17 research outputs found
Synthesis of Covert Actuator Attackers for Free
In this paper, we shall formulate and address a problem of covert actuator
attacker synthesis for cyber-physical systems that are modelled by
discrete-event systems. We assume the actuator attacker partially observes the
execution of the closed-loop system and is able to modify each control command
issued by the supervisor on a specified attackable subset of controllable
events. We provide straightforward but in general exponential-time reductions,
due to the use of subset construction procedure, from the covert actuator
attacker synthesis problems to the Ramadge-Wonham supervisor synthesis
problems. It then follows that it is possible to use the many techniques and
tools already developed for solving the supervisor synthesis problem to solve
the covert actuator attacker synthesis problem for free. In particular, we show
that, if the attacker cannot attack unobservable events to the supervisor, then
the reductions can be carried out in polynomial time. We also provide a brief
discussion on some other conditions under which the exponential blowup in state
size can be avoided. Finally, we show how the reduction based synthesis
procedure can be extended for the synthesis of successful covert actuator
attackers that also eavesdrop the control commands issued by the supervisor.Comment: The paper has been accepted for the journal Discrete Event Dynamic
System
A Polynomial Approach to Verifying the Existence of a Threatening Sensor Attacker
The development of cyber-physical systems (CPS) has brought much attention of researchers to cyber-attack and cyber-security. A sensor attacker targeting on a supervised discrete event system can modify a set of sensor readings and cause the closed-loop system to reach undesirable states. In this letter, we propose a new attack detection mechanism under which the supervisor only needs to keep track of the last observable event received. Given a plant and a supervisor enforcing a state specification, we define a sensor attacker threatening if it may cause the closed-loop system to enter a forbidden state. Our goal is to verify whether there exists such a threatening sensor attacker for a given controlled system. A new structure, called All Sensor Attack (ASA), is proposed to capture all possible sensor attacks launched by the attacker. Based on the ASA automaton, a necessary and sufficient condition for the existence of a stealthy threatening sensor attacker is presented. Finally, we show that the condition can be verified in polynomial time
Attack-Resilient Supervisory Control of Discrete-Event Systems
In this work, we study the problem of supervisory control of discrete-event
systems (DES) in the presence of attacks that tamper with inputs and outputs of
the plant. We consider a very general system setup as we focus on both
deterministic and nondeterministic plants that we model as finite state
transducers (FSTs); this also covers the conventional approach to modeling DES
as deterministic finite automata. Furthermore, we cover a wide class of attacks
that can nondeterministically add, remove, or rewrite a sensing and/or
actuation word to any word from predefined regular languages, and show how such
attacks can be modeled by nondeterministic FSTs; we also present how the use of
FSTs facilitates modeling realistic (and very complex) attacks, as well as
provides the foundation for design of attack-resilient supervisory controllers.
Specifically, we first consider the supervisory control problem for
deterministic plants with attacks (i) only on their sensors, (ii) only on their
actuators, and (iii) both on their sensors and actuators. For each case, we
develop new conditions for controllability in the presence of attacks, as well
as synthesizing algorithms to obtain FST-based description of such
attack-resilient supervisors. A derived resilient controller provides a set of
all safe control words that can keep the plant work desirably even in the
presence of corrupted observation and/or if the control words are subjected to
actuation attacks. Then, we extend the controllability theorems and the
supervisor synthesizing algorithms to nondeterministic plants that satisfy a
nonblocking condition. Finally, we illustrate applicability of our methodology
on several examples and numerical case-studies
Selection of a stealthy and harmful attack function in discrete event systems
In this paper we consider the problem of joint state estimation under attack in partially-observed discrete event systems. An operator observes the evolution of the plant to evaluate its current states. The attacker may tamper with the sensor readings received by the operator inserting dummy events or erasing real events that have occurred in the plant with the goal of preventing the operator from computing the correct state estimation. An attack function is said to be harmful if the state estimation consistent with the correct observation and the state estimation consistent with the corrupted observation satisfy a given misleading relation. On the basis of an automaton called joint estimator, we show how to compute a supremal stealthy joint subestimator that allows the attacker to remain stealthy, no matter what the future evolution of the plant is. Finally, we show how to select a stealthy and harmful attack function based on such a subestimator