3,632 research outputs found
Attack-Resilient Supervisory Control of Discrete-Event Systems
In this work, we study the problem of supervisory control of discrete-event
systems (DES) in the presence of attacks that tamper with inputs and outputs of
the plant. We consider a very general system setup as we focus on both
deterministic and nondeterministic plants that we model as finite state
transducers (FSTs); this also covers the conventional approach to modeling DES
as deterministic finite automata. Furthermore, we cover a wide class of attacks
that can nondeterministically add, remove, or rewrite a sensing and/or
actuation word to any word from predefined regular languages, and show how such
attacks can be modeled by nondeterministic FSTs; we also present how the use of
FSTs facilitates modeling realistic (and very complex) attacks, as well as
provides the foundation for design of attack-resilient supervisory controllers.
Specifically, we first consider the supervisory control problem for
deterministic plants with attacks (i) only on their sensors, (ii) only on their
actuators, and (iii) both on their sensors and actuators. For each case, we
develop new conditions for controllability in the presence of attacks, as well
as synthesizing algorithms to obtain FST-based description of such
attack-resilient supervisors. A derived resilient controller provides a set of
all safe control words that can keep the plant work desirably even in the
presence of corrupted observation and/or if the control words are subjected to
actuation attacks. Then, we extend the controllability theorems and the
supervisor synthesizing algorithms to nondeterministic plants that satisfy a
nonblocking condition. Finally, we illustrate applicability of our methodology
on several examples and numerical case-studies
Lipschitz Robustness of Finite-state Transducers
We investigate the problem of checking if a finite-state transducer is robust
to uncertainty in its input. Our notion of robustness is based on the analytic
notion of Lipschitz continuity --- a transducer is K-(Lipschitz) robust if the
perturbation in its output is at most K times the perturbation in its input. We
quantify input and output perturbation using similarity functions. We show that
K-robustness is undecidable even for deterministic transducers. We identify a
class of functional transducers, which admits a polynomial time
automata-theoretic decision procedure for K-robustness. This class includes
Mealy machines and functional letter-to-letter transducers. We also study
K-robustness of nondeterministic transducers. Since a nondeterministic
transducer generates a set of output words for each input word, we quantify
output perturbation using set-similarity functions. We show that K-robustness
of nondeterministic transducers is undecidable, even for letter-to-letter
transducers. We identify a class of set-similarity functions which admit
decidable K-robustness of letter-to-letter transducers.Comment: In FSTTCS 201
Reachability in Higher-Order-Counters
Higher-order counter automata (\HOCS) can be either seen as a restriction of
higher-order pushdown automata (\HOPS) to a unary stack alphabet, or as an
extension of counter automata to higher levels. We distinguish two principal
kinds of \HOCS: those that can test whether the topmost counter value is zero
and those which cannot.
We show that control-state reachability for level \HOCS with -test is
complete for \mbox{}-fold exponential space; leaving out the -test
leads to completeness for \mbox{}-fold exponential time. Restricting
\HOCS (without -test) to level , we prove that global (forward or
backward) reachability analysis is \PTIME-complete. This enhances the known
result for pushdown systems which are subsumed by level \HOCS without
-test.
We transfer our results to the formal language setting. Assuming that \PTIME
\subsetneq \PSPACE \subsetneq \mathbf{EXPTIME}, we apply proof ideas of
Engelfriet and conclude that the hierarchies of languages of \HOPS and of \HOCS
form strictly interleaving hierarchies. Interestingly, Engelfriet's
constructions also allow to conclude immediately that the hierarchy of
collapsible pushdown languages is strict level-by-level due to the existing
complexity results for reachability on collapsible pushdown graphs. This
answers an open question independently asked by Parys and by Kobayashi.Comment: Version with Full Proofs of a paper that appears at MFCS 201
Exploiting the Temporal Logic Hierarchy and the Non-Confluence Property for Efficient LTL Synthesis
The classic approaches to synthesize a reactive system from a linear temporal
logic (LTL) specification first translate the given LTL formula to an
equivalent omega-automaton and then compute a winning strategy for the
corresponding omega-regular game. To this end, the obtained omega-automata have
to be (pseudo)-determinized where typically a variant of Safra's
determinization procedure is used. In this paper, we show that this
determinization step can be significantly improved for tool implementations by
replacing Safra's determinization by simpler determinization procedures. In
particular, we exploit (1) the temporal logic hierarchy that corresponds to the
well-known automata hierarchy consisting of safety, liveness, Buechi, and
co-Buechi automata as well as their boolean closures, (2) the non-confluence
property of omega-automata that result from certain translations of LTL
formulas, and (3) symbolic implementations of determinization procedures for
the Rabin-Scott and the Miyano-Hayashi breakpoint construction. In particular,
we present convincing experimental results that demonstrate the practical
applicability of our new synthesis procedure
Tester versus Bug: A Generic Framework for Model-Based Testing via Games
We propose a generic game-based approach for test case generation. We set up
a game between the tester and the System Under Test, in such a way that test
cases correspond to game strategies, and the conformance relation ioco
corresponds to alternating refinement. We show that different test assumptions
from the literature can be easily incorporated, by slightly varying the moves
in the games and their outcomes. In this way, our framework allows a wide
plethora of game-theoretic techniques to be deployed for model based testing.Comment: In Proceedings GandALF 2018, arXiv:1809.0241
Hierarchical interface-based supervisory control using the conflict preorder
Hierarchical Interface-Based Supervisory Control decomposes a large discrete event system into subsystems linked to each other by interfaces, facilitating the design of complex systems and the re-use of components. By ensuring that each subsystem satisfies its interface consistency conditions locally, it can be ensured that the complete system is controllable and nonblocking. The interface consistency conditions proposed in this paper are based on the conflict preorder, providing increased flexibility over previous approaches. The framework requires only a small number of interface consistency conditions, and allows for the design of multi-level hierarchies that are provably controllable and nonblocking
Processes, Roles and Their Interactions
Taking an interaction network oriented perspective in informatics raises the
challenge to describe deterministic finite systems which take part in networks
of nondeterministic interactions. The traditional approach to describe
processes as stepwise executable activities which are not based on the
ordinarily nondeterministic interaction shows strong centralization tendencies.
As suggested in this article, viewing processes and their interactions as
complementary can circumvent these centralization tendencies.
The description of both, processes and their interactions is based on the
same building blocks, namely finite input output automata (or transducers).
Processes are viewed as finite systems that take part in multiple, ordinarily
nondeterministic interactions. The interactions between processes are described
as protocols.
The effects of communication between processes as well as the necessary
coordination of different interactions within a processes are both based on the
restriction of the transition relation of product automata. The channel based
outer coupling represents the causal relation between the output and the input
of different systems. The coordination condition based inner coupling
represents the causal relation between the input and output of a single system.
All steps are illustrated with the example of a network of resource
administration processes which is supposed to provide requesting user processes
exclusive access to a single resource.Comment: In Proceedings IWIGP 2012, arXiv:1202.422
- …