By Topic

Supervisory Control for Opacity

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Dubreil, J. ; Centre Rennes-Bretagne Atlantique, INRIA, Rennes, France ; Darondeau, P. ; Marchand, H.

In the field of computer security, a problem that received little attention so far is the enforcement of confidentiality properties by supervisory control. Given a critical system G that may leak confidential information, the problem consists in designing a controller C, possibly disabling occurrences of a fixed subset of events of G, so that the closed-loop system G/C does not leak confidential information. We consider this problem in the case where G is a finite transition system with set of events ?? and an inquisitive user, called the adversary, observes a subset ??a of ??. The confidential information is the fact (when it is true) that the trace of the execution of G on ??* belongs to a regular set S ?? ??*, called the secret. The secret S is said to be opaque w.r.t. G (respectively, G/C) and ??a if the adversary cannot safely infer this fact from the trace of the execution of G (respectively, G/C) on ??a*. In the converse case, the secret can be disclosed. We present an effective algorithm for computing the most permissive controller C such that S is opaque w.r.t. G/C and ??a . This algorithm subsumes two earlier algorithms working under the strong assumption that the alphabet ??a of the adversary and the set of events that the controller can disable are comparable.

Published in:

Automatic Control, IEEE Transactions on  (Volume:55 ,  Issue: 5 )