Exploring LLMs for Automating Policy to Code Conversion in Business Organizations
Imagine a world where complex organizational policies are effortlessly transformed from user prompts in natural language into secure, dependency-aware Policy-as-Code by utilizing fine-tuned language models.
Key Features
Turning natural language policies into secure, organizational-compliant Policy-as-Code (PAC) is complex, error-prone, and risky with public LLMs. AutoPAC facilitates a soltuion to this problem by leveraging a private, fine-tuned LLM to generate and validate PACs seamlessly, thus ensuring easy, sane and secure PAC creation for large scale bussiness organizations.
- Creation of Domain-specific Dataset: We created a domain-specific dataset consisting of set of Role Based Access Control (RBAC) and Attribute-based Access Control (ABAC) policies and their annotations in natural language.
- Training Custom Large Language Models: AutoPAC's Translator leverages a pluggable, fine-tuned Large Language Model trained on domain-specific dataset to generate Policy-as-Codes from user prompts.
- Organizational Security and Privacy: AutoPAC can be deployed on-premise of any organization thus avoiding data leakage. It has been tested to require minimal resource footprints during training and deployment and requires less than 2 seconds to generate individual PAC-policy.
- Verification of Generated PAC-policies: We developed a unit and integration testing pipeline for comprehensive testing to ascertain the sanity of the generated PAC-policies.
Contributors
Neha Chowdhary
IIT Kharagpur, India
Tanmoy Dutta
IIT Kharagpur, India
Subhrendu Chattopadhyay
IDRBT, Hyderabad, India
Sandip Chakraborty
IIT Kharagpur, India
Publications
- Neha Chowdhary, Tanmoy Dutta, Subhrendu Chattopadhyay, Sandip Chakraborty: "AutoPAC: Exploring LLMs for Automating Policy to Code Conversion in Business Organizations", COMSNETS 2025