A fundamental management responsibility is securing information systems. Almost all applications that deal with safety, privacy, or defense include some form of access control. There are a plethora of access control models in the information security realm such as role-based access control and attribute-based access control. However, the initial development of access control policies (ACPs) can be very challenging. Most organizations have high-level requirement specifications that include a set of ACPs, which describe allowable operations of the system. It is time consuming and error-prone to manually sift through these documents and extract ACPs. In this paper, we propose a new framework towards extracting ACPs from unrestricted natural language documents using semantic role labeling (SRL). We were able to correctly identify ACP elements with an average $F_1$F1 score of 75 percent, which bested the previous work by 15 percent. Furthermore, as SRL tools are often trained on publicly available corpora such as Wall Street Journal, we investigated the idea of improving SRL performance using domain-related knowledge. We utilized domain adaptation and semi-supervised learning techniques and were able to improve the SRL performance by 2 percent using only a small amount of access control data.

中文翻译：

---

从自然语言文档中自动提取访问控制策略

一项基本的管理职责是保护信息系统。几乎所有处理安全、隐私或防御的应用程序都包含某种形式的访问控制。信息安全领域有大量的访问控制模型，例如基于角色的访问控制和基于属性的访问控制。但是，访问控制策略 (ACP) 的初始开发可能非常具有挑战性。大多数组织都有包含一组 ACP 的高级需求规范，这些规范描述了系统的允许操作。手动筛选这些文档并提取 ACP 既费时又容易出错。在本文中，我们提出了一种使用语义角色标签（SRL）从不受限制的自然语言文档中提取 ACP 的新框架。$F_1$F1得分为 75%，比之前的作品高 15%。此外，由于 SRL 工具经常在华尔街日报等公开可用的语料库上进行训练，因此我们研究了使用领域相关知识提高 SRL 性能的想法。我们利用域适应和半监督学习技术，仅使用少量访问控制数据就能够将 SRL 性能提高 2%。