An Exploration of Using Retrieval-Augmented Generation With Access Control
Chen, Bingxiang (2024)
2024
Master's Programme in Computing Sciences
Informaatioteknologian ja viestinnän tiedekunta - Faculty of Information Technology and Communication Sciences
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2024-06-25
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tuni-202406207336
https://urn.fi/URN:NBN:fi:tuni-202406207336
Tiivistelmä
With the significant strides in Generative AI technology, large language models' usage promises exciting possibilities for businesses, especially in the development of conversational AI chatbots with field-specific knowledge. However, using private and enterprise data also creates substantial challenges in data security and privacy. There may also be cases where a specific organizational document may not be accessed by all users during the time we train LLM using such documents. For example, a party that was not supposed to have access to a particular dataset may be able to retrieve the same by interacting with the models that had been trained over the same dataset. The key question is how we can guarantee a response from the model only contains information that the given user has the right to see.
This study presents a method for integrating access control mechanisms with generative AI services to reduce the risk of internal secret leakage and ensure model outputs are strictly limited to data users are authorized to access. A key result of this work is the development of a Proof of Concept that combines access control with a Retrieval-Augmented Generation (RAG) model, which can generate and summarize information in the field of confidential patient data.
The result of the thesis is a comprehensive study of the RAG system, access control mechanisms, associated technologies, and on-premises solutions. Finally, it was proved that it is feasible to apply fine-grained access control with LLMs, marking a major advancement in creating personalized and secure AI applications.
This study presents a method for integrating access control mechanisms with generative AI services to reduce the risk of internal secret leakage and ensure model outputs are strictly limited to data users are authorized to access. A key result of this work is the development of a Proof of Concept that combines access control with a Retrieval-Augmented Generation (RAG) model, which can generate and summarize information in the field of confidential patient data.
The result of the thesis is a comprehensive study of the RAG system, access control mechanisms, associated technologies, and on-premises solutions. Finally, it was proved that it is feasible to apply fine-grained access control with LLMs, marking a major advancement in creating personalized and secure AI applications.