Supposedly this paper is about financial and cloud security, but I could not find much about these aspects in the authors’ model. Their security architecture, presented in a figure, considers only authentication, and there is no mention of authorization, logging, or cryptography. For one thing, the authors confuse authentication with authorization, two very different concepts.
There are several access control methods in the literature based on semantic models, but the authors ignore that work. Instead, there is talk of attributes and features used to control access, but these are never described. The development of their model is purely based on a set of equations, but there is no concrete example of their purpose. Their validation validates the equations, but says nothing about the security of the system. There is talk of semantic matching, but it is not clear what is being matched. There are numerous terms without a precise definition: ontology, access control, and user status. These are important in this context and have several meanings, so a precise definition is very necessary. For example, the authors use ontologies, but this term is not described. An ontology is a collection of entities with associations between them in a particular domain, but they seem to have something else in mind; in fact, the paper has no reference to any ontology paper.
The style is confusing; also, the English is poor and hard to understand. It is beyond my comprehension that such a paper was accepted for this journal. I cannot recommend it to any reader.