Security Policy Generation and Verification Through Large Language Models: A Proposal.

The ability to manage and enforce security policies in a rapidly changing digital environment is vital. When enforcing and verifying policies on complex systems, it can be challenging for them to be understood by humans. Furthermore, updating access control rules or configurations that are translated from natural language documents might take considerable time and eventually cause errors and damage. It is crucial for the rules and configurations to be modified with care in order to prevent such mistakes. The aim of the following proposal is the design of a method to convert security policies written in natural language into a machine-understandable format that can easily be enforced, verified as well and understood by machines. To this end, we propose using advanced policy languages like XACML and Rego to translate security policies into formats that are automatically enforceable and verifiable by the system. In addition, this transformation will facilitate the implementation of security policies within modern application architectures including micro-services and cloud-native environments. Therefore, under its auspices, a framework that eases policy enforcement and minimizes human errors while ensuring conformity to safety standards set out shall be born out of this research proposal.