1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147
| We thank the reviewers for their thoughtful comments! We address the most important/common questions in the first 500 words; other answers below the line can be viewed as optional/supplemental.
**Reviewers A and D: Is your model fundamental, or can be it be encoded in existing batch-oriented models (like [4])?
Our model is fundamental. Existing batch-oriented models (like [4]) can be encoded in our model, but batch-oriented models cannot encode our model. That's because our model permits feedback: past outputs may affect future inputs. So the traditional information-theoretic approach to quantifying leakage fails.
You might at first suspect that batch-oriented models could emulate our time-varying model by viewing a run with multiple time steps as a single batch-execution of the system. But there is no information-theoretic channel representing that run that is invariant with respect to the probability distribution on secrets (see [22, Example 1]), so information-theoretic measures can't be used with a batch-model encoding.
By contrast, information-theoretic measures can be used with our time-varying model. The result in III-E shows our model encodes a joint probability distribution, which can be decomposed into a product of conditional probabilities, to which measures can be applied. We will expand/clarify this result (including moving material from the appendix into the main text as suggested by Reviewer C) to also address this question of encoding.
**Reviewer D: Is the complication of the model warranted since the examples remove model features?
Each example removes some model features for simplicity, but every model feature is required by at least one example; removing features would thus rule out some examples.
**Reviewers C and D: The experiments are not very well explained.
We agree that adding further explanation and intuition would improve the paper. We will include the exact parameters for each experiment. We will also sketch the behavior of the optimal adversary in each case, to give intuition as to the shape of the graphs. For most of the experiments we show, the behavior of the optimal adversary is to make observations within the period where the secret doesn't change and attack right before the secret changes based on what they have observed in this static period. For some parameters (perfect observations), the attacker doesn't necessarily need to wait to right before the change to be optimal. Answers to reviewer C's particular questions are given in an optional/supplemental portion to the rebuttal below.
**Reviewer D: How do you compare to attack graphs, game-theoretic models, etc.?
We will add text to compare. In short: we can view our table-based optimal adversary as implementing an attack graph (computed to optimize the adversary's expected gain). We can view our approach as a Bayesian game, but game-theoretic notions are not relevant for us as only one party (the adversary) has choices.
----------------------------------------------------------------------
We address some particular questions from reviewer C in the remainder of the rebuttal.
--How did you implement the optimization procedure?
By exact simulation; more efficient means of analysis (e.g., via abstract interpretation) we leave to interesting future work.
--Example V-F: The role of the change function is confusing since it could be more directly modeled as another part of the secret.
The reviewer is right and so we should at least clarify the example. In principle, separating the secret from the change function in our model is done for two reasons: 1) the function cannot be observed directly, only inferred, and 2) it cannot change itself. As a result, this special part of the secret behaves most similarly to how secrets behave in existing work on quantified information flow: uncertainty of the change function decreases with additional observations through imperfect channels and this uncertainty cannot be recovered. Conversely, uncertainty in the dynamic parts of the secret can be recovered, as shown by the periodicity in the figures. The example in V-F was designed to show a counterintuitive situation in which applying the change function more often results in higher vulnerability of the secret. To show this we made the example have a very high correlation between the change function and another part of the secret (the floor). This has an unfortunate side effect of trivializing the distinction between the change functions and other parts of the secret. We conjecture that the correlation is a necessary feature of scenarios that have the counterintuitive property; we will attempt a proof and expand the discussion in any case. --Why do the periods in the examples differ in the graphs?
This is sloppiness on our part: the change_freq parameter differed with different experiments. We will unify it as much as possible, make it explicit in the text, and rerun the experiments.
--What is the point of figures 7, 8?
Figures 7 and 8 illustrate existing min-vulnerability and guessing entropy measures in our model, respectively, compared against a measure that accounts for an adaptive adversary, which is a signature feature of our approach. The figures show that adaptivity significantly increases a secret's vulnerability.
--How to interpret the bottom of figure 9?
Figure 9 illustrates the impact of memory limitation on the adversary. The bottom portion can be explained partially from the periodic effect that also occurs in the top portion of the figure. The advantage of more memory only matters as long as there are more things to remember. At the start, or right after the secret has changed, there is nothing to remember hence the various limited adversaries have the same expected raid gain. Their odds diverge further into the "epoch" of the current secret as there are more and more relevant observations to remember. The gains are most diverged right before the secret changes. The bottom figure illustrates the situation for an adaptive adversary, for which the periodic effect also occurs. There, however, the gain increases monotonically with time towards 1 (except for the adversary with no memory at all). This occurs as every adversary with at least one observation's worth of memory has ever-increasing odds of luckily observing a single stakeout that pinpoints the stash location exactly.
--Why is the parameter raid_odds included? Doesn't it just scale the gain?
This aspect of our stakeout/raid examples is mostly used that we can generalize beyond min-vulnerability (which would be equivalent to raids without raid_odds) and show how such a parameter manifests itself in the overall vulnerability of a secret. The reviewer is right that the parameter serves to scale vulnerability and does not impact the behavior of the adversary for most stakeout/raid examples. The situation is more interesting when there are penalties for making stakeouts (Section V.E). There the adversary cannot just decide to stakeout until right before the stash location changes as each stakeout incurs a cost; the attacker must weigh their chances of a successful raid given what they know now vs. the prospect of learning more about the stash location. The first quantity is scaled with raid_odds, whereas the second depends more on the parameter obs_odds. These parameters thus impact the adaptive decisions the adversary makes before the attack occurs.
|