{"id":"https://openalex.org/W4414758096","doi":"https://doi.org/10.1109/ms.2025.3617078","title":"Leveraging Large Language Models for Automated Access Policies Generation: An Agentware Approach","display_name":"Leveraging Large Language Models for Automated Access Policies Generation: An Agentware Approach","publication_year":2025,"publication_date":"2025-10-02","ids":{"openalex":"https://openalex.org/W4414758096","doi":"https://doi.org/10.1109/ms.2025.3617078"},"language":"en","primary_location":{"id":"doi:10.1109/ms.2025.3617078","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ms.2025.3617078","pdf_url":null,"source":{"id":"https://openalex.org/S6725529","display_name":"IEEE Software","issn_l":"0740-7459","issn":["0740-7459","1937-4194"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Software","raw_type":"journal-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":null,"any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":null,"display_name":"Maria Teresa Paratore","orcid":"https://orcid.org/0000-0002-0416-4016"},"institutions":[{"id":"https://openalex.org/I122991210","display_name":"Istituto di Scienza e Tecnologie dell'Informazione \"Alessandro Faedo\"","ror":"https://ror.org/05kacka20","country_code":"IT","type":"facility","lineage":["https://openalex.org/I122991210","https://openalex.org/I4210155236"]},{"id":"https://openalex.org/I4210128183","display_name":"Azienda Sanitaria Locale Alessandria","ror":"https://ror.org/039f5pg25","country_code":"IT","type":"other","lineage":["https://openalex.org/I4210128183"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Maria Teresa Paratore","raw_affiliation_strings":["Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy"],"raw_orcid":"https://orcid.org/0000-0002-0416-4016","affiliations":[{"raw_affiliation_string":"Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","institution_ids":["https://openalex.org/I122991210"]},{"raw_affiliation_string":"Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy","institution_ids":["https://openalex.org/I4210128183"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5007417940","display_name":"Eda Marchetti","orcid":"https://orcid.org/0000-0003-4223-8036"},"institutions":[{"id":"https://openalex.org/I122991210","display_name":"Istituto di Scienza e Tecnologie dell'Informazione \"Alessandro Faedo\"","ror":"https://ror.org/05kacka20","country_code":"IT","type":"facility","lineage":["https://openalex.org/I122991210","https://openalex.org/I4210155236"]},{"id":"https://openalex.org/I4210128183","display_name":"Azienda Sanitaria Locale Alessandria","ror":"https://ror.org/039f5pg25","country_code":"IT","type":"other","lineage":["https://openalex.org/I4210128183"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Eda Marchetti","raw_affiliation_strings":["Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy"],"raw_orcid":"https://orcid.org/0000-0003-4223-8036","affiliations":[{"raw_affiliation_string":"Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","institution_ids":["https://openalex.org/I122991210"]},{"raw_affiliation_string":"Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy","institution_ids":["https://openalex.org/I4210128183"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5071323242","display_name":"Antonello Calabr\u00f2","orcid":"https://orcid.org/0000-0001-5502-303X"},"institutions":[{"id":"https://openalex.org/I122991210","display_name":"Istituto di Scienza e Tecnologie dell'Informazione \"Alessandro Faedo\"","ror":"https://ror.org/05kacka20","country_code":"IT","type":"facility","lineage":["https://openalex.org/I122991210","https://openalex.org/I4210155236"]},{"id":"https://openalex.org/I4210128183","display_name":"Azienda Sanitaria Locale Alessandria","ror":"https://ror.org/039f5pg25","country_code":"IT","type":"other","lineage":["https://openalex.org/I4210128183"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Antonello Calabr\u00f2","raw_affiliation_strings":["Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy"],"raw_orcid":"https://orcid.org/0000-0001-5502-303X","affiliations":[{"raw_affiliation_string":"Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","institution_ids":["https://openalex.org/I122991210"]},{"raw_affiliation_string":"Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy","institution_ids":["https://openalex.org/I4210128183"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5021758259","display_name":"Gianluca Trentanni","orcid":null},"institutions":[{"id":"https://openalex.org/I122991210","display_name":"Istituto di Scienza e Tecnologie dell'Informazione \"Alessandro Faedo\"","ror":"https://ror.org/05kacka20","country_code":"IT","type":"facility","lineage":["https://openalex.org/I122991210","https://openalex.org/I4210155236"]},{"id":"https://openalex.org/I4210128183","display_name":"Azienda Sanitaria Locale Alessandria","ror":"https://ror.org/039f5pg25","country_code":"IT","type":"other","lineage":["https://openalex.org/I4210128183"]}],"countries":["IT"],"is_corresponding":false,"raw_author_name":"Gianluca