6,137 research outputs found
Opacity Of Discrete Event Systems: Analysis And Control
The exchange of sensitive information in many systems over a network can be manipulated
by unauthorized access. Opacity is a property to investigate security and
privacy problems in such systems. Opacity characterizes whether a secret information
of a system can be inferred by an unauthorized user. One approach to verify security
and privacy properties using opacity problem is to model the system that may leak confidential
information as a discrete event system. The problem that has not investigated
intensively is the enforcement of opacity properties by supervisory control. In other
words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so
an unauthorized user cannot discover or infer the secret information.
We describe and analyze the complexity of opacity in systems that are modeled as
a discrete event system with partial observation mapping. We define three types of
opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the
inability for the system\u27s observer to know what happened in a system. On the other
hand, No-opacity refers to the condition where there is no ambiguity in the system
behavior. The definitions introduce properties of opacity and its effects on the system
behavior. Strong opacity can be used to study security related problems while no opacity
can be used to study fault, detection and diagnosis, among many other applications. In
this dissertation, we investigate the largest opaque sublanguages and smallest opaque
superlanguages of a language if the language is not opaque. We studied how to ensure
strong opacity, weak opacity and no opacity by supervisory control. If strong opacity,
weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a
supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate
the strong opacity control problem (SOCP), the weak opacity control problem (WOCP),
and no opacity control problem (NOCP).
As illustrated by examples in the dissertation, the above properties of opacity can
be used to characterize the security requirements in many applications, as anonymity
requirements in protocols for web browsing. Solutions to SOCP in terms of the largest
sublanguage that is controllable, observable (or normal), and strongly opaque were characterized.
Similar characterization is available for solutions to NOCP
Checking and Enforcing Security through Opacity in Healthcare Applications
The Internet of Things (IoT) is a paradigm that can tremendously
revolutionize health care thus benefiting both hospitals, doctors and patients.
In this context, protecting the IoT in health care against interference,
including service attacks and malwares, is challenging. Opacity is a
confidentiality property capturing a system's ability to keep a subset of its
behavior hidden from passive observers. In this work, we seek to introduce an
IoT-based heart attack detection system, that could be life-saving for patients
without risking their need for privacy through the verification and enforcement
of opacity. Our main contributions are the use of a tool to verify opacity in
three of its forms, so as to detect privacy leaks in our system. Furthermore,
we develop an efficient, Symbolic Observation Graph (SOG)-based algorithm for
enforcing opacity
Corporate governance of banks: the current state of the debate.
Since banks are among the most important sources not only of finance but also of external governance for firms, the corporate governance of banks is a crucial factor for growth and development. Despite its importance, this topic has been explored only by a few studies. While some authors support, with different arguments in the course of time, the specificity of banks, other authors, among whom Ross Levine and his co-authors from the World Bank, question heavily the present banking regulatory framework. The debate on the corporate governance of banks has a direct bearing on the current discussions on the future of banking regulatory design: should the regulatory intervention be the most important corporate control mechanism in banking or should regulators focus on introducing incentives for appropriate market behaviour?Financial economics; Corporate Governance; Banking; Regulation and Supervision; Market Discipline; Securities Law
Opacity with Orwellian Observers and Intransitive Non-interference
Opacity is a general behavioural security scheme flexible enough to account
for several specific properties. Some secret set of behaviors of a system is
opaque if a passive attacker can never tell whether the observed behavior is a
secret one or not. Instead of considering the case of static observability
where the set of observable events is fixed off line or dynamic observability
where the set of observable events changes over time depending on the history
of the trace, we consider Orwellian partial observability where unobservable
events are not revealed unless a downgrading event occurs in the future of the
trace. We show how to verify that some regular secret is opaque for a regular
language L w.r.t. an Orwellian projection while it has been proved undecidable
even for a regular language L w.r.t. a general Orwellian observation function.
We finally illustrate relevancy of our results by proving the equivalence
between the opacity property of regular secrets w.r.t. Orwellian projection and
the intransitive non-interference property
Supervisory Control and Analysis of Partially-observed Discrete Event Systems
Nowadays, a variety of real-world systems fall into discrete event systems (DES). In practical scenarios, due to facts like limited sensor technique, sensor failure, unstable network and even the intrusion of malicious agents, it might occur that some events are unobservable, multiple events are indistinguishable in observations, and observations of some events are nondeterministic. By considering various practical scenarios, increasing attention in the DES community has been paid to partially-observed DES, which in this thesis refer broadly to those DES with partial and/or unreliable observations.
In this thesis, we focus on two topics of partially-observed DES, namely, supervisory control and analysis.
The first topic includes two research directions in terms of system models. One is the supervisory control of DES with both unobservable and uncontrollable events, focusing on the forbidden state problem; the other is the supervisory control of DES vulnerable to sensor-reading disguising attacks (SD-attacks), which is also interpreted as DES with nondeterministic observations, addressing both the forbidden state problem and the liveness-enforcing problem. Petri nets (PN) are used as a reference formalism in this topic. First, we study the forbidden state problem in the framework of PN with both unobservable and uncontrollable transitions, assuming that unobservable transitions are uncontrollable. For ordinary PN subject to an admissible Generalized Mutual Exclusion Constraint (GMEC), an optimal on-line control policy with polynomial complexity is proposed provided that a particular subnet, called observation subnet, satisfies certain conditions in structure. It is then discussed how to obtain an optimal on-line control policy for PN subject to an arbitrary GMEC. Next, we still consider the forbidden state problem but in PN vulnerable to SD-attacks. Assuming the control specification in terms of a GMEC, we propose three methods to derive on-line control policies. The first two lead to an optimal policy but are computationally inefficient for large-size systems, while the third method computes a policy with timely response even for large-size systems but at the expense of optimality. Finally, we investigate the liveness-enforcing problem still assuming that the system is vulnerable to SD-attacks. In this problem, the plant is modelled as a bounded PN, which allows us to off-line compute a supervisor starting from constructing the reachability graph of the PN. Then, based on repeatedly computing a more restrictive liveness-enforcing supervisor under no attack and constructing a basic supervisor, an off-line method that synthesizes a liveness-enforcing supervisor tolerant to an SD-attack is proposed.
In the second topic, we care about the verification of properties related to system security. Two properties are considered, i.e., fault-predictability and event-based opacity. The former is a property in the literature, characterizing the situation that the occurrence of any fault in a system is predictable, while the latter is a newly proposed property in the thesis, which describes the fact that secret events of a system cannot be revealed to an external observer within their critical horizons. In the case of fault-predictability, DES are modeled by labeled PN. A necessary and sufficient condition for fault-predictability is derived by characterizing the structure of the Predictor Graph. Furthermore, two rules are proposed to reduce the size of a PN, which allow us to analyze the fault-predictability of the original net by verifying that of the reduced net. When studying event-based opacity, we use deterministic finite-state automata as the reference formalism. Considering different scenarios, we propose four notions, namely, K-observation event-opacity, infinite-observation event-opacity, event-opacity and combinational event-opacity. Moreover, verifiers are proposed to analyze these properties
- …