach
Tipologia:
Versione Editoriale (PDF)
Licenza:
Creative commons
Dimensione
700.72 kB
Formato
Adobe PDF
|
700.72 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
