{"id":"https://openalex.org/W7125474167","doi":"https://doi.org/10.1016/j.jisa.2026.104379","title":"AGentVLM: Access control policy generation and verification framework with language models","display_name":"AGentVLM: Access control policy generation and verification framework with language models","publication_year":2026,"publication_date":"2026-01-23","ids":{"openalex":"https://openalex.org/W7125474167","doi":"https://doi.org/10.1016/j.jisa.2026.104379"},"language":"en","primary_location":{"id":"doi:10.1016/j.jisa.2026.104379","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.jisa.2026.104379","pdf_url":null,"source":{"id":"https://openalex.org/S4210191536","display_name":"Journal of Information Security and Applications","issn_l":"2214-2126","issn":["2214-2126","2214-2134"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Security and Applications","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"hybrid","oa_url":"https://doi.org/10.1016/j.jisa.2026.104379","any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5093023316","display_name":"Sakuna Harinda Jayasundara","orcid":null},"institutions":[{"id":"https://openalex.org/I154130895","display_name":"University of Auckland","ror":"https://ror.org/03b94tp07","country_code":"NZ","type":"education","lineage":["https://openalex.org/I154130895"]}],"countries":["NZ"],"is_corresponding":true,"raw_author_name":"Sakuna Harinda Jayasundara","raw_affiliation_strings":["University of Auckland, New Zealand"],"affiliations":[{"raw_affiliation_string":"University of Auckland, New Zealand","institution_ids":["https://openalex.org/I154130895"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5123679703","display_name":"Nalin Asanka Gamagedara Arachchilage","orcid":null},"institutions":[{"id":"https://openalex.org/I82951845","display_name":"RMIT University","ror":"https://ror.org/04ttjf776","country_code":"AU","type":"education","lineage":["https://openalex.org/I82951845"]}],"countries":["AU"],"is_corresponding":false,"raw_author_name":"Nalin Asanka Gamagedara Arachchilage","raw_affiliation_strings":["RMIT University, Australia"],"affiliations":[{"raw_affiliation_string":"RMIT University, Australia","institution_ids":["https://openalex.org/I82951845"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5072751099","display_name":"Giovanni Russello","orcid":"https://orcid.org/0000-0001-6987-0803"},"institutions":[{"id":"https://openalex.org/I154130895","display_name":"University of Auckland","ror":"https://ror.org/03b94tp07","country_code":"NZ","type":"education","lineage":["https://openalex.org/I154130895"]}],"countries":["NZ"],"is_corresponding":false,"raw_author_name":"Giovanni Russello","raw_affiliation_strings":["University of Auckland, New Zealand"],"affiliations":[{"raw_affiliation_string":"University of Auckland, New Zealand","institution_ids":["https://openalex.org/I154130895"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5093023316"],"corresponding_institution_ids":["https://openalex.org/I154130895"],"apc_list":{"value":3140,"currency":"USD","value_usd":3140},"apc_paid":{"value":3140,"currency":"USD","value_usd":3140},"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.3256397,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"98","issue":null,"first_page":"104379","last_page":"104379"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.47859999537467957,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.47859999537467957,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},{"id":"https://openalex.org/T12479","display_name":"Web Application Security Vulnerabilities","score":0.03759999945759773,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10028","display_name":"Topic Modeling","score":0.03150000050663948,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/access-control","display_name":"Access control","score":0.795799970626831},{"id":"https://openalex.org/keywords/computer-access-control","display_name":"Computer access control","score":0.5343000292778015},{"id":"https://openalex.org/keywords/data-access","display_name":"Data access","score":0.5307000279426575},{"id":"https://openalex.org/keywords/natural-language-generation","display_name":"Natural language generation","score":0.4569999873638153},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.44620001316070557},{"id":"https://openalex.org/keywords/confidentiality","display_name":"Confidentiality","score":0.4316999912261963},{"id":"https://openalex.org/keywords/discretionary-access-control","display_name":"Discretionary