44 research outputs found
Opacity Of Discrete Event Systems: Analysis And Control
The exchange of sensitive information in many systems over a network can be manipulated
by unauthorized access. Opacity is a property to investigate security and
privacy problems in such systems. Opacity characterizes whether a secret information
of a system can be inferred by an unauthorized user. One approach to verify security
and privacy properties using opacity problem is to model the system that may leak confidential
information as a discrete event system. The problem that has not investigated
intensively is the enforcement of opacity properties by supervisory control. In other
words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so
an unauthorized user cannot discover or infer the secret information.
We describe and analyze the complexity of opacity in systems that are modeled as
a discrete event system with partial observation mapping. We define three types of
opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the
inability for the system\u27s observer to know what happened in a system. On the other
hand, No-opacity refers to the condition where there is no ambiguity in the system
behavior. The definitions introduce properties of opacity and its effects on the system
behavior. Strong opacity can be used to study security related problems while no opacity
can be used to study fault, detection and diagnosis, among many other applications. In
this dissertation, we investigate the largest opaque sublanguages and smallest opaque
superlanguages of a language if the language is not opaque. We studied how to ensure
strong opacity, weak opacity and no opacity by supervisory control. If strong opacity,
weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a
supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate
the strong opacity control problem (SOCP), the weak opacity control problem (WOCP),
and no opacity control problem (NOCP).
As illustrated by examples in the dissertation, the above properties of opacity can
be used to characterize the security requirements in many applications, as anonymity
requirements in protocols for web browsing. Solutions to SOCP in terms of the largest
sublanguage that is controllable, observable (or normal), and strongly opaque were characterized.
Similar characterization is available for solutions to NOCP
Supervisory Control of Fuzzy Discrete Event Systems
In order to cope with situations in which a plant's dynamics are not
precisely known, we consider the problem of supervisory control for a class of
discrete event systems modelled by fuzzy automata. The behavior of such
discrete event systems is described by fuzzy languages; the supervisors are
event feedback and can disable only controllable events with any degree. The
concept of discrete event system controllability is thus extended by
incorporating fuzziness. In this new sense, we present a necessary and
sufficient condition for a fuzzy language to be controllable. We also study the
supremal controllable fuzzy sublanguage and the infimal controllable fuzzy
superlanguage when a given pre-specified desired fuzzy language is
uncontrollable. Our framework generalizes that of Ramadge-Wonham and reduces to
Ramadge-Wonham framework when membership grades in all fuzzy languages must be
either 0 or 1. The theoretical development is accompanied by illustrative
numerical examples.Comment: 12 pages, 2 figure
Centralized and distributed algorithms for on-line synthesis of maximal control policies under partial observation
This paper deals with the on-line control of partially observed discrete event systems (DES). The goal is to restrict the behavior of the system within a prefix-closed legal language while accounting for the presence of uncontrollable and unobservable events. In the spirit of recent work on the on-line control of partially observed DES (Heymann and Lin 1994) and on variable lookahead control of fully observed DES (Ben Hadj-Alouane et al. 1994c), we propose an approach where, following each observable event, a control action is computed on-line using an algorithm of linear worst-case complexity. This algorithm, called VLP-PO , has the following additional properties: (i) the resulting behavior is guaranteed to be a maximal controllable and observable sublanguage of the legal language; (ii) different maximals may be generated by varying the priorities assigned to the controllable events, a parameter of VLP-PO ; (iii) a maximal containing the supremal controllable and normal sublanguage of the legal language can be generated by a proper selection of controllable event priorities; and (iv) no off-line calculations are necessary. We also present a parallel/distributed version of the VLP-PO algorithm called DI-VLP-PO . This version uses several communicating agents that simultaneously run (on-line) identical versions of the algorithm but on possibly different parts of the system model and the legal language, according to the structural properties of the system and the specifications. While achieving the same behavior as VLO-PO, DI-VLP-PO runs at a total complexity (for computation and communication) that is significantly lower than its sequential counterpart.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/45126/1/10626_2005_Article_BF01797138.pd
Extension based limited lookahead supervision of discrete event systems
Abstract Supervisory control of discrete event systems using limited lookahead has been studied by Chung-Lafortune-Lin, where control is computed by truncating the plant behavior up to the limited lookahead window. We present a modification of this approach in which the control is computed by extending the plant behavior by arbitrary traces beyond the limited lookahead window. The proposed supervisor avoids the notion of pending traces. Consequently the need for considering either a conservative or an optimistic attitude regarding pending traces (as in the work of Chung-LafortuneLin) does not arise. It was shown that an optimistic attitude may result in violation of the desired specifications. We demonstrate here that a conservative attitude may result in a restrictive control policy by showing that in general the proposed supervisor is less restrictive than the conservative attitude based supervisor. Moreover, the proposed approach uses the notion of relative closure to construct the supervisor so that it is non-blocking even when the desired behavior is not relative closed (Chung-LafortuneLin assume relative closure). Finally, the proposed supervisor possesses all the desirable properties that a conservative attitude based supervisor of Chung-Lafortune-Lin possesses. We illustrate our approach by applying it to concurrency control in database management systems