The Use of Reactive Programming in the Proposed Model for Cloud Security Controlled by ITSS
Round 1
Reviewer 1 Report
The authors have proposed a solution for cloud security which is a very broad area. The paper just gives an overview and lacks detailed research in the following aspects:
- How is the proposed solution better than existing ones?
- Cloud computing lacks standardisation, how will their proposed solution mitigate issues that may arise from it?
- Cloud security issues are not limited to a single model these issues increase with new deployment models (hybrid, multi-cloud).
Suggest reading and incorporating the below papers: Federated Hybrid Clouds Service Level Agreements and Legal Issues Advances in Intelligent Systems and Computing DOI: 10.1007/978-981-13-1165-9_44
Hybrid Multi-Cloud Demystifying SLAs for Smart City Enterprises Using IoT Applications. DOI: 10.4018/978-1-7998-1253-1.ch003 In book: IoT Architectures, Models, and Platforms for Smart City Applications Chapter: Chapter 3. Publisher: IGI Global - Does this solution eliminate the need for MFA?
- How strong it is in comparison of Quantum Cryptographic solutions?
- Does it provide E2E Security?
I strong recommend the authors to address the questions asked above in the paper. A more detailed literature review is required - the authors should include a table that draws comparison of different cryptographic solutions and their proposed solution to provide clarity.
Also mention whether their proposed solution would work in different cloud deployment models asked above.
Minor errors
L59 - format
Author Response
Dear Reviewer 1,
We would like to thank you very mach for the useful comments to improve the our paper with manuscript ID: computers-1667142, entitled “The use of reactive programming in the proposed model for cloud security controlled by ITSS” and for your valuable comments and suggestions, which we have carefully analyzed and addressed accordingly in the revised version after reviews of our manuscript.
Response for Reviewer 1
We made all corrections and tried to improve all the addressed points on this revision manuscript (after reviews) as follows:
Point 1: How is the proposed solution better than existing ones?
Response 1:
The proposed model for cloud security has been implemented using traditional programming [1]; however, because it causes in partitioning and storing data in real-time searches in the file po, it is necessary that the file po be populated with data and real-time updates. It is also possible to automate this process by using automated data streams for the end-user, without requiring a method or function every time to update the file po. All this change has been achieved as a solution using reactive programming, which directly affects the decrease in real-time execution as shown in Table 3.
Point 2: Cloud computing lacks standardisation, how will their proposed solution mitigate issues that may arise from it?
Response 2:
We understand that cloud computing lacks standardization, but our proposed model for cloud security offers the possibility that, based on the sensitivity of data, the IT security specialist (ITSS)of a company/institution determines the use of the most favorable option. The ITSS realizes this type of ‘configuration’ for company employees; then, the same rule applies for the entire communication realized by the employee with the CP. We can conclude that our proposed model for cloud security offers the possibility of different levels of data security that may be applied to different management levels of the company.
Point 3: Cloud security issues are not limited to a single model these issues increase with new deployment models (hybrid, multi-cloud).
Suggest reading and incorporating the below papers: Federated Hybrid Clouds Service Level Agreements and Legal Issues Advances in Intelligent Systems and Computing DOI: 10.1007/978-981-13-1165-9_44
Hybrid Multi-Cloud Demystifying SLAs for Smart City Enterprises Using IoT Applications. DOI: 10.4018/978-1-7998-1253-1.ch003 In book: IoT Architectures, Models, and Platforms for Smart City Applications Chapter: Chapter 3. Publisher: IGI Global
3.1 Dhirani, L. L., Newe, T., & Nizamani, S. (2019). Federated Hybrid Clouds Service Level Agreements and Legal Issues. In Third International Congress on Information and Communication Technology (pp. 471-486). Springer, Singapore.
3.2 Dhirani, L. L., Newe, T., & Nizamani, S. (2020). Hybrid Multi-Cloud Demystifying SLAs for Smart City Enterprises Using IoT Applications. In IoT Architectures, Models, and Platforms for Smart City Applications (pp. 52-67). IGI Global.