access control","score":0.42239999771118164},{"id":"https://openalex.org/keywords/control","display_name":"Control (management)","score":0.3849000036716461},{"id":"https://openalex.org/keywords/information-access","display_name":"Information access","score":0.38440001010894775}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8195000290870667},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.795799970626831},{"id":"https://openalex.org/C44415380","wikidata":"https://www.wikidata.org/wiki/Q17008721","display_name":"Computer access control","level":3,"score":0.5343000292778015},{"id":"https://openalex.org/C47487241","wikidata":"https://www.wikidata.org/wiki/Q5227230","display_name":"Data access","level":2,"score":0.5307000279426575},{"id":"https://openalex.org/C2776187449","wikidata":"https://www.wikidata.org/wiki/Q1513879","display_name":"Natural language generation","level":3,"score":0.4569999873638153},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.44620001316070557},{"id":"https://openalex.org/C71745522","wikidata":"https://www.wikidata.org/wiki/Q2476929","display_name":"Confidentiality","level":2,"score":0.4316999912261963},{"id":"https://openalex.org/C48814466","wikidata":"https://www.wikidata.org/wiki/Q1228590","display_name":"Discretionary access control","level":4,"score":0.42239999771118164},{"id":"https://openalex.org/C2775924081","wikidata":"https://www.wikidata.org/wiki/Q55608371","display_name":"Control (management)","level":2,"score":0.3849000036716461},{"id":"https://openalex.org/C2776543384","wikidata":"https://www.wikidata.org/wiki/Q593289","display_name":"Information access","level":2,"score":0.38440001010894775},{"id":"https://openalex.org/C195324797","wikidata":"https://www.wikidata.org/wiki/Q33742","display_name":"Natural language","level":2,"score":0.38179999589920044},{"id":"https://openalex.org/C195807954","wikidata":"https://www.wikidata.org/wiki/Q1662562","display_name":"Information extraction","level":2,"score":0.3734999895095825},{"id":"https://openalex.org/C2777407602","wikidata":"https://www.wikidata.org/wiki/Q1888932","display_name":"Mandatory access control","level":4,"score":0.3529999852180481},{"id":"https://openalex.org/C45567728","wikidata":"https://www.wikidata.org/wiki/Q1702839","display_name":"Role-based access control","level":3,"score":0.33230000734329224},{"id":"https://openalex.org/C188198153","wikidata":"https://www.wikidata.org/wiki/Q1613840","display_name":"Limiting","level":2,"score":0.32330000400543213},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.3179999887943268},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.3052999973297119},{"id":"https://openalex.org/C180198813","wikidata":"https://www.wikidata.org/wiki/Q121182","display_name":"Information system","level":2,"score":0.2797999978065491},{"id":"https://openalex.org/C77088390","wikidata":"https://www.wikidata.org/wiki/Q8513","display_name":"Database","level":1,"score":0.27970001101493835},{"id":"https://openalex.org/C109747225","wikidata":"https://www.wikidata.org/wiki/Q815758","display_name":"Scarcity","level":2,"score":0.27730000019073486},{"id":"https://openalex.org/C1304207","wikidata":"https://www.wikidata.org/wiki/Q7189582","display_name":"Physical access","level":3,"score":0.2766000032424927},{"id":"https://openalex.org/C137293760","wikidata":"https://www.wikidata.org/wiki/Q3621696","display_name":"Language model","level":2,"score":0.2728999853134155},{"id":"https://openalex.org/C137822555","wikidata":"https://www.wikidata.org/wiki/Q2587068","display_name":"Information sensitivity","level":2,"score":0.26409998536109924},{"id":"https://openalex.org/C179603123","wikidata":"https://www.wikidata.org/wiki/Q1941921","display_name":"Modeling language","level":3,"score":0.2639999985694885},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.2628999948501587},{"id":"https://openalex.org/C2780264999","wikidata":"https://www.wikidata.org/wiki/Q7445032","display_name":"Security domain","level":2,"score":0.25369998812675476},{"id":"https://openalex.org/C2778002324","wikidata":"https://www.wikidata.org/wiki/Q4488810","display_name":"Access management","level":2,"score":0.250900000333786}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1016/j.jisa.2026.104379","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.jisa.2026.104379","pdf_url":null,"source":{"id":"https://openalex.org/S4210191536","display_name":"Journal