how to write rebuttal

References & Notations

item instructions
source Advice on writing an author response

What is author response?

防止reviewer因为理解错了论文而选择了reject.

回复最好不要:

  1. 缺乏事实依据,靠打动性语言
  2. 不引入新的结果(定理/实验等),会显得原论文不完备。必要的时候可以。
  3. 不能太长,有字数限制。

The goal of your response

不应该企图让每个reviewer回心转意,至少说服一个reviewer。

General themes for writing the response

Be polite and appreciative.

喷reviewer也不会回心转意

Don’t address every concern

没有空间,或者没有重点。

指出自己已经consider过了他们的concerns,并且大部分都同意。下次revision会指出来这些没提到的点(礼貌性,作者认为很重要)

Address the main concerns first

大部分reviewers关注的concerns是最重要的。

Reference the key concerns in a manner close to how the reviewers phrased them.

即使篇幅限制,也要在回复concerns的时候提自己在回复哪点,这样reviewer才知道你在回复谁,回复哪个点。reviewer本身很可能已经忘了自己给的回复。

Reference your own paper for answers to reviewer concerns.

尽可能用论文中已有的东西回答。一方面代表论文的完备性,另一方面节省空间。

Address smaller concerns, and place elaborated responses, last.

先回复重要的,再回复琐碎的。

Example response

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
We thank the reviewers for their thoughtful comments! We address the 
most important/common questions in the first 500 words; other
answers below the line can be viewed as optional/supplemental.

**Reviewers A and D: Is your model fundamental, or can be it be
encoded in existing batch-oriented models (like [4])?

Our model is fundamental. Existing batch-oriented models (like [4])
can be encoded in our model, but batch-oriented models cannot encode
our model. That's because our model permits feedback: past outputs
may affect future inputs. So the traditional information-theoretic
approach to quantifying leakage fails.

You might at first suspect that batch-oriented models could emulate
our time-varying model by viewing a run with multiple time steps as a
single batch-execution of the system. But there is no
information-theoretic channel representing that run
that is invariant with respect to the
probability distribution on secrets (see [22, Example 1]),
so information-theoretic measures can't be used with a batch-model
encoding.

By contrast, information-theoretic measures can be used
with our time-varying model. The result in III-E shows our model
encodes a joint probability distribution, which can be decomposed
into a product of conditional probabilities, to which measures can
be applied. We will expand/clarify this result
(including moving material from the appendix into the main text as
suggested by Reviewer C) to also address this question of encoding.

**Reviewer D: Is the complication of the model warranted since the
examples remove model features?

Each example removes some model features for simplicity, but every
model feature is required by at least one example; removing features
would thus rule out some examples.

**Reviewers C and D: The experiments are not very well explained.

We agree that adding further explanation and intuition would improve
the paper. We will include the exact parameters for each
experiment. We will also sketch the behavior of the optimal adversary
in each case, to give intuition as to the shape of the graphs. For
most of the experiments we show, the behavior of the optimal adversary
is to make observations within the period where the secret doesn't
change and attack right before the secret changes based on what they
have observed in this static period. For some parameters (perfect
observations), the attacker doesn't necessarily need to wait to right
before the change to be optimal. Answers to reviewer C's particular
questions are given in an optional/supplemental portion to the
rebuttal below.

**Reviewer D: How do you compare to attack graphs, game-theoretic
models, etc.?

We will add text to compare. In short: we can view our table-based
optimal adversary as implementing an attack graph (computed to
optimize the adversary's expected gain). We can view our approach as a
Bayesian game, but game-theoretic notions are not relevant for us as
only one party (the adversary) has choices.

----------------------------------------------------------------------

We address some particular questions from reviewer C in the remainder
of the rebuttal.

--How did you implement the optimization procedure?

By exact simulation; more efficient means of analysis (e.g., via
abstract interpretation) we leave to interesting future work.

--Example V-F: The role of the change function is confusing since it
could be more directly modeled as another part of the secret.

The reviewer is right and so we should at least clarify the example.
In principle, separating the secret from the change function in our
model is done for two reasons: 1) the function cannot be observed
directly, only inferred, and 2) it cannot change itself. As a result,
this special part of the secret behaves most similarly to how secrets
behave in existing work on quantified information flow: uncertainty of
the change function decreases with additional observations through
imperfect channels and this uncertainty cannot be
recovered. Conversely, uncertainty in the dynamic parts of the secret
can be recovered, as shown by the periodicity in the figures. The
example in V-F was designed to show a counterintuitive situation in
which applying the change function more often results in higher
vulnerability of the secret. To show this we made the example have a
very high correlation between the change function and another part of
the secret (the floor). This has an unfortunate side effect of
trivializing the distinction between the change functions and other
parts of the secret. We conjecture that the correlation is a necessary
feature of scenarios that have the counterintuitive property; we will
attempt a proof and expand the discussion in any case.

--Why do the periods in the examples differ in the graphs?

This is sloppiness on our part: the change_freq parameter differed
with different experiments. We will unify it as much as possible, make
it explicit in the text, and rerun the experiments.

--What is the point of figures 7, 8?

Figures 7 and 8 illustrate existing min-vulnerability and guessing
entropy measures in our model, respectively, compared against a
measure that accounts for an adaptive adversary, which is a signature
feature of our approach. The figures show that adaptivity
significantly increases a secret's vulnerability.

--How to interpret the bottom of figure 9?

Figure 9 illustrates the impact of memory limitation on the
adversary. The bottom portion can be explained partially from the
periodic effect that also occurs in the top portion of the figure. The
advantage of more memory only matters as long as there are more things
to remember. At the start, or right after the secret has changed,
there is nothing to remember hence the various limited adversaries
have the same expected raid gain. Their odds diverge further into the
"epoch" of the current secret as there are more and more relevant
observations to remember. The gains are most diverged right before the
secret changes. The bottom figure illustrates the situation for an
adaptive adversary, for which the periodic effect also occurs. There,
however, the gain increases monotonically with time towards 1 (except
for the adversary with no memory at all). This occurs as every
adversary with at least one observation's worth of memory has
ever-increasing odds of luckily observing a single stakeout that
pinpoints the stash location exactly.

--Why is the parameter raid_odds included? Doesn't it just scale the
gain?

This aspect of our stakeout/raid examples is mostly used that we can
generalize beyond min-vulnerability (which would be equivalent to
raids without raid_odds) and show how such a parameter manifests
itself in the overall vulnerability of a secret. The reviewer is right
that the parameter serves to scale vulnerability and does not impact
the behavior of the adversary for most stakeout/raid examples. The
situation is more interesting when there are penalties for making
stakeouts (Section V.E). There the adversary cannot just decide to
stakeout until right before the stash location changes as each
stakeout incurs a cost; the attacker must weigh their chances of a
successful raid given what they know now vs. the prospect of learning
more about the stash location. The first quantity is scaled with
raid_odds, whereas the second depends more on the parameter
obs_odds. These parameters thus impact the adaptive decisions the
adversary makes before the attack occurs.



转载请注明来源,欢迎对文章中的引用来源进行考证,欢迎指出任何有错误或不够清晰的表达。