Next Article in Journal
Modeling, Load Profile Validation, and Assessment of Solar-Rooftop Energy Potential for Low-and-Moderate-Income Communities in the Caribbean
Next Article in Special Issue
Quad Key-Secured 3D Gauss Encryption Compression System with Lyapunov Exponent Validation for Digital Images
Previous Article in Journal
Mechanical Assembly Monitoring Method Based on Semi-Supervised Semantic Segmentation
Previous Article in Special Issue
SwitchFuzz: Switch Short-Term Goals in Directed Grey-Box Fuzzing
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Applied Sciences
Volume 13
Issue 2
10.3390/app13021183
Review Report
applsci-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

A Framework for Attribute-Based Access Control in Processing Big Data with Multiple Sensitivities

Appl. Sci. 2023, 13(2), 1183; https://doi.org/10.3390/app13021183
by Anne M. Tall 1,2,* and Cliff C. Zou 3
Reviewer 1:
Toktam Khatibi
Reviewer 2:
Jinlong Ma
Reviewer 3:
Erfan Hassannayebi
Appl. Sci. 2023, 13(2), 1183; https://doi.org/10.3390/app13021183
Submission received: 19 December 2022 / Revised: 12 January 2023 / Accepted: 13 January 2023 / Published: 16 January 2023
(This article belongs to the Special Issue Applications of Enhancing Network Security: Latest Advances and Prospects)

Round 1

Reviewer 1 Report

It is a valuable study.

Its evaluation and validation should be improved.

Its novelties could be more highlighted with comparing to the state-of-the-art methods

the advantages of this work should be mentioned

Author Response

Thank you for your feedback that this is a valuable study.

The evaluation and validation were improved by adding Table 5 to Section 4, “Discussion”.  In this table we emphasized the importance of our recommendations by identifying the published Common Weaknesses and Exploits (CWEs) these recommendations address.  We also identified the development strategies to incorporate these capabilities based upon the Hadoop ecosystem projects we researched and tested.

In section 1 (starting at line 45) we added a paragraph further explaining our framework and the importance and novelty of our proposed approach.  We believe this is the first framework published in the research community that describes a novel approach for comprehensive analysis of security for Big Data Processing (BDP). Since ABAC is a state-of-the-art approach to Access Control (AC) we believe focusing on this area provides new insights for securing large datasets with multiple sensitives.

In section 1.10, Motivation, (line 102) we expanded our discussion on the importance of our framework for BDP security.  Also, in Table 1 we clarified the broad application of AC methods to various use cases. We also expanded the summary of our contributions in section 5, conclusions.  This updated section was expanded to clarify the three key areas of our proposed framework:   analysis/application of standards, prototype testing, and architecture implementation strategy. Overall, we reviewed the entire paper in detail based upon this feedback and clarified/consolidated various sentences to make them more precise and concise.

Reviewer 2 Report

This submission tried to implement a prototype application of ABAC to large dataset processing in Amazon Web Services. For this purpose, the author has made the following efforts:

1.     develop a synthetic dataset of information at multiple sensitivity levels that realistically represents healthcare and connected social media data.

2.     developed Apache Spark programs that extract, connect, and transform data in a manner representative of a realistic use case.

Finally, the authors summarized a variety of serious cybersecurity concerns that must be addressed. This study lay a solid foundation for the future work.

 

It is always valuable to build a new secure database framework. However, there are some problems in this paper. Here are some comments I have. I hope these could lead to a positive change of the article. 

1. Some key parts of the article are treated sloppily. In fact, there are many redundant parts in the article. I don't want to give a full list, but, at lines 837-839, I don 't understand the meaning of this passage. On the other hand, why Apache Hadoop and ABAC are introduced in such detail in sec 1.2 and sec 1.3? I think these introductions should be brief. 

2. The significance of this paper is not expounded sufficiently. Not only the authors should provide more motivation for this framework, but also the readers would like to know the comparison of this framework and existing studies. We cannot simply try to build the Framework for Attribute Based Access Control just because we are able to do so. There should be more reasons for people to consider this framework. 

3. There are unclear descriptions in the construction of framework. I give a typical example. At line 338, why choose the Provenance History Based AC method as the experimental method? Again, I don't want to give a full list, but table 1 does not need to introduce each method, this article is not a review paper.

4. It is noted that your result section requires more careful editing, I think the structure of the result is too messy. The configuration of the experiment should not be counted as experimental results. In addition, a primary goal of our experiment was to examine the capability of the framework to support fine-grained ABAC. (Line 709 710), but I do not think that the description and pictures in the 3.14 section can represent the experimental results. I think the description of the experimental results should be clearer.

 5. Two papers about data traffic should be cited:

[1] Traffic dynamics on multilayer networks with different speeds. IEEE Transactions on Circuits and Systems II: Express Briefs. 2022, 69(3): 1697 - 1701.

[2] An efficient link closing strategy for improving traffic capacity on scale-free networks. Physica A: Statistical Mechanics and Its Applications. 2022, 604: 127887.

