Activation-Space Anchored Access Control for Multi-Class Permission Reasoning in Large Language Models

Large language models (LLMs) are increasingly deployed over knowledge bases for efficient knowledge retrieval and question answering. However, LLMs can inadvertently answer beyond a user's permission scope, leaking sensitive content, thus making it difficult to deploy knowledge-base QA under fine-grained access control requirements. In this work, we identify a geometric regularity in intermediate activations: for the same query, representations induced by different permission scopes cluster distinctly and are readily separable. Building on this separability, we propose Activation-space Anchored Access Control (AAAC), a training-free framework for multi-class permission control. AAAC constructs an anchor bank, with one permission anchor per class, from a small offline sample set and requires no fine-tuning. At inference time, a multi-anchor steering mechanism redirects each query's activations toward the anchor-defined authorized region associated with the current user, thereby suppressing over-privileged generations by design. Finally, extensive experiments across three LLM families demonstrate that AAAC reduces permission violation rates by up to 86.5% and prompt-based attack success rates by 90.7%, while improving response usability with minor inference overhead compared to baselines.

Key Contributions

• Identifies that different permission scopes induce geometrically separable clusters in LLM intermediate activations, enabling activation-space classification of permission scope
• Proposes AAAC, a training-free multi-anchor activation steering framework that redirects queries toward the authorized permission region at inference time without fine-tuning
• Introduces MultiPER-Enterprise, a department-scoped enterprise QA benchmark for evaluating fine-grained access control in knowledge-base LLM deployments

🛡️ Threat Analysis

Details

Similar Papers