Response 3:
Thank you for your comment. I will take them into consideration not only in this paper but also in the advancement of our future work.
We have added the following paragraph:
In addition, communication with cloud providers is realized according to [R 3.1 and 3.2] Service Level Agreement (SLA) mutually agreed between all parties to provide the quality of services (QoS), which uses our proposed model for cloud security. Figure 1.
Point 4: Does this solution eliminate the need for MFA?
Response 4:
We can say that using our proposed model for security in the cloud, Multi-Factor Authentication (MFA) will not be needed, because, all the secrets of data encryption of the user are put in a secured file po (which is an advantage of our model in this paper), or we can say that it depends on the user where to store and who to give access to the data.
Point 5: How strong it is in comparison of Quantum Cryptographic solutions?
Response 5:
At the moment, we do not believe we can compare the solution offered in our model with quantum cryptography, because the dependence of data encryption on our model lies in the selection made by ITSS. In the future, we can examine the possibility of using some elements in our model to combine with quantum cryptography.
Point 6: Does it provide E2E Security?
Response 6:
Yes, we can say that this proposed model provides E2E encryption because the data can be read only by those who are given access to the end user( the end user shares file Po with others).
Point 7: I strong recommend the authors to address the questions asked above in the paper. A more detailed literature review is required - the authors should include a table that draws cryptographic solutions and their proposed solution to provide clarity. Also mention whether their proposed solution would work in different cloud deployment models asked above.
Response 7:
In the literature review we have added "Cloud Security Aspects," to which we have introduced some solutions offered by others for cloud security. We have also added Table 1, which represents the key elements supported by the proposed model based on the Global Encryption Trends Study, Ponemon Institute Research Report, conducted in 2021. What we can offer for performance comparison of the solution proposed in this paper is the table provided with results from the previous solution [1] and the current solution (Table 3 and Figure 5).
Point 8: Minor errors L59 – format
Response 8:
Now, it is corrected.
Author Response File: Author Response.docx
Reviewer 2 Report
- The title looks quite strange: “Used reactive programming in the proposed model for cloud security”. Do you mean “Using..”? What is the “proposed model” in the title? The title should be more clear and descriptive.
- ITSS acronym not explained (line 23)
- Some parts of the manuscript are written with very poor English, even the abstract: “During this study that are used the same algorithms, presented and the comparative results…”, or later “The main task it was to propose safety model in cloud, which we will be based on…” and many other sentences in the text. Extensive check of the language is required.
- The introduction must introduce not only reactive programming itself (which should also be improved) but the scope related to the cloud security and the “proposed model”. Throughout the whole paper it is not fully clear how cloud computing is used apart from using several data centers (as follows from Fig. 1) and what exactly is he problem being addressed.
- Section 3 must explain the problem and possible approaches, now readers have to guess what problem is being solved. E.g., lines 141-150 describe the model to increase “security in cloud”, but it is not clear what particular attributes of security are enhanced. Proposal I (line 143) is too vague – what kind of choice? what is ITSS? What is the “information the proposed model offers”? Proposal II refers to a “file” – and this is the first place in the manuscript where the reader can suspect that the issues are related to storing data (files) in the cloud; Proposal III is on the detailed level, about using cryptography for different parts of the file, which makes the reader guess that the problem is related to distributed storage of encrypted data across a set of data centers with unidentified goals.
- Line 159 mentions “cliché’” – what is this?
- Line 160 is confusing: “If the deletion or change of data occurs, the customer will return to the customer.” Where does the customer return? Or what is returned to the customer?
- Figure 3 is barely readable and needs enhancement
- Line 181 is still there from the template, I believe: “All figures and tables should be cited in the main text as Figure 1, Table 1, etc.”
- The red data/control flow in Figure 4 is not clear. Is this an alternative path? How does it match with the original Start and End? Probably, the idea of figures 4 and 5 was to depict sequential and parallel execution of partitioned file encryption.