Trentanni","raw_affiliation_strings":["Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"Institute of Information Science and Technologies &#x201C;Alessandro Faedo&#x201D;, Italian National Research Council (CNR), Pisa, Italy","institution_ids":["https://openalex.org/I122991210"]},{"raw_affiliation_string":"Institute of Information Science and Technologies &#x0022;Alessandro Faedo&#x0022;, Pisa, Italy","institution_ids":["https://openalex.org/I4210128183"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.33282167,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":"43","issue":"1","first_page":"81","last_page":"88"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9182999730110168,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T10927","display_name":"Access Control and Trust","score":0.9182999730110168,"subfield":{"id":"https://openalex.org/subfields/3312","display_name":"Sociology and Political Science"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.48030000925064087},{"id":"https://openalex.org/keywords/software-development","display_name":"Software development","score":0.47029998898506165},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.45989999175071716},{"id":"https://openalex.org/keywords/software-architecture","display_name":"Software architecture","score":0.4106999933719635},{"id":"https://openalex.org/keywords/code-generation","display_name":"Code generation","score":0.40619999170303345},{"id":"https://openalex.org/keywords/pipeline","display_name":"Pipeline (software)","score":0.4052000045776367},{"id":"https://openalex.org/keywords/software-construction","display_name":"Software construction","score":0.39590001106262207},{"id":"https://openalex.org/keywords/modeling-language","display_name":"Modeling language","score":0.3813999891281128},{"id":"https://openalex.org/keywords/xacml","display_name":"XACML","score":0.36010000109672546}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7282000184059143},{"id":"https://openalex.org/C115903868","wikidata":"https://www.wikidata.org/wiki/Q80993","display_name":"Software engineering","level":1,"score":0.6780999898910522},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.48030000925064087},{"id":"https://openalex.org/C529173508","wikidata":"https://www.wikidata.org/wiki/Q638608","display_name":"Software development","level":3,"score":0.47029998898506165},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.45989999175071716},{"id":"https://openalex.org/C35869016","wikidata":"https://www.wikidata.org/wiki/Q846636","display_name":"Software architecture","level":3,"score":0.4106999933719635},{"id":"https://openalex.org/C133162039","wikidata":"https://www.wikidata.org/wiki/Q1061077","display_name":"Code generation","level":3,"score":0.40619999170303345},{"id":"https://openalex.org/C43521106","wikidata":"https://www.wikidata.org/wiki/Q2165493","display_name":"Pipeline (software)","level":2,"score":0.4052000045776367},{"id":"https://openalex.org/C186846655","wikidata":"https://www.wikidata.org/wiki/Q3398377","display_name":"Software construction","level":4,"score":0.39590001106262207},{"id":"https://openalex.org/C179603123","wikidata":"https://www.wikidata.org/wiki/Q1941921","display_name":"Modeling language","level":3,"score":0.3813999891281128},{"id":"https://openalex.org/C2779886121","wikidata":"https://www.wikidata.org/wiki/Q288682","display_name":"XACML","level":3,"score":0.36010000109672546},{"id":"https://openalex.org/C123657996","wikidata":"https://www.wikidata.org/wiki/Q12271","display_name":"Architecture","level":2,"score":0.3458999991416931},{"id":"https://openalex.org/C2776760102","wikidata":"https://www.wikidata.org/wiki/Q5139990","display_name":"Code (set theory)","level":3,"score":0.33500000834465027},{"id":"https://openalex.org/C149091818","wikidata":"https://www.wikidata.org/wiki/Q2429814","display_name":"Software system","level":3,"score":0.32850000262260437},{"id":"https://openalex.org/C509989072","wikidata":"https://www.wikidata.org/wiki/Q15188241","display_name":"Model-driven architecture","level":4,"score":0.3248000144958496},{"id":"https://openalex.org/C97382630","wikidata":"https://www.wikidata.org/wiki/Q13501132","display_name":"Resource-oriented architecture","level":5,"score":0.32269999384880066},{"id":"https://openalex.org/C201995342","wikidata":"https://www.wikidata.org/wiki/Q682496","display_name":"Systems engineering","level":1,"score":0.3012000024318695},{"id":"https://openalex.org/C135257023","wikidata":"https://www.wikidata.org/wiki/Q691358","display_name":"Domain-specific language","level":2,"score":0.2930999994277954},{"id":"https://openalex.org/C76518257","wikidata":"https://www.wikidata.org/wiki/Q271680","display_name":"Software framework","level":5,"score":0.28940001130104065},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.28790000081062317},{"id":"https://openalex.org/C52913732","wikidata":"https://www.wikidata.org/wiki/Q857102","display_name":"Software