Abstract
Opacity is a property of information flow that characterizes the ability of a system to keep a secret information hidden from a malicious external entity, called an attacker. Given a critical system that may leak confidential information, an attacker with partial observation of the system and a subset of controllable actions, we propose an approach to synthesize a controller that enforces the system’s opacity. This controller is designed as a function that applies, at run time, to the current execution to disable any controllable action that eventually leads to the violation of the opacity of the system. The supervision function is built at design time based on a new version of the symbolic observation graph that represents a reduced abstraction of the state space graph of the system preserving the observation of both the attacker and the controller. The language induced by this function is proven to be controllable, observable and supremal no matter the relation that exists between the observations of the attacker and the controller.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bryans, J.W., Koutny, M., Mazaré, L., Ryan, P.Y.A.: Opacity generalised to transition systems. In: Dimitrakos, T., Martinelli, F., Ryan, P.Y.A., Schneider, S. (eds.) FAST 2005. LNCS, vol. 3866, pp. 81–95. Springer, Heidelberg (2006). https://doi.org/10.1007/11679219_7
O’Halloran, C.: A calculus of information flow. In: ESORICS 90 - First European Symposium on Research in Computer Security, 24–26 October 1990, Toulouse, pp. 147–159. AFCET (1990)
Falcone, Y., Marchand, H.: Enforcement and validation (at runtime) of various notions of opacity. Discr. Event Dyn. Syst. 25(4), 531–570 (2014). https://doi.org/10.1007/s10626-014-0196-4
Falcone, Y., Marchand, H.: Enforcement and validation (at runtime) of various notions of opacity. Discr. Event Dyn. Syst. 25(4), 531–570 (2015)
Haddad, S., Ilié, J.-M., Klai, K.: Design and evaluation of a symbolic and abstraction-based model checker. In: Wang, F. (ed.) ATVA 2004. LNCS, vol. 3299, pp. 196–210. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-30476-0_19
Bryant, R.E.: Symbolic Boolean manipulation with ordered binary-decision diagrams. ACM Comput. Surv. 24(3), 293–318 (1992)
Matsui, S., Cai, K.: Application of supervisory control to secret protection in discrete-event systems. J. Soc. Instrum. Control Eng. Spec. Issue Event Based Control IoT 60(1), 14–20 (2021)
Klai, K, Poitrenaud, D.: MC-SOG: an LTL model checker based on symbolic observation graphs. In: van Hee, K.M., Valk, R. (eds.) PETRI NETS 2008. LNCS, vol. 5062, pp. 288–306. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-68746-7_20
Klai, K., Petrucci, L.: Modular construction of the symbolic observation graph. In: 8th International Conference on Application of Concurrency to System Design (ACSD 2008), Xi’an, China, 23–27 June 2008, pp. 88–97. IEEE (2008)
Bourouis, A., Klai, K., Hadj-Alouane, N.B., Touati, Y.E.: On the verification of opacity in web services and their composition. IEEE Trans. Serv. Comput. 10(1), 66–79 (2017)
Ramadge, P.J., Wonham, W.M.: The control of discrete event systems. In: Proceedings of the IEEE; Special issue on Dynamics of Discrete Event Systems, vol. 77, no. 1, pp. 81–98 (1989)
Cassandras, C.G., Lafortune, S.: Controlled Markov chains. In: Introduction to Discrete Event Systems, pp. 535–591. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-72274-6_9
Dubreil, J., Darondeau, P., Marchand, H.: Opacity enforcing control synthesis. In: 9th International Workshop on Discrete Event Systems, pp. 28–35 (2008)
Jacob, R., Lesage, J., Faure, J.: Overview of discrete event systems opacity: models, validation, and quantification. Annu. Rev. Control. 41, 135–146 (2016)