- As we know from the literature, “Reactive programming describes a design paradigm that relies on asynchronous programming logic to handle real-time updates to otherwise static content. It provides an efficient means -- the use of automated data streams -- to handle data updates to content whenever a user makes an inquiry”. In the current manuscript it is not fully clear how the “real-time updates”, “automated data streams” and other properties of reactive programming are utilized to increase the efficiency of the algorithm in addition to the trivial data split and parallel encryption of the partitions.
- In section 5, the size of data looks extremely small (from 454 to 2969 kilobytes) to perform any kind of meaningful measurements over the distributed cloud resources. I believe, the size must be at least 100x. However, the results in Table 2 show the times from 10056 to 175436 milliseconds (i.e. 10 to 175 seconds) which is extremely a lot to process and transfer those negligible amounts of data. There must be a mistake either in the data volumes or execution times.
- Line 259 – Table 2 should be referred instead of Table 1
- Formulas 1 and 2 raise some questions. Apparently, formula 1 refers to step-by-step sequential execution while formula 2 selects the longest processing time among all the separate file parts, only one of them. However, we do not see any reference to the reactive programming overheads; is it fair to measure the encryption and transfer time of individual file parts rather than measure the overall processing time of the reactive implementation? Does the reactive implementation exist at all, or do you only predict its performance by measuring individual processing of file parts now?
- Could you justify the combinations of the algorithms mentioned in Table 2, e.g. AES/DES/TripleDES etc.? Did you apply all three algorithms together to the data in every combination? Why does this make any sense?
- References 13, 14 and 16-51 are not referred in the text of the manuscript.
Author Response
Dear Reviewer 2,
We would like to thank you very mach for the useful comments to improve the our paper with manuscript ID: computers-1667142, entitled “The use of reactive programming in the proposed model for cloud security controlled by ITSS” and for your valuable comments and suggestions, which we have carefully analyzed and addressed accordingly in the revised version after reviews of our manuscript.
We made all corrections and tried to improve all the addressed points on this revision manuscript (after reviews) as follows:
Point 1: The title looks quite strange: “Used reactive programming in the proposed model for cloud security”. Do you mean “Using..”? What is the “proposed model” in the title? The title should be more clear and descriptive.
Response 1:
The title is corrected and renamed: “The use of reactive programming in the proposed model for cloud security controlled by ITSS”.
Point 2: ITSS acronym not explained (line 23)
Response 2:
ITSS- IT Security Specialist of the company/organization.
Point 3: Some parts of the manuscript are written with very poor English, even the abstract: “During this study that are used the same algorithms, presented and the comparative results…”, or later “The main task it was to propose safety model in cloud, which we will be based on…” and many other sentences in the text. Extensive check of the language is required.
Response 3:
Now, it is corrected from Language Editing Services by MDPI. The text has been checked for correct use of grammar and common technical terms, and edited to a level suitable for reporting research in a scholarly journal.
Point 4: The introduction must introduce not only reactive programming itself (which should also be improved) but the scope related to the cloud security and the “proposed model”. Throughout the whole paper it is not fully clear how cloud computing is used apart from using several data centers (as follows from Fig. 1) and what exactly is he problem being addressed.
Response 4:
We have added the following paragraphs:
In cloud computing, security has been a challenge because a third party has access to our data and the data should be trusted to a third party. Recent trends in cloud security have played an important role in attracting organizations/companies to deploy sensitive data on the cloud. In this paper, the IT Security Specialist, ITSS, is referred to as the person responsible for a company/institution who realizes the “configuration” of security for other users in the organization.
In this context, the proposed model offers different scenarios based on the level of sensitivity of data [1]. From another point of view, this increases the reliability of clients in cloud computing. This reliability will be increased by offering data security controls to end-user ITSS. Our model, shown in Figure 1, was proposed in [1] with the same philosophy for controlling security in the cloud, which is based on two objectives: the control of security depending on the ITSS of a certain organization and the possibility of selecting options based on different algorithms.
