Embedding Security Awareness into a Blockchain-Based Dynamic Access Control Framework for the Zero Trust Model in Distributed Systems

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

Comments:

1) The main contributions of this paper should be highlighted. It is unclear.

2) Please give more details on DACS framework.

3) Although some simulation results are given in Sec. 4, it lacks to show the merit of the proposed framework.

4)The methodology section should be more comprehensive, providing a step-by-step explanation of how the experiments were conducted.

5) There is a need for a more thorough comparison with existing works in the literature to highlight the novelty and improvements of the proposed framework.

Comments on the Quality of English Language

‌The organization and written expression of this paper need to be more coherent and logical.‌ To improve the organization of the paper, the author should ensure that the structure is complete and balanced, with a clear introduction that outlines the research background, purpose, and methodology, a well-organized body that presents arguments and evidence in a logical sequence, and a conclusion that summarizes the main findings and provides insights for future research‌ 

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The paper presents the integration of the Zero Trust model with blockchain-based dynamic access control. However, there are gaps that I have identified that need the following improvements, namely:
1 - Authors should better define the criteria for Trust Metric (TM) and Risk Factor (RF), as they are arbitrary.
2 - Explain in the article how confidence thresholds are determined and validate these values ​​with empirical data.
3 - Expand testing to larger networks, evaluating computational impact and future applications.
4 - Perform security tests against specific attacks, such as Sybil attacks for example.
5 - Compare the performance of the proposed model with other blockchain-based approaches.
6 - An explanation of how Trust Metrics are synchronized between nodes must be included in the article.
7 - An assessment of the impact of decentralization on the response time and efficiency of the system will be necessary.
8 - What is the computational cost of the model in real networks, considering the limitations of Ethereum?
9 - Alternatives such as Hyperledger Fabric for corporate applications should be included in the article.
10 - Include a comparison with other Zero Trust models in blockchain.

Comments on the Quality of English Language

The English could be improved to more clearly express the research.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

1. Introduction is too long. Too much material for the presentation of current research is provided; three long paragraphs. You are advised to distill this material and to provide just itemized contributions of the current research.
2. Section of Review of Related Work is absent. You are advised to provide such a section.
3. You are advised to remove the current section Background. Some material of this section duplicates the information provided in the Introduction; other material can be moved to the section of Review of Related Work.
4. Not only architecture, but processes are shown too in Figure 1. Correct title of the Figure 1.
5. Why consensus Proof of Stake was chosen? Reasoning is needed. To say just “To ensure transparency and resilience” is not enough. The choice must be made on comparison of several consensus algorithms.

Comments on the Quality of English Language

The English could be improved to more clearly express the research.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

This reviewer is satisfied with the revised version. However, the presentation and organization of the paper should be improved. 

Author Response

See the attached response letter. Thank you for your time and feedback.

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

The revised version of the article presents improvements, however, there are still gaps and improvements to be made, namely.
1 - The tests were only carried out in a simulated environment, without validation in real scenarios.
2 - There is a lack of comparisons with other advanced access control solutions.
3 - There is no detailed evaluation of transaction fees across different platforms.
4 - No tests were performed for Sybil attacks.
5 - Practical impact on latency and efficiency not evaluated.

Comments on the Quality of English Language

The English could be improved to more clearly express the research.

Author Response

See the attached response letter. Thank you for your time and feedback.

Author Response File: Author Response.pdf

Reviewer 3 Report

Comments and Suggestions for Authors

Thank you for the revision.

Comments on the Quality of English Language

The English could be improved to more clearly express the research.

Author Response

See the attached response letter. Thank you for your time and feedback.

Author Response File: Author Response.pdf