AC4A: Access Control for Agents
Reshabh K Sharma, Dan Grossman
TL;DR
AC4A introduces a flexible access control framework for LLM agents, enabling fine-grained permissions to limit resource access and improve security in API and web interactions.
Contribution
The paper presents AC4A, a novel, adaptable access control framework for agents that enforces resource-specific permissions across APIs and web pages.
Findings
AC4A effectively enforces permissions in real-world API interactions.
It provides a hierarchical resource model inspired by Unix permissions.
Case studies demonstrate practical applicability and security benefits.
Abstract
Large Language Model (LLM) agents combine the chat interaction capabilities of LLMs with the power to interact with external tools and APIs. This enables them to perform complex tasks and act autonomously to achieve user goals. However, current agent systems operate on an all-or-nothing basis: an agent either has full access to an API's capabilities and a web page's content, or it has no access at all. This coarse-grained approach forces users to trust agents with more capabilities than they actually need for a given task. In this paper, we introduce AC4A, an access control framework for agents. As agents become more capable and autonomous, users need a way to limit what APIs or portions of web pages these agents can access, eliminating the need to trust them with everything an API or web page allows. Our goal with AC4A is to provide a framework for defining permissions that lets…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAccess Control and Trust · Security and Verification in Computing · Multi-Agent Systems and Negotiation