Verification of initial-state opacity in security applications of DES

Motivated by security applications where the initial state of a system needs to be kept secret (opaque) to outside observers (intruders), we formulate, analyze and verify the notion of initial-state opacity in discrete event systems. Specifically, a system is initial-state opaque if the membership of its true initial state to a set of secret states remains opaque to an intruder who is modeled as an observer of the system activity through some projection map. In other words, based on observations through this map, the observer is never certain that the initial state of the system is within the set of secret states. To verify initial-state opacity, we address the initial-state estimation problem in discrete event systems via the construction of an initial-state estimator. This estimator captures estimates of the initial state of the system which are consistent with all observations obtained so far. We also analyze the properties and complexity of the initial-state estimator.

[1]  Maciej Koutny,et al.  Modelling Opacity Using Petri Nets , 2005, WISP@ICATPN.

[2]  Christoforos N. Hadjicostis,et al.  Notions of security and opacity in discrete event systems , 2007, 2007 46th IEEE Conference on Decision and Control.

[3]  Dhiraj K. Pradhan,et al.  GLFSR-a new test pattern generator for built-in-self-test , 1994, Proceedings., International Test Conference.

[4]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[5]  Shahin Hashtrudi-Zad,et al.  Fault diagnosis in discrete-event systems: framework and model reduction , 2003, IEEE Trans. Autom. Control..

[6]  Maciej Koutny,et al.  Opacity Generalised to Transition Systems , 2005, Formal Aspects in Security and Trust.

[7]  Ross J. Anderson On Fibonacci Keystream Generators , 1994, FSE.

[8]  Roberto Gorrieri,et al.  A taxonomy of trace-based security properties for CCS , 1994, Proceedings The Computer Security Foundations Workshop VII.

[9]  Sagar Naik,et al.  Efficient computation of unique input/output sequences in finite-state machines , 1997, TNET.

[10]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[11]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[12]  Benoît Caillaud,et al.  Concurrent Secrets , 2007, 2006 8th International Workshop on Discrete Event Systems.

[13]  Nejib Ben Hadj-Alouane,et al.  On the verification of intransitive noninterference in mulitlevel security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).