36 research outputs found
Conditions for Hierarchical Supervisory Control under Partial Observation
The fundamental problem in hierarchical supervisory control under partial
observation is to find conditions preserving observability between the original
(low-level) and the abstracted (high-level) plants. Two conditions for
observable specifications were identified in the literature -- observation
consistency (OC) and local observation consistency (LOC). However, the
decidability of OC and LOC were left open. We show that both OC and LOC are
decidable for regular systems. We further show that these conditions do not
guarantee that supremal (normal or relatively observable) sublanguages computed
on the low level and on the high level always coincide. To solve the issue, we
suggest a new condition -- modified observation consistency -- and show that
under this condition, the supremal normal sublanguages are preserved between
the levels, while the supremal relatively observable high-level sublanguage is
at least as good as the supremal relatively observable low-level sublanguage,
i.e., the high-level solution may be even better than the low-level solution
Opacity Of Discrete Event Systems: Analysis And Control
The exchange of sensitive information in many systems over a network can be manipulated
by unauthorized access. Opacity is a property to investigate security and
privacy problems in such systems. Opacity characterizes whether a secret information
of a system can be inferred by an unauthorized user. One approach to verify security
and privacy properties using opacity problem is to model the system that may leak confidential
information as a discrete event system. The problem that has not investigated
intensively is the enforcement of opacity properties by supervisory control. In other
words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so
an unauthorized user cannot discover or infer the secret information.
We describe and analyze the complexity of opacity in systems that are modeled as
a discrete event system with partial observation mapping. We define three types of
opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the
inability for the system\u27s observer to know what happened in a system. On the other
hand, No-opacity refers to the condition where there is no ambiguity in the system
behavior. The definitions introduce properties of opacity and its effects on the system
behavior. Strong opacity can be used to study security related problems while no opacity
can be used to study fault, detection and diagnosis, among many other applications. In
this dissertation, we investigate the largest opaque sublanguages and smallest opaque
superlanguages of a language if the language is not opaque. We studied how to ensure
strong opacity, weak opacity and no opacity by supervisory control. If strong opacity,
weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a
supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate
the strong opacity control problem (SOCP), the weak opacity control problem (WOCP),
and no opacity control problem (NOCP).
As illustrated by examples in the dissertation, the above properties of opacity can
be used to characterize the security requirements in many applications, as anonymity
requirements in protocols for web browsing. Solutions to SOCP in terms of the largest
sublanguage that is controllable, observable (or normal), and strongly opaque were characterized.
Similar characterization is available for solutions to NOCP