Sakuna Harinda Jayasundara, Nalin Asanka Gamagedara Arachchilage, Giovanni Russello (University of Auckland)

Access control failures can cause data breaches, putting entire organizations at risk of financial loss and reputation damage. One of the main reasons for such failures is the mistakes made by system administrators when they manually generate low-level access control policies directly from highlevel requirement specifications. Therefore, to help administrators in that policy generation process, previous research proposed graphical policy authoring tools and automated policy generation frameworks. However, in reality, those tools and frameworks are neither usable nor reliable enough to help administrators generate access control policies accurately while avoiding access control failures. Therefore, as a solution, in this paper, we present “AccessFormer”, a novel policy generation framework that improves both the usability and reliability of access control policy generation. Through the proposed framework, on the one hand, we improve the reliability of policy generation by utilizing Language Models (LMs) to generate, verify, and refine access control policies by incorporating the system’s as well as administrator’s feedback. On the other hand, we also improve the usability of the policy generation by proposing a usable policy authoring interface designed to help administrators understand policy generation mistakes and accurately provide feedback.

View More Papers

Sneaky Spikes: Uncovering Stealthy Backdoor Attacks in Spiking Neural...

Gorka Abad (Radboud University & Ikerlan Technology Research Centre), Oguzhan Ersoy (Radboud University), Stjepan Picek (Radboud University & Delft University of Technology), Aitor Urbieta (Ikerlan Technology Research Centre, Basque Research and Technology Alliance (BRTA))

Read More

MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots

Gelei Deng (Nanyang Technological University), Yi Liu (Nanyang Technological University), Yuekang Li (University of New South Wales), Kailong Wang (Huazhong University of Science and Technology), Ying Zhang (Virginia Tech), Zefeng Li (Nanyang Technological University), Haoyu Wang (Huazhong University of Science and Technology), Tianwei Zhang (Nanyang Technological University), Yang Liu (Nanyang Technological University)

Read More

Towards Integrating Human-Centered Cybersecurity Research Into Practice: A Practitioner...

Julie Haney, Clyburn Cunningham, Susanne Furman (National Institute of Standards and Technology)

Read More

AutoWatch: Learning Driver Behavior with Graphs for Auto Theft...

Paul Agbaje, Abraham Mookhoek, Afia Anjum, Arkajyoti Mitra (University of Texas at Arlington), Mert D. Pesé (Clemson University), Habeeb Olufowobi (University of Texas at Arlington)

Read More