Access-Control Model of Super Business System Based on Business Entity

Round 1

Reviewer 1 Report

Extensive Research took Place in the content. Various Access control models are proposed by earlier researchers. Authors have not taken them into consideration. Security Aspect of access control models is also not taken into consideration. Latest research articles in the area to be reviewed, presented in related study and comparative analysis of the earlier proposed access control models to be included in the article. This comparison has to become the basis for the proposed model. 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

In order to solve the problem that the traditional access control model (DAC, MAC and RBAC) is not suitable for the super service system with many services and complex permissions, this paper proposes a business entity-based access control model named BE-BAC. The concept of business entity is proposed, the access control model based on business entity is designed, and the authorization of access control based on business entity is implemented. The model realizes the connection relationship among users, business entities and business permissions. The security analysis and comprehensive comparison of the model show that the model can provide security for the access control of users in the super service system.

In this paper, the basic specification is written, the problem description is clear, and the solution is effective and clear. The comparative experimental results show that the method is effective. Some questions are as follows:

1. In Section 3.3, the table should have a name. Should attMap be attrMap?

2. In Algorithm 2, secondary should be Secondary, in Algorithm 3, mapping should be Mapping. There are other issues like this that need to be examined carefully by the authors.

3. In Table 3, the advantages of the BE-BAC model over other models should be described in detail, although the table shows the improvement.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

This paper presents the a business entity-based access control model (BE-BAC). Also the main contribution are:

-> put forward the concept of business entity and construct the structure of the business entity, which is composed of attributes, methods, and mechanisms

->  The access control model based on the business entity is described, and the related elements are described formally;

->  The access control flow based on the business entity is designed, and the security of the model is proved.

So in reviewer opinion the contribution is really sufficient for the publication. Also the topic is hot. Content sutes to Electronics journal section "Computer Science & Engineering"

But I have some recommendations to improve this paper:

-> the abstract should contain main results presented in the quantitative approach. So please revise.

-> at this moment paper discuss 20 literature positions. All are relevant. But number of them is low. Please add 10 positions in total including 5 from 2021-2022 year.

-> Please add an additional introduction to section 3. ACCESS CONTROL MODEL BASED ON BUSINESS ENTITY before subsection 3.1. The Basic elements. The same situation with sections "4. ACCESS CONTROL PROCESS BASED ON BUSINESS ENTITY", and "5. MODEL ANALYSIS".

-> Please revise section 6. The results of this work should be discussed in context of secondary literature and pros for a wider context. 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Revisions are justifiable. Article can be accepted for publication.

Reviewer 3 Report

Paper can be accepted in present form.