Full Program
Summary:
Access control is one of the most fundamental components used in information security frameworks. However, as organizations increasingly rely on digital systems to manage sensitive data, robust access control has also become critical to ensure compliance with regulatory requirements. This paper proposes a method to automatically classify Access Control Policies (ACP) described in Natural Language (NL) using different transformer-based architectures. We relied on a dataset created from real-world requirements specifications and from different domains to achieve this goal. We fine-tuned and compared the performance of two different types of models, specifically the so-called Small Language Models (SMLs) and Large Language Models (LLMs). The experimental findings demonstrate SMLs' robust performance, with ELECTRA-base-generator as the best among them in terms of performance scores. Moreover, we provide two explainability measures that allow us to understand the process behind the classification.Author(s):
Luca Petrillo
IMT School for Advanced Studies Lucca, IIT-CNR
Italy
Fabio Martinelli
ICAR-CNR
Italy
Antonella Santone
University of Molise
Italy
Francesco Mercaldo
University of Molise, IIT-CNR
Italy