Administrator-centered access control failures can cause data breaches, putting organizations at risk of financial loss and reputation damage. Existing graphical policy configuration tools and automated policy generation frameworks attempt to help administrators configure and generate access control policies by avoiding such failures. However, graphical policy configuration tools are prone to human errors, making them unusable. On the other hand, automated policy generation frameworks are prone to erroneous predictions, making them unreliable. Therefore, to find ways to improve their usability and reliability, we conducted a Systematic Literature Review analyzing 49 publications. The thematic analysis of the publications revealed that graphical policy configuration tools are developed to write and visualize policies manually. Moreover, automated policy generation frameworks are developed using machine learning (ML) and natural language processing (NLP) techniques to automatically generate access control policies from high-level requirement specifications. Despite their utility in the access control domain, limitations of these tools, such as the lack of flexibility, and limitations of frameworks, such as the lack of domain adaptation, negatively affect their usability and reliability, respectively. Our study offers recommendations to address these limitations through real-world applications and recent advancements in the NLP domain, paving the way for future research.

中文翻译：

---

SoK：从高级自然语言需求生成访问控制策略


以管理员为中心的访问控制失败可能会导致数据泄露，使组织面临财务损失和声誉受损的风险。现有的图形策略配置工具和自动策略生成框架试图通过避免此类故障来帮助管理员配置和生成访问控制策略。但是，图形策略配置工具容易出现人为错误，使其无法使用。另一方面，自动化策略生成框架容易出现错误的预测，使其不可靠。因此，为了找到提高其可用性和可靠性的方法，我们进行了系统文献综述，分析了 49 篇出版物。对出版物的主题分析表明，图形策略配置工具的开发是为了手动编写和可视化策略。此外，使用机器学习 （ML） 和自然语言处理 （NLP） 技术开发自动化策略生成框架，以根据高级需求规范自动生成访问控制策略。尽管它们在访问控制领域很有用，但这些工具的局限性（例如缺乏灵活性）和框架的局限性（例如缺乏域自适应）分别对它们的可用性和可靠性产生了负面影响。我们的研究提供了通过实际应用和 NLP 领域的最新进展来解决这些限制的建议，为未来的研究铺平了道路。