Overview of discrete event systems opacity: Models, validation, and quantification

Abstract Over the last decade, opacity of discrete event systems (DES) has become a very fertile field of research. Driven by safety and privacy concerns in network communications and online services, much theoretical work has been conducted in order to design opaque systems. A system is opaque if an external observer in unable to infer a “secret” about the system behavior. This paper aims to review the most commonly used techniques of opacity validation for deterministic models and opacity quantification for probabilistic ones. Available complexity results are also provided. Finally, we review existing tools for opacity validation and current applications.

[1]  Kais Klai,et al.  An On-the-Fly Approach for the Verification of Opacity in Critical Systems , 2014, 2014 IEEE 23rd International WETICE Conference.

[2]  Jean-Jacques Lesage,et al.  Opacity of Discrete Event Systems: models, validation and quantification , 2015 .

[3]  Béatrice Bérard,et al.  Verification of Information Flow Properties under Rational Observation , 2014, Electron. Commun. Eur. Assoc. Softw. Sci. Technol..

[4]  Stéphane Lafortune,et al.  Ensuring Privacy in Location-Based Services: An Approach Based on Opacity Enforcement , 2014, WODES.

[5]  Jérémy Dubreil,et al.  Monitoring and Supervisory Control for Opacity Properties , 2009 .

[6]  P. Darondeau,et al.  Opacity enforcing control synthesis , 2008, 2008 9th International Workshop on Discrete Event Systems.

[7]  Sébastien Chédor,et al.  Diagnostic, opacité et test de conformité pour des systèmes récursifs. (Diagnosis, opacity and conformance testing for recursive tile systems) , 2014 .

[8]  Yi-Chin Wu Verification and Enforcement of Opacity Security Properties in Discrete Event Systems. , 2014 .

[9]  Christoforos N. Hadjicostis,et al.  Verification of Infinite-Step Opacity and Analysis of its Complexity* , 2009 .

[10]  Christoforos N. Hadjicostis,et al.  Current-State Opacity Formulations in Probabilistic Finite Automata , 2014, IEEE Transactions on Automatic Control.

[11]  Kim G. Larsen,et al.  Modal Specifications , 1989, Automatic Verification Methods for Finite State Systems.

[12]  Christoforos Keroglou,et al.  Opacity formulations and verification in discrete event systems , 2014, Proceedings of the 2014 IEEE Emerging Technology and Factory Automation (ETFA).

[13]  Pavol Cerný,et al.  Preserving Secrecy Under Refinement , 2006, ICALP.

[14]  Shigemasa Takai,et al.  A Formula for the Supremal Controllable and Opaque Sublanguage Arising in Supervisory Control , 2008 .

[15]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[16]  W. M. Wonham,et al.  The control of discrete event systems , 1989 .

[17]  Hervé Marchand,et al.  Dynamic Observers for the Synthesis of Opaque Systems , 2009, ATVA.

[18]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[19]  Olivier Roux,et al.  Synthesis of Non-Interferent Systems , 2007 .

[20]  Benoît Caillaud,et al.  Concurrent Secrets , 2007, 2006 8th International Workshop on Discrete Event Systems.

[21]  Joseph Sifakis,et al.  Automatic Verification Methods for Finite State Systems , 1989, Lecture Notes in Computer Science.

[22]  Sophie Pinchinat,et al.  Diagnosis and opacity problems for infinite state systems modeled by recursive tile systems , 2015, Discret. Event Dyn. Syst..

[23]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[24]  Maciej Koutny,et al.  Towards Quantitative Analysis of Opacity , 2012, TGC.

[25]  Franck Cassez,et al.  The Dark Side of Timed Opacity , 2009, ISA.

[26]  Christoforos N. Hadjicostis,et al.  Verification of $K$-Step Opacity and Analysis of Its Complexity , 2009, IEEE Transactions on Automation Science and Engineering.

[27]  Christoforos N. Hadjicostis,et al.  Notions of security and opacity in discrete event systems , 2007, 2007 46th IEEE Conference on Decision and Control.

[28]  Feng Lin,et al.  Opaque superlanguages and sublanguages in discrete event systems , 2009, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[29]  Majed Ben-Kalefa,et al.  Opaque superlanguages and sublanguages in discrete event systems , 2009, CDC.

[30]  Stéphane Lafortune,et al.  Overview of fault diagnosis methods for Discrete Event Systems , 2013, Annu. Rev. Control..

[31]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[32]  Feng Lin,et al.  Decentralized opacity of discrete event systems , 2012, 2012 American Control Conference (ACC).

[33]  Shigemasa Takai,et al.  Verification and synthesis for secrecy in discrete-event systems , 2009, 2009 American Control Conference.

[34]  Koichi Kobayashi,et al.  Verification of Opacity and Diagnosability for Pushdown Systems , 2013, J. Appl. Math..

[35]  Stéphane Lafortune,et al.  Synthesis of insertion functions for enforcement of opacity security properties , 2014, Autom..

[36]  Yliès Falcone,et al.  Runtime enforcement of K-step opacity , 2013, 52nd IEEE Conference on Decision and Control.

