[CS] Pranav Subramaniam Dissertation Defense/Jul 17, 2025

via cs cs at mailman.cs.uchicago.edu
Mon Jul 14 12:10:19 CDT 2025 

This is an announcement of Pranav Subramaniam's Dissertation Defense.
===============================================
Candidate: Pranav Subramaniam

Date: Thursday, July 17, 2025

Time:  3 pm CST

Remote Location: https://uchicago.zoom.us/j/97795003426?pwd=7y6NvJZNCm8tBSGxKXSahDV6u6fGCi.1  Meeting ID: 977 9500 3426 Passcode: 447851

Location: JCL 298

Title: Agentic Access Control Workflows: Towards Automated Database Deployment

Abstract: In every enterprise database, administrators must define an access control policy that specifies which users have access to which tables. Access control straddles two worlds: policy (organization-level principles that define who “should” have access) and process (database-level operations that actually implement the policy). Assessing and enforcing process compliance with a policy is currently a manual and ad-hoc task. In this thesis, I show that LLMs can be used to generate DB access control implementations from policy documents effectively. To achieve this, this thesis first proposes a novel policy linting usage model for access control involving not only synthesis of access control implementations from policy documents, but auditing of implementations against policy documents for effective debugging of database access control. To perform synthesis and auditing accurately, this thesis then proposes DePLOI (Deployment Policy Linter for Organization Intents), a LLM-backed system leveraging access control-specific task decompositions to accurately synthesize and audit access control implementation. DePLOI leverages novel access control-specific task decompositions, prompting strategies, and a novel access control model that serves as an input policy representation for DePLOI, which I call Intent-Based Access Control for Databases (IBAC-DB). Lastly, while access control policy can be expressed using IBAC-DB, I recognize that organizations will still need to write security policy documents. Therefore, to make DePLOI end-to-end, this thesis shows that as long as text related to access control is roughly structured in a policy document, it is possible to create an accurate ACM Extraction Agent via an agentic training workflow. This output ACM can then be given to DePLOI to synthesize and audit access control implementations.

Advisors: Sanjay Krishnan

Committee Members: Sanjay Krishnan, Michael Franklin, and Grant Ho

More information about the cs mailing list