Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Search
Intercrossed access controls for secure financial services on multimedia big data in cloud systems
Li Y., Gai K., Ming Z., Zhao H., Qiu M. ACM Transactions on Multimedia Computing, Communications, and Applications12 (4s):1-18,2016.Type:Article
Date Reviewed: Oct 26 2016

Supposedly this paper is about financial and cloud security, but I could not find much about these aspects in the authors’ model. Their security architecture, presented in a figure, considers only authentication, and there is no mention of authorization, logging, or cryptography. For one thing, the authors confuse authentication with authorization, two very different concepts.

There are several access control methods in the literature based on semantic models, but the authors ignore that work. Instead, there is talk of attributes and features used to control access, but these are never described. The development of their model is purely based on a set of equations, but there is no concrete example of their purpose. Their validation validates the equations, but says nothing about the security of the system. There is talk of semantic matching, but it is not clear what is being matched. There are numerous terms without a precise definition: ontology, access control, and user status. These are important in this context and have several meanings, so a precise definition is very necessary. For example, the authors use ontologies, but this term is not described. An ontology is a collection of entities with associations between them in a particular domain, but they seem to have something else in mind; in fact, the paper has no reference to any ontology paper.

The style is confusing; also, the English is poor and hard to understand. It is beyond my comprehension that such a paper was accepted for this journal. I cannot recommend it to any reader.

Reviewer:  E. B. Fernandez Review #: CR144869 (1701-0061)
Bookmark and Share
  Reviewer Selected
Featured Reviewer
 
 
Security and Protection (D.4.6 )
 
 
General (H.2.0 )
 
 
Requirements/ Specifications (D.2.1 )
 
Would you recommend this review?
yes
no
Other reviews under "Security and Protection": Date
Practical UNIX security
Garfinkel S., Spafford G., O’Reilly & Associates, Inc., Sebastopol, CA, 1991. Type: Book (9780937175729)
Jun 1 1992
Trusted products evaluation
Chokhani S. Communications of the ACM 35(7): 64-76, 1992. Type: Article
Oct 1 1993
An experience using two covert channel analysis techniques on a real system design
Haigh J., Kemmerer R., McHugh J., Young W. IEEE Transactions on Software Engineering SE-13(2): 157-168, 1987. Type: Article
Nov 1 1987
more...

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2024 ThinkLoud®
Terms of Use
| Privacy Policy