This work addresses the semantic gap between machine-executable access control policies—such as those defined in Attribute-Based Access Control (ABAC)—and human intent by proposing LANTERN, a novel framework that leverages large language models (LLMs) to automatically generate natural language descriptions of ABAC policies from audit logs. Integrating rule extraction with LLM-driven natural language generation, LANTERN implements an openly accessible web system that substantially enhances policy interpretability and usability. Experimental evaluation demonstrates that LANTERN achieves strong performance in both accuracy and scalability, enabling natural language explanations and interactive navigation of access control policies.

Over the years, access control systems have become increasingly more complex, often causing a disconnect between what is envisaged by the stakeholders in decision-making positions and the actual permissions granted as evidenced from access logs. For instance, Attribute-based Access Control (ABAC), which is a flexible yet complex model typically configured by system security officers, can be made understandable to others only when presented at a high level in natural language. Although several algorithms have been proposed in the literature for automatic extraction of ABAC rules from access logs, there is no attempt yet to bridge the semantic gap between the machine-enforceable formal logic and human-centric policy intent. Our work addresses this problem by developing a framework that generates human understandable natural language access control policies from logs. We investigate to what extent the power of Large Language Models (LLMs) can be harnessed to achieve both accuracy and scalability in the process. Named LANTERN (LLM-based ABAC Natural Translation and Explanation for Rule Navigation), we have instantiated the framework as a publicly accessible web based application for reproducibility of our results.