of Information Security and Applications","issn_l":"2214-2126","issn":["2214-2126","2214-2134"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Security and Applications","raw_type":"journal-article"}],"best_oa_location":{"id":"doi:10.1016/j.jisa.2026.104379","is_oa":true,"landing_page_url":"https://doi.org/10.1016/j.jisa.2026.104379","pdf_url":null,"source":{"id":"https://openalex.org/S4210191536","display_name":"Journal of Information Security and Applications","issn_l":"2214-2126","issn":["2214-2126","2214-2134"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320990","host_organization_name":"Elsevier BV","host_organization_lineage":["https://openalex.org/P4310320990"],"host_organization_lineage_names":["Elsevier BV"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Journal of Information Security and Applications","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":13,"referenced_works":["https://openalex.org/W2890161843","https://openalex.org/W2894314083","https://openalex.org/W2914304911","https://openalex.org/W2914854069","https://openalex.org/W2923014074","https://openalex.org/W3034999214","https://openalex.org/W4205131770","https://openalex.org/W4212926655","https://openalex.org/W4294214983","https://openalex.org/W4389518760","https://openalex.org/W4389524014","https://openalex.org/W4391836235","https://openalex.org/W4404823305"],"related_works":[],"abstract_inverted_index":{"\u2022":[0,13,35,45,54],"We":[1,14,36,46,55],"introduce":[2,15,37],"AGentVLM,":[3,48,113],"a":[4,16,38,114,216,228],"novel":[5,17,39,115],"access":[6,18,29,32,40,67,97,116,153,194],"control":[7,33,41,68,117,154],"policy":[8,42,118,218],"generation":[9,65,119,219],"and":[10,76,83,120,190,205],"verification":[11,43,121,229],"framework.":[12],"control-specific":[19,195],"structured":[20,196],"information":[21,197,207],"extraction":[22,198],"method":[23,201],"for":[24],"translating":[25],"complex":[26,96,185],"natural":[27,151],"language":[28,127,152],"requirements":[30,73,98],"into":[31],"policies.":[34],"technique.":[44,199],"evaluate":[47],"showing":[49],"it":[50],"achieves":[51],"state-of-the-art":[52,217],"accuracy.":[53,106],"release":[56,249],"two":[57,250],"annotated":[58,251],"datasets,":[59],"addressing":[60,253],"the":[61,209,254],"data":[62,84,138],"scarcity.":[63],"Manual":[64],"of":[66,165,222,256],"policies":[69,155,175,240],"from":[70,157,212],"high-level":[71,158],"organizational":[72],"is":[74],"labor-intensive":[75],"error-prone,":[77],"often":[78],"leading":[79,214],"to":[80,100,172,215,237],"critical":[81],"failures":[82],"breaches.":[85],"While":[86],"automated":[87],"frameworks":[88,170],"have":[89],"been":[90],"proposed,":[91],"existing":[92,169],"approaches":[93],"struggle":[94],"with":[95,176],"due":[99],"poor":[101],"domain":[102],"adaptation,":[103],"limiting":[104],"their":[105],"To":[107,243],"address":[108],"these":[109],"challenges,":[110],"we":[111,247],"propose":[112],"framework":[122,131],"based":[123],"on":[124,143],"small,":[125],"open-source":[126],"models":[128],"(LMs).":[129],"Our":[130],"enables":[132],"its":[133],"efficient":[134],"on-premise":[135],"deployment,":[136],"preserving":[137],"confidentiality":[139],"by":[140],"avoiding":[141],"reliance":[142],"third-party":[144],"black-box":[145],"LMs.":[146],"AGentVLM":[147,182,226],"excels":[148],"in":[149],"identifying":[150],"(NLACPs)":[156],"requirements,":[159],"achieving":[160],"an":[161,193],"average":[162],"F1":[163,220],"score":[164,221],"90.6":[166],"%.":[167,224],"Unlike":[168],"limited":[171],"generating":[173],"simple":[174],"three":[177],"components":[178],"(subject,":[179],"action,":[180],"resource),":[181],"effectively":[183],"extracts":[184],"elements":[186],"such":[187],"as":[188],"purposes":[189],"conditions":[191],"using":[192],"This":[200],"captures":[202],"both":[203],"word-level":[204],"semantic":[206],"at":[208],"same":[210],"time":[211],"NLACPs,":[213],"80.6":[223],"Additionally,":[225],"introduces":[227],"technique":[230],"that":[231],"provides":[232],"actionable":[233],"feedback,":[234],"allowing":[235],"administrators":[236],"refine":[238],"inaccurate":[239],"before":[241],"deployment.":[242],"support":[244],"future":[245],"research,":[246],"also":[248],"datasets":[252],"scarcity":[255],"domain-specific":[257],"data.":[258]},"counts_by_year":[],"updated_date":"2026-01-25T23:04:38.658462","created_date":"2026-01-24T00:00:00"}