design","level":4,"score":0.2851000130176544},{"id":"https://openalex.org/C73219336","wikidata":"https://www.wikidata.org/wiki/Q7554254","display_name":"Software architecture description","level":5,"score":0.2851000130176544},{"id":"https://openalex.org/C137287247","wikidata":"https://www.wikidata.org/wiki/Q1329550","display_name":"Static program analysis","level":4,"score":0.2752000093460083},{"id":"https://openalex.org/C123551368","wikidata":"https://www.wikidata.org/wiki/Q7122888","display_name":"Package development process","level":5,"score":0.26820001006126404},{"id":"https://openalex.org/C174683762","wikidata":"https://www.wikidata.org/wiki/Q609588","display_name":"Component-based software engineering","level":4,"score":0.25850000977516174},{"id":"https://openalex.org/C145644426","wikidata":"https://www.wikidata.org/wiki/Q169411","display_name":"Unified Modeling Language","level":3,"score":0.25679999589920044},{"id":"https://openalex.org/C43126263","wikidata":"https://www.wikidata.org/wiki/Q128751","display_name":"Source code","level":2,"score":0.2515000104904175},{"id":"https://openalex.org/C56909552","wikidata":"https://www.wikidata.org/wiki/Q2297624","display_name":"Software design description","level":5,"score":0.25130000710487366}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/ms.2025.3617078","is_oa":false,"landing_page_url":"https://doi.org/10.1109/ms.2025.3617078","pdf_url":null,"source":{"id":"https://openalex.org/S6725529","display_name":"IEEE Software","issn_l":"0740-7459","issn":["0740-7459","1937-4194"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310320439","host_organization_name":"IEEE Computer Society","host_organization_lineage":["https://openalex.org/P4310320439","https://openalex.org/P4310319808"],"host_organization_lineage_names":["IEEE Computer Society","Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Software","raw_type":"journal-article"},{"id":"pmh:oai:dnet:iris________::a4f823f439b00135653cfa917cebbfcf","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S7407055261","display_name":"ISTI Open Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE SOFTWARE, pp. 1-8","raw_type":"Journal article"}],"best_oa_location":{"id":"pmh:oai:dnet:iris________::a4f823f439b00135653cfa917cebbfcf","is_oa":true,"landing_page_url":null,"pdf_url":null,"source":{"id":"https://openalex.org/S7407055261","display_name":"ISTI Open Portal","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":"other-oa","license_id":"https://openalex.org/licenses/other-oa","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE SOFTWARE, pp. 1-8","raw_type":"Journal article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":10,"referenced_works":["https://openalex.org/W4293236827","https://openalex.org/W4391592188","https://openalex.org/W4393152795","https://openalex.org/W4394947904","https://openalex.org/W4399785296","https://openalex.org/W4400520863","https://openalex.org/W4404823305","https://openalex.org/W4406754095","https://openalex.org/W4408119864","https://openalex.org/W4411097632"],"related_works":[],"abstract_inverted_index":{"Large":[0],"language":[1],"models":[2,12],"(LLMs)":[3],"are":[4],"probably":[5],"the":[6,84,138],"most":[7],"popular":[8],"type":[9],"of":[10,18,121,137,141],"foundation":[11],"(FMs)":[13],"today.":[14],"The":[15],"growing":[16],"adoption":[17],"conversational":[19],"tools":[20],"such":[21],"as":[22],"ChatGPT":[23],"offers":[24],"new":[25,33],"solutions":[26],"for":[27,63,103,134],"software":[28,48,81,99,125],"development":[29],"challenges":[30,88],"and":[31],"opens":[32],"scenarios":[34],"in":[35,80],"which":[36,71],"FMs":[37,58,79,142],"can":[38,59],"be":[39,73,91],"employed":[40],"to":[41,116],"autonomously":[42],"perform":[43],"specialized":[44,65],"tasks":[45],"within":[46],"a":[47,98,113,124],"architecture":[49,100],"(the":[50],"\u201cagentware\u201d":[51],"paradigm).":[52],"If":[53],"properly":[54],"trained":[55],"or":[56],"instructed,":[57],"produce":[60],"code":[61],"even":[62],"highly":[64],"tasks,":[66],"thus":[67],"benefiting":[68],"small":[69],"companies":[70],"may":[72],"lacking":[74],"specific":[75],"domain":[76],"experts.":[77],"Integrating":[78],"design,":[82],"on":[83,112],"other":[85],"hand,":[86],"introduces":[87],"that":[89,130],"must":[90],"addressed.":[92],"In":[93],"this":[94],"paper":[95],"we":[96],"present":[97],"employing":[101],"agentware":[102],"automating":[104],"XACML":[105],"access":[106],"control":[107],"policy":[108],"generation.":[109],"We":[110,127],"build":[111],"prototype":[114],"pipeline":[115],"propose":[117],"an":[118],"effective":[119],"integration":[120],"agents":[122],"into":[123],"system.":[126],"will":[128],"show":[129],"our":[131],"design":[132],"allows":[133],"optimal":[135],"use":[136],"generative":[139],"power":[140],"while":[143],"tackling":[144],"their":[145],"intrinsic":[146],"limitations.":[147]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2025-10-10T00:00:00"}