Next Article in Journal
Data-Driven Analysis of Outdoor-to-Indoor Propagation for 5G Mid-Band Operational Networks
Previous Article in Journal
Digital Qualitative and Quantitative Analysis of Arabic Textbooks
 
 
Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
Journals
Future Internet
Volume 14
Issue 8
10.3390/fi14080238
Review Report
futureinternet-logo
Submit to this Journal Review for this Journal Propose a Special Issue
Article Menu

Article Menu

share Share announcement Help format_quote Cite question_answer Discuss in SciProfiles
Article
Peer-Review Record

Will Zero Vulnerability Computing (ZVC) Ever Be Possible? Testing the Hypothesis

Future Internet 2022, 14(8), 238; https://doi.org/10.3390/fi14080238
by Fazal Raheman 1,*, Tejas Bhagat 1, Brecht Vermeulen 2 and Peter Van Daele 2
Reviewer 1: Anonymous
Future Internet 2022, 14(8), 238; https://doi.org/10.3390/fi14080238
Submission received: 28 June 2022 / Revised: 28 July 2022 / Accepted: 28 July 2022 / Published: 30 July 2022
(This article belongs to the Section Cybersecurity)

Round 1

Reviewer 1 Report

The authors present an experiment to support and test two ZVC hypotheses, challenging the well-established rules of computer design.

The paper is well written, well structured and references are also suitable. Is and extremely interesting work in an hot topic. A real/massive IoT world will need more ZVC work.

This is a solid work. Authors have designed the work and experiments  in a rigorous and methodical way.

However, in my opinion, in a job of this nature, it would be important to have a "Work limitations" section.

Author Response

Point1: The authors present an experiment to support and test two ZVC hypotheses, challenging the well-established rules of computer design.
The paper is well written, well structured and references are also suitable. Is and extremely interesting work in an hot topic. A real/massive IoT world will need more ZVC work.
This is a solid work. Authors have designed the work and experiments in a rigorous and methodical way.
However, in my opinion, in a job of this nature, it would be important to have a "Work limitations" section.

Response1: Thanks for the encouraging comments. The manuscript has been revised with a new section on “Work limitations.”

Reviewer 2 Report

1. Please revise and explain clearly the research problems on Zero Vulnerability Computing (ZVC).

2. Please add more recent literature on Zero Vulnerability Computing (ZVC)

3. Please discuss comprehensively the objectives of this research work

4. Please add more explanation on the section of Experiment Result. Please enclose the diagram and the explanation on the differences characteristics of the Zero Vulnerability Computing (ZVC),  ICOS (In-Computer Offline Storage) and Supra OS (SOS), against vulnerabilities.

Author Response

Point1: Please revise and explain clearly the research problems on Zero Vulnerability Computing (ZVC).
Response1: The Problem Statement section extensively discusses cybersecurity research problems. However, a new section on “A brief history of computers & the origin of their vulnerabilities” has been added to place the research problems in proper perspective for more clarity.

Point2: Please add more recent literature on Zero Vulnerability Computing (ZVC)
Response2: ZVC is a radical new concept in cybersecurity and a major paradigm shift in the design of future computers. There is no precedence for such a concept in literature beyond what is presented.

Point3: Please discuss comprehensively the objectives of this research work
Response3: The manuscript is revised with a new 6.1 sub-section on “Objectives of this research”

Point4: Please add more explanation on the section of Experiment Result. Please enclose the diagram and the explanation on the differences characteristics of the Zero Vulnerability Computing (ZVC),  ICOS (In-Computer Offline Storage) and Supra OS (SOS), against vulnerabilities.
Response4: Four additional diagrams comprising of a pair of diagrams conceptualizing SOS (4c & 4d) and ICOS (4e & 4f) respectively have been added with a explanation

Round 2

Reviewer 2 Report

The results of the experiment are need to be explained, justified and verified carefully. The results are not really clearly verified. The metric performance used in Case 1 and Case 2 need to be explained and justified properly. The conclusion of the data interpretation were not really conclusion but more or less a data summary. Again the findings need to be refined carefully. Hence, this will may affect the conclusion and future work which are not really discussed comprehensively. The drawback of the findings also need to be highlighted and discussed.

