In general, encryption is applied to clouds in rather unimaginative ways, mostly to protect storage or communications, as with other distributed systems. When I saw “model-based encryption” in the title, I expected an interesting paper. This paper comes from an ACM conference, the International Conference on Information Systems and Design of Communication (ISDOC), and I assumed it would have a good level of quality. I was soon disappointed on both counts.

The authors’ abstract model, common information model (CIM), requires the data owner to encrypt the data, which is stored on a shared server. For authorization, the owner defines a variation of the role-based access control (RBAC) model: organization-based RBAC (ORBAC). The paper says that if the users have the right roles, they can decrypt the data; however, it does not explain how they obtain the necessary keys. Three variations of the authorization model are used, but there is no explanation of how the three models relate to each other. The authors’ experiments compare their model with RBAC with respect to precision and recall. Precision and recall are used for information retrieval. They are strange measures for authorization algorithms. Authorization systems allow users to access all of the data for which they are authorized, so these measures do not apply to them. Also, it is not clear why this model is related to clouds, as indicated in the title.

The English is very poor, which makes understanding even more difficult. Finally, several references are incomplete.