[37]  Nejib Ben Hadj-Alouane,et al.  On the verification of intransitive noninterference in mulitlevel security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[38]  Stéphane Lafortune,et al.  Failure diagnosis using discrete event models , 1994, Proceedings of 1994 33rd IEEE Conference on Decision and Control.

[39]  Philippe Darondeau,et al.  Enforcing opacity of regular predicates on modal transition systems , 2015, Discret. Event Dyn. Syst..

[40]  C. N. Hadjicostis,et al.  Resolution of initial-state in security applications of DES , 2012, 2012 20th Mediterranean Conference on Control & Automation (MED).

[41]  Sophie Pinchinat,et al.  Opacity Issues in Games with Imperfect Information , 2011, GandALF.

[42]  Hervé Marchand,et al.  Synthesis of opaque systems with static and dynamic masks , 2012, Formal Methods Syst. Des..

[43]  Jun Chen,et al.  Secrecy in stochastic discrete event systems , 2014, Proceedings of the 11th IEEE International Conference on Networking, Sensing and Control.

[44]  Maciej Koutny,et al.  Modelling Opacity Using Petri Nets , 2005, WISP@ICATPN.

[45]  Loïc Hélouët,et al.  Non-interference in Partial Order Models , 2015, ACSD.

[46]  Yliès Falcone,et al.  Enforcement and validation (at runtime) of various notions of opacity , 2014, Discrete Event Dynamic Systems.

[47]  Bo Zhang,et al.  Polynomial algorithms to check opacity in discrete event systems , 2012, 2012 24th Chinese Control and Decision Conference (CCDC).

[48]  Yassine Lakhnech,et al.  Probabilistic Opacity for a Passive Adversary and its Application to Chaum's Voting Scheme , 2005, IACR Cryptol. ePrint Arch..

[49]  Christoforos Keroglou,et al.  Initial state opacity in stochastic DES , 2013, 2013 IEEE 18th Conference on Emerging Technologies & Factory Automation (ETFA).

[50]  Feng Lin,et al.  Maximum Information Release While Ensuring Opacity in Discrete Event Systems , 2015, IEEE Trans Autom. Sci. Eng..

[51]  Roberto Gorrieri,et al.  A taxonomy of trace-based security properties for CCS , 1994, Proceedings The Computer Security Foundations Workshop VII.

[52]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[53]  Thierry Jéron,et al.  Monitoring confidentiality by diagnosis techniques , 2009, 2009 European Control Conference (ECC).

[54]  Stéphane Lafortune,et al.  Comparative analysis of related notions of opacity in centralized and coordinated architectures , 2013, Discret. Event Dyn. Syst..

[55]  Christoforos N. Hadjicostis,et al.  Opacity-Enforcing Supervisory Strategies via State Estimator Constructions , 2012, IEEE Transactions on Automatic Control.

[56]  Feng Lin,et al.  Supervisory control for opacity of discrete event systems , 2011, 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Allerton).

[57]  Christoforos N. Hadjicostis,et al.  Verification of initial-state opacity in security applications of discrete event systems , 2013, Inf. Sci..

[58]  A. Saboori,et al.  Verification of initial-state opacity in security applications of DES , 2008, 2008 9th International Workshop on Discrete Event Systems.

[59]  Maciej Koutny,et al.  Opacity Generalised to Transition Systems , 2005, Formal Aspects in Security and Trust.

[60]  Christoforos N. Hadjicostis,et al.  Opacity-enforcing supervisory strategies for secure discrete event systems , 2008, 2008 47th IEEE Conference on Decision and Control.

[61]  Anooshiravan Saboori,et al.  Coverage analysis of mobile agent trajectory via state-based opacity formulations☆ , 2011 .

[62]  Feng Lin,et al.  Opacity of discrete event systems and its applications , 2011, Autom..

[63]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[64]  Laurent Mazare,et al.  Using Unification For Opacity Properties , 2004 .

[65]  Christoforos N. Hadjicostis,et al.  Opacity verification in stochastic discrete event systems , 2010, 49th IEEE Conference on Decision and Control (CDC).

[66]  Mathieu Sassolas,et al.  Quantifying Opacity , 2010, QEST.

[67]  Jana Kosecka,et al.  Control of Discrete Event Systems , 1992 .

[68]  John Mullins,et al.  Opacity with Orwellian Observers and Intransitive Non-Interference , 2014, WODES.

[69]  Krishnendu Chatterjee,et al.  Probabilistic opacity for Markov decision processes , 2014, Inf. Process. Lett..

[70]  Philippe Darondeau,et al.  Supervisory Control for Opacity , 2010, IEEE Transactions on Automatic Control.

[71]  Jason M. O'Kane,et al.  Automatic design of discreet discrete filters , 2015, 2015 IEEE International Conference on Robotics and Automation (ICRA).

[72]  Anooshiravan Saboori,et al.  Verification and enforcement of state-based notions of opacity in discrete event systems , 2010 .

[73]  Didier Lime,et al.  Control and synthesis of non-interferent timed systems , 2012, Int. J. Control.