On-device derivation of IoT usage control policies: Automating U-XACML policy generation from natural language with LLMs in smart homes environments

In this paper, we present a framework that integrates AI-based derivation of Access and Usage Control policies for IoT devices, using Large Language Models (LLMs) to automate the generation of policies from unstructured natural language commands. The framework employs a hybrid approach, combining LLMs with dedicated libraries to ensure efficient on-device execution. Our approach is based on a two-step process: first, a fine-tuned LLM converts user commands into structured JSON policy representations; then, a transformation module translates the JSON policies into fully compliant U-XACML policies. To ensure generality across different domains, we introduce a taxonomy-driven dataset creation, which enables policy creation for different environments such as smart homes, smart offices, and healthcare settings. Our evaluation demonstrates that the system achieves 93 % accuracy in policy generation and 91 % accuracy when handling ambiguous or noisy inputs. It also reaches 98 % agreement with expert-defined policies in real-world scenarios. Finally, on-device performance evaluations confirm the feasibility of running the model in practical settings, demonstrating reliable inference under constrained hardware conditions.