Point 5: Section 3 must explain the problem and possible approaches, now readers have to guess what problem is being solved. E.g., lines 141-150 describe the model to increase “security in cloud”, but it is not clear what particular attributes of security are enhanced. Proposal I (line 143) is too vague – what kind of choice? what is ITSS? What is the “information the proposed model offers”? Proposal II refers to a “file” – and this is the first place in the manuscript where the reader can suspect that the issues are related to storing data (files) in the cloud; Proposal III is on the detailed level, about using cryptography for different parts of the file, which makes the reader guess that the problem is related to distributed storage of encrypted data across a set of data centers with unidentified goals.
Response 5:
In the literature review, we have added "Cloud Security Aspects," to which we have introduced some solutions offered by others for cloud security. We have also added Table 1, which represents the key elements supported by the proposed cloud model based on the Global Encryption Trends Study, Ponemon Institute Research Report conducted in 2021.The elements offered by the proposed model for cloud security, are presented in Table 1.
As an initial part, the "configuration" of the security of the organization will be realized, by the IT Security Specialist. Based on data sensitivity, we select the options mentioned below (Proposal I, Proposal II and Proposal III).
Also for each proposal, it is placed in parentheses from a special description, such as:
- Proposal I: Security is based on the choice of the end user, the ITSS, depending on the information the proposed model offers (based on the system proposals, no other specific factors are considered except for the faster way that the system offers).
- Proposal II: Based on the features of the file, possible algorithms are proposed and the length of keys to the user, then the user makes a choice (based on the system proposals that consider the features of the file, the most suitable and fastest solution offered by the model is proposed).
- Proposal III: Security is based on file cryptography by the client using keys generated locally to the client. Thereafter, the file is partitioned and encrypted into particular parts (P1, P2 ,…, Pn), and eachpart can be stored in different clouds. A new P0 file contains the selected algorithm, indexing, and the position of the file. The P0 file is significantly smaller, encrypted by a more powerful algorithm and can be stored anywhere in cloud (this solution depends entirely on the selection of ITSS, not taking into account the suggestions that the model can make, the security "configuration" is performed by ITSS, in case the data sensitivity is too high, the safest path is determined using algorithms specific for data encryption and fixed / random partition number).
Point 6: Line 159 mentions “cliché’” – what is this?
Response 6:
Corrected:
After this step, the client requires its data to depend on its sensitivity to determine the manner of archiving.
Technical error, this sentence has been rdeleted.
Point 7: Line 160 is confusing: “If the deletion or change of data occurs, the customer will return to the customer.” Where does the customer return? Or what is returned to the customer?
Response 7:
Technical error, this sentence has been removed.
Point 8: Figure 3 is barely readable and needs enhancement.
Response 8:
Now, it is corrected.
Point 9: Line 181 is still there from the template, I believe: “All figures and tables should be cited in the main text as Figure 1, Table 1, etc.”
Response 9:
Technical error, this sentence has been removed.
Point 10: The red data/control flow in Figure 4 is not clear. Is this an alternative path? How does it match with the original Start and End? Probably, the idea of figures 4 and 5 was to depict sequential and parallel execution of partitioned file encryption.
Response 10:
We have added this paragraph for further clarification:
For the measurements, we followed the path from point A to point B, which is presented in red in Figure 4 and Figure 5.
Figure 4. presents the traditional programming applied in the proposed model for cloud security, while Figure 5 presents the new solution realized in this study for the proposed model for cloud security.
Point 11: As we know from the literature, “Reactive programming describes a design paradigm that relies on asynchronous programming logic to handle real-time updates to otherwise static content. It provides an efficient means -- the use of automated data streams -- to handle data updates to content whenever a user makes an inquiry”. In the current manuscript it is not fully clear how the “real-time updates”, “automated data streams” and other properties of reactive programming are utilized to increase the efficiency of the algorithm in addition to the trivial data split and parallel encryption of the partitions.
