Professor receives $100,000 in funding to continue work developing automated security policies

Vijay Atluri, professor and director of the Master of Information Technology and Analytics, Department of Management Science & Information Systems (MSIS), received a $100,000 grant supporting her research on information security, specifically on how protection can be enabled automatically based on user credentials and the types of resources to be safeguarded.

The grant for her project, "Generating Machine-Enforceable Security Policies from Natural Language Text,” came from CISCO Research, a corporate-advised Silicon Valley Community Foundation fund.

“In any organization, the protection of its resources is accomplished through enforcing appropriate security policies,” Atluri said. “These security policies are guidelines that determine who can access what under what conditions, and they are generally written in a natural language that can be easily understood by humans but are not directly usable by an access control system.”

“For example, ‘movies rated R, or Restricted, require those under 17 to have an accompanying parent or adult guardian to view’ is a natural language policy,” she said. “The goal of this project is to identify such sentences within written policies, translate them into attribute-based access control rules, and then generate code that can be used to enforce the rules automatically. We employ large language models such as ChatGPT to accomplish this.”

Manually reading through long policy documents and looking for enforceable access control rules can be very time-consuming. Some documents may even have contradictory language. Atluri’s project would create a program able to use large language models to efficiently compile all the rules in a document, recognize and signal conflicts needing resolution, and write code that would consistently enforce correct security policies. The result would be accurate machine-enforceable code in a fraction of the time previously required.

Beyond advancing the science, Atluri’s work will engage students with cutting-edge research as part of her teaching the Information Security course of the foundation section of the Master of Information Technology and Analytics program. She also has Mian Yang, a Rutgers Business School Ph.D. student, working with her on the project.