On detectability of labeled Petri nets and finite automata

Detectability is a basic property of dynamic systems: when it holds an observer can use the current and past values of the observed output signal produced by a system to reconstruct its current state. In this paper, we consider properties of this type in the framework of discrete-event systems modeled by labeled Petri nets and finite automata. We first study weak approximate detectability. This property implies that there exists an infinite observed output sequence of the system such that each prefix of the output sequence with length greater than a given value allows an observer to determine if the current state belongs to a given set. We prove that the problem of verifying this property is undecidable for labeled Petri nets, and PSPACE-complete for finite automata. We also consider one new concept called eventual strong detectability. The new property implies that for each possible infinite observed output sequence, there exists a value such that each prefix of the output sequence with length greater than that value allows reconstructing the current state. We prove that for labeled Petri nets, the problem of verifying eventual strong detectability is decidable and EXPSPACE-hard, where the decidability result holds under a mild promptness assumption. For finite automata, we give a polynomial-time verification algorithm for the property. In addition, we prove that strong detectability is strictly stronger than eventual strong detectability for labeled Petri nets and even for deterministic finite automata

On detectability of labeled Petri nets and finite automata

We study detectability properties for labeled Petri nets and finite automata. We first study weak approximate detectability (WAD) that implies that there exists an infinite observed output sequence of the system such that each prefix of the output sequence with length greater than a given value allows an observer to determine if the current state belongs to a given set. We also consider two new concepts called instant strong detectability (ISD) and eventual strong detectability (ESD). The former property implies that for each possible infinite observed output sequence each prefix of the output sequence allows reconstructing the current state. The latter implies that for each possible infinite observed output sequence, there exists a value such that each prefix of the output sequence with length greater than that value allows reconstructing the current state. Results: WAD: undecidable for labeled Petri nets, PSPACE-complete for finite automata ISD: decidable and EXPSPACE-hard for labeled Petri nets, belongs to P for finite automata ESD: decidable under promptness assumption and EXPSPACE-hard for labeled Petri nets, belongs to P for finite automata SD: belongs to P for finite automata, strengthens Shu and Lin's 2011 results based on two assumptions of deadlock-freeness and promptness ISD<SD<ESD<WD<WAD for both labeled Petri nets and finite automataComment: 44 pages, 21 figure

Opacity Of Discrete Event Systems: Analysis And Control

The exchange of sensitive information in many systems over a network can be manipulated by unauthorized access. Opacity is a property to investigate security and privacy problems in such systems. Opacity characterizes whether a secret information of a system can be inferred by an unauthorized user. One approach to verify security and privacy properties using opacity problem is to model the system that may leak confidential information as a discrete event system. The problem that has not investigated intensively is the enforcement of opacity properties by supervisory control. In other words, constructing a minimally restrictive supervisor to limit the system\u27s behavior so an unauthorized user cannot discover or infer the secret information. We describe and analyze the complexity of opacity in systems that are modeled as a discrete event system with partial observation mapping. We define three types of opacity: strong opacity, weak opacity, and no opacity. Strong Opacity describes the inability for the system\u27s observer to know what happened in a system. On the other hand, No-opacity refers to the condition where there is no ambiguity in the system behavior. The definitions introduce properties of opacity and its effects on the system behavior. Strong opacity can be used to study security related problems while no opacity can be used to study fault, detection and diagnosis, among many other applications. In this dissertation, we investigate the largest opaque sublanguages and smallest opaque superlanguages of a language if the language is not opaque. We studied how to ensure strong opacity, weak opacity and no opacity by supervisory control. If strong opacity, weak opacity or no opacity is not satisfied, then we can restrict the system\u27s behavior by a supervisor so that strong opacity, weak opacity or no opacity is satisfied. We investigate the strong opacity control problem (SOCP), the weak opacity control problem (WOCP), and no opacity control problem (NOCP). As illustrated by examples in the dissertation, the above properties of opacity can be used to characterize the security requirements in many applications, as anonymity requirements in protocols for web browsing. Solutions to SOCP in terms of the largest sublanguage that is controllable, observable (or normal), and strongly opaque were characterized. Similar characterization is available for solutions to NOCP