Response 11:
The proposed model for cloud security has been implemented using traditional programming [1]; however, because it causes in partitioning and storing data in real-time searches in the file po, it is necessary that the file po be populated with data and real-time updates. It is also possible to automate this process by using automated data streams for the end-user, without requiring a method or function every time to update the file po. All this change has been achieved as a solution using reactive programming, which directly affects the decrease in real-time execution as shown in Table 3.
Point 12: In section 5, the size of data looks extremely small (from 454 to 2969 kilobytes) to perform any kind of meaningful measurements over the distributed cloud resources. I believe, the size must be at least 100x. However, the results in Table 2 show the times from 10056 to 175436 milliseconds (i.e. 10 to 175 seconds) which is extremely a lot to process and transfer those negligible amounts of data. There must be a mistake either in the data volumes or execution times.
Response 12:
As we have pointed out in this paper, the idea was to use the same data size and the same execution environment from the earlier solution and the new solution we used during this study, in order to have comparable results as accurately as possible.
As for the execution time, there is a total execution time (upload/download) for three types of algorithms proposed by the model for security in the cloud.
Point 13: Line 259 – Table 2 should be referred instead of Table 1
Response 13:
Now, it is corrected.
Point 14: Formulas 1 and 2 raise some questions. Apparently, formula 1 refers to step-by-step sequential execution while formula 2 selects the longest processing time among all the separate file parts, only one of them. However, we do not see any reference to the reactive programming overheads; is it fair to measure the encryption and transfer time of individual file parts rather than measure the overall processing time of the reactive implementation? Does the reactive implementation exist at all, or do you only predict its performance by measuring individual processing of file parts now?
Response 14:
In the results presented for the new solution, we referred to Formula 2, and the measurement was performed for the overall processing time of the reactive implementation. We did not perform the measurement separately for each partition because we would not have a fair comparison with the old solution offered in [1]. In addition, the model is implemented in a system where all steps are automated, and we would not be able to perform measurements separately. The measurements were made for the algorithms mentioned in the table: symmetric algorithm (AES, Des, and TripleDES), asymmetric algorithm (RSA, Diffie-Hellman, ElGamal), and hybrid algorithm (combination of both symmetric and asymmetric algorithms).
Point 15: Could you justify the combinations of the algorithms mentioned in Table 2, e.g. AES/DES/TripleDES etc.? Did you apply all three algorithms together to the data in every combination? Why does this make any sense?
Response 15:
These three algorithms were not applied simultaneously. In formula (1), the execution time is calculated as the total execution time for the three types of algorithms. The same logic is used for the measurements that we are based on formula (2), and the total execution is calculated for three types of algorithms (Table). Using reactive programming has resulted in MaximumOfTime (t1, t2 ... tn) for the algorithm.
Point 16: References 13, 14 and 16-51 are not referred in the text of the manuscript.
Response 16:
Now, it is corrected.
Author Response File: Author Response.docx
Reviewer 3 Report
There are too many grammatical errors in the writing of this paper, and there are too many redundant and repeated sentences, which are difficult to read.
The whole paper should do extensive editing in English language, then review again.
Figure 1 and Figure 2 are not clear. They should be redrawn.
Author Response
Dear Reviewer 3,
We would like to thank you very mach for the useful comments to improve the our paper with manuscript ID: computers-1667142, entitled “The use of reactive programming in the proposed model for cloud security controlled by ITSS” and for your valuable comments and suggestions, which we have carefully analyzed and addressed accordingly in the revised version after reviews of our manuscript.
We made all corrections and tried to improve all the addressed points on this revision manuscript (after reviews) as follows:
Point 1: The whole paper should do extensive editing in English language, then review again.
Response 1:
Now, it is corrected from Language Editing Services by MDPI. The text has been checked for correct use of grammar and common technical terms, and edited to a level suitable for reporting research in a scholarly journal.
