In this paper, we present a framework that integrates AI-based derivation of Access and Usage Control policies for IoT devices, using Large Language Models (LLMs) to automate the generation of policies from unstructured natural language commands. The framework employs a hybrid approach, combining LLMs with dedicated libraries to ensure efficient on-device execution. Our approach is based on a two-step process: first, a fine-tuned LLM converts user commands into structured JSON policy representations; then, a transformation module translates the JSON policies into fully compliant U-XACML policies. To ensure generality across different domains, we introduce a taxonomy-driven dataset creation, which enables policy creation for different environments such as smart homes, smart offices, and healthcare settings. Our evaluation demonstrates that the system achieves 93 % accuracy in policy generation and 91 % accuracy when handling ambiguous or noisy inputs. It also reaches 98 % agreement with expert-defined policies in real-world scenarios. Finally, on-device performance evaluations confirm the feasibility of running the model in practical settings, demonstrating reliable inference under constrained hardware conditions.
On-device derivation of IoT usage control policies: Automating U-XACML policy generation from natural language with LLMs in smart homes environments / Alajramy, Loay; Simoni, Marco; Rasori, Marco; Saracino, Andrea; Mori, Paolo. - In: FUTURE GENERATION COMPUTER SYSTEMS. - ISSN 0167-739X. - 175:(2026). [10.1016/j.future.2025.108067]
On-device derivation of IoT usage control policies: Automating U-XACML policy generation from natural language with LLMs in smart homes environments
Simoni, MarcoSecondo
;
2026
Abstract
In this paper, we present a framework that integrates AI-based derivation of Access and Usage Control policies for IoT devices, using Large Language Models (LLMs) to automate the generation of policies from unstructured natural language commands. The framework employs a hybrid approach, combining LLMs with dedicated libraries to ensure efficient on-device execution. Our approach is based on a two-step process: first, a fine-tuned LLM converts user commands into structured JSON policy representations; then, a transformation module translates the JSON policies into fully compliant U-XACML policies. To ensure generality across different domains, we introduce a taxonomy-driven dataset creation, which enables policy creation for different environments such as smart homes, smart offices, and healthcare settings. Our evaluation demonstrates that the system achieves 93 % accuracy in policy generation and 91 % accuracy when handling ambiguous or noisy inputs. It also reaches 98 % agreement with expert-defined policies in real-world scenarios. Finally, on-device performance evaluations confirm the feasibility of running the model in practical settings, demonstrating reliable inference under constrained hardware conditions.| File | Dimensione | Formato | |
|---|---|---|---|
|
Alajramy_On-device-derivation_2026.pdf
accesso aperto
Note: https://doi.org/10.1016/j.future.2025.108067
Tipologia:
Versione editoriale (versione pubblicata con il layout dell'editore)
Licenza:
Creative commons
Dimensione
11.93 MB
Formato
Adobe PDF
|
11.93 MB | Adobe PDF |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