Author Response

Comment1: The results of the experiment are need to be explained, justified and verified carefully. The results are not really clearly verified. The metric performance used in Case 1 and Case 2 need to be explained and justified properly
Reply1: The aim of the stated experiment was to check if any remote hacking activity can steal sensitive user information from the ZVC-powered hardware wallet connected to Node0 (target node) of the testbed. This was demonstrated in a comparative environment by connecting both the ZVC device and the Control device to the Node0 (target node) and transmitting a hacking command from Node1 (hacker node) to Node0. To demonstrate the hacking activity performed from another node (Node1/Hacker Node)  over the Target node (Node0), we have added a new screenshot of the command line interface (Fig13) showing the transfer of malware from Node1 to Node0, indicating the hacking attempt carried out from a remote server. 

The sensitive user information in this context is the private keys stored inside both the ZVC device and the Control device within the “.config” folder. To demonstrate the presence of this sensitive information inside both the connected devices, we have added Fig12 which highlights the presence of the .config folder within the ZVC as well as the Control device. 

The comparative results demonstrated in Fig14 show that the .config folder containing the private wallet keys was copied to the Hacker node when the Control device was in operation, whereas the hacking command failed to copy the .config folder when the ZVC device was connected. 

The verification and proof of results can be seen in a comparative scenario shown in Fig14, which demonstrates that the .config folder was copied back to the hacker node when the control device was in operation while the same hack attempt failed to steal any data when the ZVC device was connected. 

The comparative analysis of these 2 cases shows the ability of the ZVC devices to restrict any third-party infringement when it is in operation. This can be attributed to the secured ecosystem created using the SupraOS component of the ZVC ecosystem that restricts permission to any third-party applications to execute/run and thus validates the main objective of the technology. 


Comment 2: The conclusion of the data interpretation were not really conclusion but more or less a data summary. Again the findings need to be refined carefully. Hence, this will may affect the conclusion and future work which are not really discussed comprehensively.
Reply2: The experiments were designed to test the following hypotheses:

Hypothesis One: Can Supra OS software (SOS) completely obliterates the primary attack surface by denying third-party permissions to all non-native applications? 

Hypothesis Two: Can a hardware module isolate critical data that require sporadic access to offer in-computer offline storage (ICOS) within the connected device itself without compromising its functionality? 

The “YES” answers to both these questions weren’t just data summaries. They were concrete conclusions demonstrating that the direct implementation of ZVC on the nonvolatile memory chip of a computing device eliminates the need for piggybacking on the OS of a device. This finding led to the conceptualization of a radically novel concept of solid-state software on a chip (3SoC) with no conventional distinguishable layers of firmware, drivers, OS, and application (all moving parts) between the hardware and the HCI. Comprehensively discussed in a separate section, the 3Soc concept opens new possibilities in designing future computing devices by formulating 2 new hypotheses for future research:

  1.   Because ZVC security is encryption-independent, will it be quantum-resistant by design? 
  2.   As ZVC architecture lacks layering, rendering it conceptually analogous to the zero moving parts nature of solid-state electronics, will it deliver the same advantages of computers as the solid-state did to revolutionize the electronics industry in the 1960-70s?

Both these questions stimulate future research into an entirely new era in computer science.

Comment 3: The drawback of the findings also need to be highlighted and discussed.
Reply3: The drawbacks of the ZVC experiment were addressed in a new Section 8: Work Limitations that advises caution before extrapolating the results to real-world scenarios.  And the shortcomings are also highlighted in Section 7: Discussion follows:

“Although our ZVC hardware wallet experiments supported and tested the two ZVC hypotheses and met the objectives of the study, the results must be interpreted with caution, warranting further rigorous validation of the concept beyond the limited environment of these experiments. If we had the advantage of hindsight, our experimental design, which revolved around mainstream computing architecture, would have been more relevant to the tested hardware wallet IoT device.”

 

Back to TopTop