Conditions for Hierarchical Supervisory Control under Partial Observation

The fundamental problem in hierarchical supervisory control under partial observation is to find conditions preserving observability between the original (low-level) and the abstracted (high-level) plants. Two conditions for observable specifications were identified in the literature -- observation consistency (OC) and local observation consistency (LOC). However, the decidability of OC and LOC were left open. We show that both OC and LOC are decidable for regular systems. We further show that these conditions do not guarantee that supremal (normal or relatively observable) sublanguages computed on the low level and on the high level always coincide. To solve the issue, we suggest a new condition -- modified observation consistency -- and show that under this condition, the supremal normal sublanguages are preserved between the levels, while the supremal relatively observable high-level sublanguage is at least as good as the supremal relatively observable low-level sublanguage, i.e., the high-level solution may be even better than the low-level solution

Opacity Of Discrete Event Systems: Analysis And Control

The exchange of sensitive information in many systems over a network can be manipulated by unauthorized access. Opacity is a property to investigate security and privacy problems in such systems. Opacity characterizes whether a secret information of a system can be inferred by an unauthorized user. One approach to verify security and privacy properties using opacity problem is to model the system that may leak confidential information as a discrete event system. The problem that has not investigated intensively is the enforcement of opacity properties by supervisory control. In other words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so an unauthorized user cannot discover or infer the secret information. We describe and analyze the complexity of opacity in systems that are modeled as a discrete event system with partial observation mapping. We define three types of opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the inability for the system\u27s observer to know what happened in a system. On the other hand, No-opacity refers to the condition where there is no ambiguity in the system behavior. The definitions introduce properties of opacity and its effects on the system behavior. Strong opacity can be used to study security related problems while no opacity can be used to study fault, detection and diagnosis, among many other applications. In this dissertation, we investigate the largest opaque sublanguages and smallest opaque superlanguages of a language if the language is not opaque. We studied how to ensure strong opacity, weak opacity and no opacity by supervisory control. If strong opacity, weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate the strong opacity control problem (SOCP), the weak opacity control problem (WOCP), and no opacity control problem (NOCP). As illustrated by examples in the dissertation, the above properties of opacity can be used to characterize the security requirements in many applications, as anonymity requirements in protocols for web browsing. Solutions to SOCP in terms of the largest sublanguage that is controllable, observable (or normal), and strongly opaque were characterized. Similar characterization is available for solutions to NOCP