Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

LLMAC: A Global and Explainable Access Control Framework with Large Language Model

Sharif Noor Zisad, Ragib Hasan

TL;DR

The paper tackles the problem of dynamic, context-sensitive access control by marrying RBAC, ABAC, and DAC into a single, explainable framework. It introduces LLMAC, a large language model–based solution trained on a synthetic, policy-rich dataset using the Mistral 7B model with LoRA fine-tuning to map requests to allow/deny decisions and generate human-readable rationales. The study demonstrates that LLMAC achieves markedly higher accuracy and robust explainability compared with traditional models (RBAC, ABAC, DAC) and provides practical deployment considerations, including latency trade-offs and security safeguards. This work advances secure, auditable access control suitable for modern, complex organizational workflows and sets the stage for further enhancements in threat-resilience and cross-domain policy verification.

Abstract

Today's business organizations need access control systems that can handle complex, changing security requirements that go beyond what traditional methods can manage. Current approaches, such as Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Discretionary Access Control (DAC), were designed for specific purposes. They cannot effectively manage the dynamic, situation-dependent workflows that modern systems require. In this research, we introduce LLMAC, a new unified approach using Large Language Models (LLMs) to combine these different access control methods into one comprehensive, understandable system. We used an extensive synthetic dataset that represents complex real-world scenarios, including policies for ownership verification, version management, workflow processes, and dynamic role separation. Using Mistral 7B, our trained LLM model achieved outstanding results with 98.5% accuracy, significantly outperforming traditional methods (RBAC: 14.5%, ABAC: 58.5%, DAC: 27.5%) while providing clear, human readable explanations for each decision. Performance testing shows that the system can be practically deployed with reasonable response times and computing resources.

LLMAC: A Global and Explainable Access Control Framework with Large Language Model

TL;DR

The paper tackles the problem of dynamic, context-sensitive access control by marrying RBAC, ABAC, and DAC into a single, explainable framework. It introduces LLMAC, a large language model–based solution trained on a synthetic, policy-rich dataset using the Mistral 7B model with LoRA fine-tuning to map requests to allow/deny decisions and generate human-readable rationales. The study demonstrates that LLMAC achieves markedly higher accuracy and robust explainability compared with traditional models (RBAC, ABAC, DAC) and provides practical deployment considerations, including latency trade-offs and security safeguards. This work advances secure, auditable access control suitable for modern, complex organizational workflows and sets the stage for further enhancements in threat-resilience and cross-domain policy verification.

Abstract

Today's business organizations need access control systems that can handle complex, changing security requirements that go beyond what traditional methods can manage. Current approaches, such as Role-Based Access Control (RBAC), Attribute-Based Access Control (ABAC), and Discretionary Access Control (DAC), were designed for specific purposes. They cannot effectively manage the dynamic, situation-dependent workflows that modern systems require. In this research, we introduce LLMAC, a new unified approach using Large Language Models (LLMs) to combine these different access control methods into one comprehensive, understandable system. We used an extensive synthetic dataset that represents complex real-world scenarios, including policies for ownership verification, version management, workflow processes, and dynamic role separation. Using Mistral 7B, our trained LLM model achieved outstanding results with 98.5% accuracy, significantly outperforming traditional methods (RBAC: 14.5%, ABAC: 58.5%, DAC: 27.5%) while providing clear, human readable explanations for each decision. Performance testing shows that the system can be practically deployed with reasonable response times and computing resources.
Paper Structure (13 sections, 3 figures, 3 tables)

This paper contains 13 sections, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Background
  3. Traditional Access Control Models
  4. Role-Based Access Control (RBAC)
  5. Attribute-Based Access Control (ABAC)
  6. Discretionary Access Control (DAC)
  7. LLM for Access Control
  8. Literature Review
  9. Methodology
  10. System Architecture
  11. Experimental Dataset
  12. Results and Discussion
  13. Conclusion

Figures (3)

  • Figure 1: System Architecture
  • Figure 2: Performance Comparison of Access Control Models
  • Figure 3: LLMAC Decision with Explanation