CS2125 Paper Review Form - Winter 2019

Reviewer: Zi Yi Chen

Paper Title: Requirements and Architectures for Secure Vehicles

Author(s): Michael W. Whalen, Darren Cofer, and Andrew Gacek

1) Is the paper technically correct?
 [X] Yes
 [ ] Mostly (minor flaws, but mostly solid)
 [ ] No

2) Originality
 [ ] Very good (very novel, trailblazing work)
 [X] Good 
 [ ] Marginal (very incremental)
 [ ] Poor (little or nothing that is new)

3) Technical Depth
 [ ] Very good (comparable to best conference papers)
 [ ] Good (comparable to typical conference papers)
 [X] Marginal depth
 [ ] Little or no depth

4) Impact/Significance
 [ ] Very significant
 [X] Significant
 [ ] Marginal significance.
 [ ] Little or no significance.

5) Presentation
 [X] Very well written
 [ ] Generally well written
 [ ] Readable
 [ ] Needs considerable work
 [ ] Unacceptably bad

6) Overall Rating
 [ ] Strong accept (award quality)
 [ ] Accept (high quality - would argue for acceptance)
 [X] Weak Accept (borderline, but lean towards acceptance)
 [ ] Weak Reject (not sure why this paper was published)


7) Summary of the paper's main contribution and rationale
   for your recommendation. (1-2 paragraphs)

This paper presents the requirements and architectures for DARPA's High-Assurance Cyber Military System project. The authors utilize known concrete attacks from the Common Attack Pattern Enumeration and Classification list and common software weaknesses from Common Weakness Enumeration list to form their requirements. If a complex system can be decomposed into subcomponents, then the requirements of the system must also be decomposed and allocated to each subcomponents. The authors utilized a reasoning method for the composition of requirements, and they used Resolute language to express their assurance cases' structure.

In the end, by setting requirements with their methodology and reasoning, the HACMS was able to resist 2 phases of attacks from the red team, with the third phase ongoing. The paper doesn't mention the specific attacks that they used in each phase, nor explain too much about the system architecture, therefore it had little technical depth, although the material and the project have significant impact.


8) List 1-3 strengths of the paper.  (1-2 sentences each,
identified as S1, S2, S3.)

S1: Paper was easy to read, well organized
S2: The results show that the methodologies can prevent attacks 


9) List 1-3 weaknesses of the paper (1-2 sentences each,
identified as W1, W2, W3.)

W1: The paper doesn't go in depth with the technologies, for valid reasons since it's a military project
W2: Would like to see the results for the third phase, maybe the authors could've waited