6. Finally, I have a hard time understanding the discussion part. The article cannot rely solely on language description to explain the experimental results. In addition, I think the vagueness of discussion makes it hard to justify the article being published at the current stage.  If the authors want the manuscript to be published, they need to proofread the sec 4 very carefully.

In general, the whole text needs some modifications because there are several annoying parts which bothered me while read the paper. I hope these comments will help you.

Author Response

Thank you for your detailed and thoughtful feedback.  We appreciate your recognition that our work is valuable to building a new secure database framework.

Comment 1 - We reviewed the entire paper in detail based upon this feedback and clarified/consolidated various sentences to make them more precise and concise. For example, at lines 837-839, we updated this section and added a table to provide a stronger and more clear motivation for our results.

We believe it is important to provide background information on Apache Hadoop and ABAC in sections 1.2 and 1.3 because these technologies are not widely known in detail by the broad journal readership.  We reread these sections to ensure that the key points associated with the security nuances with big data processing were emphasized so that these summaries help inform a reader in a concise manner.

Comment 2 - In section 1 (starting at line 45) we added a paragraph further explaining our framework and the importance and novelty of our proposed approach.  We believe this is the first framework published in the research community that describes a novel approach for comprehensive analysis of security for Big Data Processing (BDP). Since ABAC is a state-of-the-art approach to Access Control (AC) we believe focusing on this area provides new insights for securing large datasets with multiple sensitives.

Comment 3 - In section 1.10, Motivation, (line 102) we expanded our discussion on the importance of our framework for BDP security.  In Table 1 we clarified the broad application of AC methods to various use cases.  At line 353, prior to Table 1, we added a sentence to explain that our healthcare-social media use case we believe is best suited to the provenance, history-based model.

Comment 4 – We reviewed the entire paper based upon this comment and clarified the framework and our unique contributions in several locations.  Installing and configuring an open-source version of Hadoop on a cluster of AWS EC2 instances is complex.  However, it is necessary to discover and fully understand all of the security issues.  We believe the details associated with this experimental configuration are important to capture and share so that others can replicate, confirm and build upon this work.  Ultimately many operational configurations will use commercial products, however, researchers look deeper into the potential security issues that remain in these commercial products.

Comment 5 – We have added the recommended references to section 3.4.4 on performance analysis.

Comment 6 - The evaluation and validation was improved by adding Table 5 to Section 4, “Discussion”.  In this table we emphasized the importance of our recommendations by identifying the published Common Weaknesses and Exploits (CWEs) these recommendations address.  We also identified the development strategies to incorporate these capabilities based upon the Hadoop ecosystem projects we researched and tested.

Reviewer 3 Report

Overall, this paper is very interesting and well written. The topic is in line with the scope of the journal. I could follow the logic well and analysis, and synthesis seems to be valid. Nevertheless, the paper cannot be acknowledged for publication in its current form. The authors are invited to tackle several aspects that are not yet clearly explained or enough detailed.

Thus, I recommend to be published after some minor revisions provided as follows:

·       My main concern is the way that the authors present the information in this literature review. One of the main objects of any scientific paper is providing information to the scientific community to replicate the work and use it for their applications. Sometimes, providing extra information only make people more confuse and do not add more value to our work. In the current format, I doubt that someone can read the paper, follow the procedures and receive the same data, and end up with the results you have provided.

·       In the introduction part, the existing work is described and referenced without proper logic. A more targeted overview and summary according to the topic of this paper need to be conducted again. 

·       While the literature review seems to be thoroughly done, the paper is not very successful in elaborating on the research questions that the study is trying to address. Such a statement is very important for readers' understanding and should be presented clearly in the Abstract, Introduction, and Conclusion.

 

·       There should be some discussion about the limitations/shortcomings of the proposed framework.

Author Response

Thank you for your detailed comments and recognition that our paper is very interesting and well written.

In response to the concern regarding the way the information is presented we reviewed the entire paper to clarify our overall approach and references to the details in our GitHub repository.

We updated the abstract, introduction and motivation to provide a more targeted overview and summary.  We also believe this provides a clearer overview of the research objectives and results. Specific changes made, included in section 1 (starting at line 45) we added a paragraph further explaining our framework and the importance and novelty of our proposed approach.  We believe this is the first framework published in the research community that describes a novel approach for comprehensive analysis of security for Big Data Processing (BDP). Since ABAC is a state-of-the-art approach to Access Control (AC) we believe focusing on this area provides new insights for securing large datasets with multiple sensitives. In section 1.10, Motivation, (line 102) we expanded our discussion on the importance of our framework for BDP security. In Table 1 we clarified the broad application of AC methods to various use cases.  At line 353, prior to Table 1, we added a sentence to explain that our healthcare-social media use case we believe is best suited to the provenance, history-based model.

We added section 3.5 to discuss the limitations of the experiments conducted during this research. Overall, we reviewed the entire paper based upon these comments and clarified the framework and our unique contributions in several locations. 

Round 2

Reviewer 2 Report

In the new version manuscript, the paper has been great improved. All my concerns have been properly addressed. Thus, I recommend the acceptance of this paper. 

Back to TopTop