🤖 AI Summary
This work addresses the challenge of policy misconfiguration arising from semantic ambiguity in natural language access control requirements, which often leads to unauthorized access. The authors propose AutoCedar, a novel framework that introduces the first intent-atom-based policy synthesis method guided by formal verification. AutoCedar decomposes natural language specifications into auditable intent atoms, integrates both human and mechanical validation, and iteratively refines policies through verification feedback to generate formal Cedar policies that are both faithful to user intent and semantically secure. Evaluated on 221 tasks from CedarBench, the system achieves full convergence and successfully constructs verified, globally consistent policy libraries in real-world domains including healthcare, education, and conference management.
📝 Abstract
Large Language Models are increasingly used to turn natural-language requirements into code. In access control, that shortcut is dangerous: a generated policy can compile and read correctly while granting access that no one approved. The difficulty is not only writing policy code. It is fixing what the requirements mean before code is written, and then checking that the final policy actually satisfies that intent. We present AutoCedar, a verifier-guided system that first turns natural-language access-control requirements into a reviewed, checkable target, and then synthesizes Cedar policies against that target. AutoCedar decomposes schema and policy authoring into small intent atoms: reviewable claims about vocabulary and behavior. Once those atoms pass mechanical validation and human intent review, the model proposes a candidate policy, the verifier checks it against the approved target, and each failure is turned into a repair signal that tells the model whether to broaden, narrow, or restructure the policy without changing the target. Because the model's work is split into small problems, each grounded in reviewed intent and backed by verifier feedback, end-to-end policy authoring becomes tractable. AutoCedar converges on all 221 tasks of CedarBench, our benchmark of authorization tasks paired with executable semantic boundaries. Across three requirements-corpus case studies covering healthcare, education, and conference management, AutoCedar converts noisy prose and extracted access-control fragments into reviewed schemas, formal checks, and a globally verified Cedar policy store for each scenario.