Point 2: Figure 1 and Figure 2 are not clear. They should be redrawn.
Response 2:
Now, it is corrected.
Author Response File: Author Response.docx
Round 2
Reviewer 1 Report
Missing Citations:
References 34 and 36 relate to section 2.2 (L 163-167)
Author Response
Dear Reviewer 1,
We would like to thank you very much for the useful comments that helped to improve our paper with manuscript ID: computers-1667142, entitled “The use of reactive programming in the proposed model for cloud security controlled by ITSS” which we have carefully analyzed and addressed accordingly in the revised version of our manuscript.
Comments and Suggestions for Authors:
Missing Citations:
References 34 and 36 relate to section 2.2 (L 163-167)
Response:
- We have added citations for references [34, 36] on L167.
- Based on the reviewers recommendations we corrected our manuscript from Language Editing
Services by MDPI (with English ID: english-42865). The text has been checked for correct use
of grammar and common technical terms and edited to a level suitable for reporting research in a
scholarly journal.
- Now all references (1-36) are cited in the paper.
Author Response File: Author Response.docx
Reviewer 2 Report
Thank you for addressing my comments: updating the text or explaining certain paragraphs. I believe the manuscript has been improved a lot. There are still minor issues with the text, in particular I recommend to decrypt the acronym ITSS in the abstract (since the acronym is now used in the title; this acronym is not commonplace); there are a couple of clumsy sentences still, however overall English has been significantly improved. I still have some concerns about the experiments and data sizes, but you justified your decision to select those particular sizes to be aligned with other experiments published earlier.
Author Response
Dear Reviewer 2,
We would like to thank you very much for the useful comments that helped to improve our paper with manuscript ID: computers-1667142, entitled “The use of reactive programming in the proposed model for cloud security controlled by ITSS” which we have carefully analyzed and addressed accordingly in the revised version of our manuscript.
Comments and Suggestions for Authors:
Thank you for addressing my comments: updating the text or explaining certain paragraphs. I believe the manuscript has been improved a lot. There are still minor issues with the text, in particular I recommend to decrypt the acronym ITSS in the abstract (since the acronym is now used in the title; this acronym is not commonplace); there are a couple of clumsy sentences still, however overall English has been significantly improved. I still have some concerns about the experiments and data sizes, but you justified your decision to select those particular sizes to be aligned with other experiments published earlier.
Response:
- We have added an explanation part for decryption of acronym ITSS in the abstract:
“In this context, we have been able to reduce the execution time compared to our previous work for the model proposed in cloud security, where the control of security depending on the ITSS (IT security specialist) of a certain organization based on selecting options”.
- Based on the reviewers recommendations we corrected our manuscript from Language Editing Services by MDPI (with English ID: english-42865). The text has been checked for correct use of grammar and common technical terms and edited to a level suitable for reporting research in a scholarly journal.
- Also all references (1-36) are cited in the paper.
Author Response File: Author Response.docx
Reviewer 3 Report
The new paper title is much better than previous one.
Overall English writing has been significantly improved, but minor editing is still required.
All figures are clear to read now.
Author Response
Dear Reviewer 3,
We would like to thank you very much for the useful comments that helped to improve our paper with manuscript ID: computers-1667142, entitled “The use of reactive programming in the proposed model for cloud security controlled by ITSS” which we have carefully analyzed and addressed accordingly in the revised version of our manuscript.
Comments and Suggestions for Authors:
The new paper title is much better than previous one.
Overall English writing has been significantly improved, but minor editing is still required.
All figures are clear to read now.
Response:
- Based on the reviewers recommendations we corrected our manuscript from Language Editing Services by MDPI (with English ID: english-42865). The text has been checked for correct use of grammar and common technical terms and edited to a level suitable for reporting research in a scholarly journal.
- Also all references (1-36) are cited during in the paper.
Author Response File: Author Response.docx