CS2125 Paper Review Form - Winter 2019

Reviewer: Abdul Kawsar Tushar

Paper Title: Requirements and Architectures for Secure Vehicles

Author(s): Michael W. Whalen, Darren Cofer, and Andrew Gacek

1) Is the paper technically correct?
 [X] Yes
 [ ] Mostly (minor flaws, but mostly solid)
 [ ] No

2) Originality
 [ ] Very good (very novel, trailblazing work)
 [X] Good 
 [ ] Marginal (very incremental)
 [ ] Poor (little or nothing that is new)

3) Technical Depth
 [ ] Very good (comparable to best conference papers)
 [X] Good (comparable to typical conference papers)
 [ ] Marginal depth
 [ ] Little or no depth

4) Impact/Significance
 [ ] Very significant
 [X] Significant
 [ ] Marginal significance.
 [ ] Little or no significance.

5) Presentation
 [ ] Very well written
 [X] Generally well written
 [ ] Readable
 [ ] Needs considerable work
 [ ] Unacceptably bad

6) Overall Rating
 [ ] Strong accept (award quality)
 [ ] Accept (high quality - would argue for acceptance)
 [X] Weak Accept (borderline, but lean towards acceptance)
 [ ] Weak Reject (not sure why this paper was published)


7) Summary of the paper's main contribution and rationale
   for your recommendation. (1-2 paragraphs)

This paper was written by the researchers in a DARPA project on unmanned aerial vehicles. The members had the goal of securing the UAV from professional vulnerability testers. The research team focused on a variety of known concrete attacks drawn from the Common Attack Pattern Enumeration and Classification list. System-level security requirements were created based on two basic assumtions about the UAV and the attackers. Common Weakness Enumeration list and programming language Ivory were used to eliminate known errors. 

A thing that concerns me is that it is not mentioned that the attack pattern list and weakness list that were used were exhaustive. If they were not, there will always be a chance that a less popular attack might succeed in penetrating the system.

Other researchers have cited this paper for its work on the system-level security of UAVs. In this respect, the paper has sifnificane, although it does not go into details.

8) List 1-3 strengths of the paper.  (1-2 sentences each,
identified as S1, S2, S3.)

S1. There was a nice abstract explanation as to how the safety of different componenets of a UAV connect into the safety of the entire system and how this relation is not straightforward.

S2. The researchers successfully prevented some major attacks even when part of the system that controls the drone was exposed vulnerable.


9) List 1-3 weaknesses of the paper (1-2 sentences each,
identified as W1, W2, W3.)

W1. The idea does not seems foolproof, i.e. the attack and weakness lists were possibly not exhaustive. The UAV system might fall victim to some unusual attack.

w2. Since this reasearch is probably linke to matters of national security, it doesn't seem logical that they can ever describe the entire idea in details. That is not a good news for the scientific community.