Verification of initial-state opacity in security applications of discrete event systems

In this paper, we formulate and analyze methodologies for verifying the notion of initial-state opacity in discrete event systems that are modeled as non-deterministic finite automata with partial observation on their transitions. A system is initial-state opaque if the membership of its true initial state to a set of secret states remains opaque (i.e., uncertain) to an intruder who observes system activity through some projection map. Initial-state opacity can be used to characterize security requirements in a variety of applications, including tracking problems in sensor networks. In order to model and analyze the intruder capabilities regarding initial-state opacity, we first address the initial-state estimation problem in a non-deterministic finite automaton via the construction of an initial-state estimator. We analyze the properties and complexity of the initial-state estimator, and show how the complexity of the verification method can be greatly reduced in the special case when the set of secret states is invariant. We also establish that the verification of initial-state opacity is a PSPACE-complete problem.

[1]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[2]  Maciej Koutny,et al.  Modelling Dynamic Opacity Using Petri Nets with Silent Actions , 2004, Formal Aspects in Security and Trust.

[3]  Narad Rampersad,et al.  On NFAs where all states are final, initial, or both , 2008, Theor. Comput. Sci..

[4]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[5]  Sagar Naik,et al.  Efficient computation of unique input/output sequences in finite-state machines , 1997, TNET.

[6]  Steve A. Schneider,et al.  CSP and Anonymity , 1996, ESORICS.

[7]  Roberto Gorrieri,et al.  A taxonomy of trace-based security properties for CCS , 1994, Proceedings The Computer Security Foundations Workshop VII.

[8]  Jan Komenda,et al.  Supervisory Control of Discrete-Event Systems , 2015 .

[9]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[10]  D. E. Bell,et al.  Secure Computer Systems : Mathematical Foundations , 2022 .

[11]  Benoît Caillaud,et al.  Concurrent Secrets , 2007, 2006 8th International Workshop on Discrete Event Systems.

[12]  Christoforos N. Hadjicostis,et al.  Notions of security and opacity in discrete event systems , 2007, 2007 46th IEEE Conference on Decision and Control.

[13]  Peter E. Caines,et al.  Classical and Logic-Based Dynamic Observers for Finite Automata , 1991 .

[14]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[15]  Alan J. Hu,et al.  Checking for Language Inclusion Using Simulation Preorders , 1991, CAV.

[16]  Orna Grumberg,et al.  Applicability of fair simulation , 2002, Inf. Comput..

[17]  Walter Murray Wonham,et al.  On observability of discrete-event systems , 1988, Inf. Sci..

[18]  Sheng Zhong,et al.  k-Anonymous data collection , 2009, Inf. Sci..

[19]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[20]  Christoforos N. Hadjicostis,et al.  Reduced-complexity verification for initial-state opacity in modular discrete event systems , 2010, WODES.

[21]  Christoforos N. Hadjicostis,et al.  Opacity verification in stochastic discrete event systems , 2010, 49th IEEE Conference on Decision and Control (CDC).

[22]  Christoforos N. Hadjicostis,et al.  Verification of K-step opacity and analysis of its complexity , 2011, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[23]  Nejib Ben Hadj-Alouane,et al.  On the verification of intransitive noninterference in mulitlevel security , 2005, IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics).

[24]  David Lee,et al.  Testing Finite-State Machines: State Identification and Verification , 1994, IEEE Trans. Computers.

[25]  S C Kleene,et al.  Representation of Events in Nerve Nets and Finite Automata , 1951 .

[26]  P. Darondeau,et al.  Opacity enforcing control synthesis , 2008, 2008 9th International Workshop on Discrete Event Systems.

[27]  Walter Murray Wonham,et al.  Decentralized supervisory control of discrete-event systems , 1987, Inf. Sci..

[28]  David S. Johnson,et al.  Computers and Intractability: A Guide to the Theory of NP-Completeness , 1978 .

[29]  A. Saboori,et al.  Verification of initial-state opacity in security applications of DES , 2008, 2008 9th International Workshop on Discrete Event Systems.

[30]  P. Ramadge,et al.  Supervisory control of a class of discrete event processes , 1987 .

[31]  Olivier Roux,et al.  Synthesis of non-interferent distributed systems , 2007 .

[32]  Maciej Koutny,et al.  Opacity Generalised to Transition Systems , 2005, Formal Aspects in Security and Trust.

[33]  Maciej Koutny,et al.  Modelling Opacity Using Petri Nets , 2005, WISP@ICATPN.

[34]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.