Bryans, J.W., Koutny, M., Ryan, P.Y.A.: Modelling dynamic opacity using petri nets with silent actions. In: Dimitrakos, T., Martinelli, F. (eds.) Formal Aspects in Security and Trust. IIFIP, vol. 173, pp. 159–172. Springer, Boston (2005). https://doi.org/10.1007/0-387-24098-5_12
Bryans, J.W., Koutny, M., Ryan, P.Y.A.: Modelling opacity using petri nets. Electron. Notes Theor. Comput. Sci. 121, 101–115 (2005)
Saboori, A., Hadjicostis, C.: Verification of k-step opacity and analysis of its complexity. In: IEEE Transactions on Automation Science and Engineering, vol. 8, pp. 549–559 (2011)
Saboori, A., Hadjicostis, C.N.: Verification of initial-state opacity in security applications of des. In: 2008 9th International Workshop on Discrete Event Systems, pp. 328–333 (2008)
Saboori, A.: Verification and enforcement of state-based notions of opacity in discrete event systems. PhD thesis, University of Illinois at Urbana-Champaign (2011)
Saboori, A., Hadjicostis, C.N.: Verification of infinite-step opacity and complexity considerations. IEEE Trans. Autom. Control. 57(5), 1265–1269 (2012)
Bourouis, A., Klai, K., Hadj-Alouane, N.B.: Measuring opacity in web services. In: Proceedings of the 19th International Conference on Information Integration and Web-Based Applications Services, iiWAS 2017, New York, pp. 530–534. Association for Computing Machinery (2017)
Bourouis, A., Klai, K., Hadj-Alouane, N.B.: Measuring opacity for non-probabilistic DES: a sog-based approach. In: 24th International Conference on Engineering of Complex Computer Systems, ICECCS 2019, Guangzhou, 10–13 November 2019, pp. 242–247. IEEE (2019)
Bérard, B., Mullins, J., Sassolas, M.: Quantifying opacity. In: QEST 2010, Seventh International Conference on the Quantitative Evaluation of Systems, Williamsburg, Virginia, 15–18 September 2010, pp. 263–272. IEEE Computer Society (2010)
Bryans, J.W., Koutny, M., Mazaré, L., Ryan, P.Y.A.: Opacity generalised to transition systems. Int. J. Inf. Sec. 7(6), 421–435 (2008)
http://toolboxopacity.gforge.inria.fr/. Takos: a java toolbox for analyzing the k-opacity of systems (2010)
S. Library. www.eecs.umich.edu/umdes/toolboxes.html (2009)
Klai, K., Hamdi, N., BenHadj-Alouane, N.: An on-the-fly approach for the verification of opacity in critical systems. In: 2014 IEEE 23rd International WETICE Conference, WETICE 2014, Parma, 23–25 June 2014, pp. 345–350. IEEE Computer Society (2014)
Souid, N.E., Klai, K.: A novel approach for supervisor synthesis to enforce opacity of discrete event systems. In: Gao, D., Li, Q., Guan, X., Liao, X. (eds.) ICICS 2021. LNCS, vol. 12919, pp. 210–227. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-88052-1_13
Dubreil, J.: Monitoring and supervisory control for opacity properties. (Vérification et Synthèse de Contrôleur pour des Propriétés de Confidentialité). PhD thesis, University of Rennes 1, France (2009)
Zinck, G., Ricker, L., Marchand, H., Hlout, L.: Enforcing opacity in modular systems. In: IFAC 2020, IFAC World Congress, pp. 1–8 (2020)
Badouel, E., Bednarczyk, M.A., Borzyszkowski, A.M., Caillaud, B., Darondeau, P.: Concurrent secrets. Discr. Event Dyn. Syst. 17(4), 425–446 (2007)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Souid, N.E., Klai, K., Abid, C.A., Ahmed, S.B. (2022). At Design-Time Approach for Supervisory Control of Opacity. In: Sellami, M., Ceravolo, P., Reijers, H.A., Gaaloul, W., Panetto, H. (eds) Cooperative Information Systems. CoopIS 2022. Lecture Notes in Computer Science, vol 13591. Springer, Cham. https://doi.org/10.1007/978-3-031-17834-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-031-17834-4_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17833-7
Online ISBN: 978-3-031-17834-4
eBook Packages: Computer ScienceComputer Science (R0)