5 research outputs found
Opacity Of Discrete Event Systems: Analysis And Control
The exchange of sensitive information in many systems over a network can be manipulated
by unauthorized access. Opacity is a property to investigate security and
privacy problems in such systems. Opacity characterizes whether a secret information
of a system can be inferred by an unauthorized user. One approach to verify security
and privacy properties using opacity problem is to model the system that may leak confidential
information as a discrete event system. The problem that has not investigated
intensively is the enforcement of opacity properties by supervisory control. In other
words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so
an unauthorized user cannot discover or infer the secret information.
We describe and analyze the complexity of opacity in systems that are modeled as
a discrete event system with partial observation mapping. We define three types of
opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the
inability for the system\u27s observer to know what happened in a system. On the other
hand, No-opacity refers to the condition where there is no ambiguity in the system
behavior. The definitions introduce properties of opacity and its effects on the system
behavior. Strong opacity can be used to study security related problems while no opacity
can be used to study fault, detection and diagnosis, among many other applications. In
this dissertation, we investigate the largest opaque sublanguages and smallest opaque
superlanguages of a language if the language is not opaque. We studied how to ensure
strong opacity, weak opacity and no opacity by supervisory control. If strong opacity,
weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a
supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate
the strong opacity control problem (SOCP), the weak opacity control problem (WOCP),
and no opacity control problem (NOCP).
As illustrated by examples in the dissertation, the above properties of opacity can
be used to characterize the security requirements in many applications, as anonymity
requirements in protocols for web browsing. Solutions to SOCP in terms of the largest
sublanguage that is controllable, observable (or normal), and strongly opaque were characterized.
Similar characterization is available for solutions to NOCP
Enforcing current-state opacity through shuffle in event observations
Opacity is a property that ensures that a secret behavior of the system is kept hidden from an Intruder. In this work, we deal with current-state opacity, and propose an Opacity-Enforcer that is able to change, in an appropriate way, the order of observation in the event occurrences in the system, so as to mislead the Intruder to always wrongly estimate at least one non-secret state. A necessary and sufficient condition for the feasibility of the Opacity-Enforcer synthesis is presented and also two algorithms to build the automaton that realizes such an enforcement.Opacidade é uma propriedade que garante que qualquer comportamento secreto do sistema permaneça escondido de um Intruso. Neste trabalho será considerado o problema da opacidade de estado atual e será proposto um Forçador de Opacidade capaz de permutar adequadamente a ordem de observação dos eventos ocorridos no sistema, de tal forma que o Intruso seja enganado e sempre estime, erroneamente, pelo menos um estado não secreto. Condições necessárias e suficientes para a síntese do Forçador de Opacidade são propostas a fim de que a mesma seja factível e são também apresentados dois algoritmos para construção do autômato que implementa a estratégia usada pelo Forçador de Opacidade
Verification and Enforcement of Opacity Security Properties in Discrete Event Systems.
The need for stringent cybersecurity is becoming significant as computers and networks are integrated into every aspect of our lives. A recent trend in cybersecurity research is to formalize security notions and develop theoretical foundations for designing secure systems. In this dissertation, we address a security notion called opacity based on the control theory for Discrete Event Systems (DES). Opacity is an information-flow property that captures whether a given secret of the system can be inferred by intruders who passively observe the behavior of the system. Finite-state automata are used to capture the dynamics of computer systems that need to be rendered opaque with respect to a given secret. Under the observation of the intruder, the secret of the system is opaque if “whenever the secret has occurred, there exists another non-secret behavior that is observationally equivalent.”
This research focuses on the analysis and the enforcement of four notions of opacity. First, we develop algorithms for verifying opacity notions under the attack model of a single intruder and that of multiple colluding intruders. We then consider the enforcement of opacity when the secret is not opaque. Specifically, we propose a novel enforcement mechanism based on event insertion to address opacity enforcement for a class of systems whose dynamics cannot be modified. An insertion function, placed at the output of the system, inserts fictitious observable events to the system’s output without interacting with the system. We develop a finite structure called the All-Insertion Structure (AIS) that enumerates all valid insertion functions. The AIS establishes a necessary and sufficient condition for the existence of a valid insertion function, and provides a structure to synthesize one insertion function. Furthermore, we introduce the maximum total cost and the maximum mean cost to quantify insertion functions. A condition for determining which cost objective to use is established. For each cost, we develop an algorithmic procedure for synthesizing an optimal insertion function from the AIS. Finally, our analysis and enforcement procedure is applied to ensuring location privacy in location-based services.PHDElectrical Engineering: SystemsUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/108905/1/ycwu_1.pd
Opaque Superlanguages and Sublanguages in Discrete Event Systems
Opacity describes the inability for an external observer to know what happened in a system. Recently, opacity has been investigated in the framework of discrete event systems. In our previous paper, we define two types of opacities: strong opacity and weak opacity. Given a general observation mapping, a language is strongly opaque if all strings in the language are confused with some strings in another language and it is weakly opaque if some strings in the language are confused with some strings in another language. In this paper, we investigate properties of opacities. We show that opacities are closed under union, but may not be closed under intersection. Based on these properties, we discuss how to modify languages to satisfy the strong opacity, weak opacity, and no opacity by investigating the sublanguages and superlanguages that are strongly opaque, weakly opaque, and not opaque respectively. We find the largest sublanguages and smallest superlanguages. Examples are given to illustrate results