VERIFICATION AND APPLICATION OF DETECTABILITY BASED ON PETRI NETS

In many real-world systems, due to limitations of sensors or constraints of the environment, the system dynamics is usually not perfectly known. However, the state information of the system is usually crucial for the purpose of decision making. The state of the system needs to be determined in many applications. Due to its importance, the state estimation problem has received considerable attention in the discrete event system (DES) community. Recently, the state estimation problem has been studied systematically in the framework of detectability. The detectability properties characterize the possibility to determine the current and the subsequent states of a system after the observation of a finite number of events generated by the system. To model and analyze practical systems, powerful DES models are needed to describe the different observation behaviors of the system. Secondly, due to the state explosion problem, analysis methods that rely on exhaustively enumerating all possible states are not applicable for practical systems. It is necessary to develop more efficient and achievable verification methods for detectability. Furthermore, in this thesis, efficient detectability verification methods using Petri nets are investigated, then detectability is extended to a more general definition (C-detectability) that only requires that a given set of crucial states can be distinguished from other states. Formal definitions and efficient verification methods for C-detectability properties are proposed. Finally, C-detectability is applied to the railway signal system to verify the feasibility of this property: 1. Four types of detectability are extended from finite automata to labeled Petri nets. In particular, strong detectability, weak detectability, periodically strong detectability, and periodically weak detectability are formally defined in labeled Petri nets. 2. Based on the notion of basis reachability graph (BRG), a practically efficient approach (the BRG-observer method) to verify the four detectability properties in bounded labeled Petri nets is proposed. Using basis markings, there is no need to enumerate all the markings that are consistent with an observation. It has been shown by other researchers that the size of the BRG is usually much smaller than the size of the reachability graph (RG). Thus, the method improves the analysis efficiency and avoids the state space explosion problem. 3. Three novel approaches for the verification of the strong detectability and periodically strong detectability are proposed, which use three different structures whose construction has a polynomial complexity. Moreover, rather than computing all cycles of the structure at hand, which is NP-hard, it is shown that strong detectability can be verified looking at the strongly connected components whose computation also has a polynomial complexity. As a result, they have lower computational complexity than other methods in the literature. 4. Detectability could be too restrictive in real applications. Thus, detectability is extended to C-detectability that only requires that a given set of crucial states can be distinguished from other states. Four types of C-detectability are defined in the framework of labeled Petri nets. Moreover, efficient approaches are proposed to verify such properties in the case of bounded labeled Petri net systems based on the BRG. 5. Finally, a general modeling framework of railway systems is presented for the states estimation using labeled Petri nets. Then, C-detectability is applied to railway signal systems to verify its feasibility in the real-world system. Taking the RBC handover procedure in the Chinese train control system level 3 (CTCS-3) as an example, the RBC handover procedure is modeled using labeled Petri nets. Then based on the proposed approaches, it is shown that that the RBC handover procedure satisfies strongly C-detectability

Approximate reasoning for real-time probabilistic processes

We develop a pseudo-metric analogue of bisimulation for generalized semi-Markov processes. The kernel of this pseudo-metric corresponds to bisimulation; thus we have extended bisimulation for continuous-time probabilistic processes to a much broader class of distributions than exponential distributions. This pseudo-metric gives a useful handle on approximate reasoning in the presence of numerical information -- such as probabilities and time -- in the model. We give a fixed point characterization of the pseudo-metric. This makes available coinductive reasoning principles for reasoning about distances. We demonstrate that our approach is insensitive to potentially ad hoc articulations of distance by showing that it is intrinsic to an underlying uniformity. We provide a logical characterization of this uniformity using a real-valued modal logic. We show that several quantitative properties of interest are continuous with respect to the pseudo-metric. Thus, if two processes are metrically close, then observable quantitative properties of interest are indeed close.Comment: Preliminary version appeared in QEST 0