Runtime enforcement of K-step opacity

We study the enforcement of K-step opacity at runtime. In K-step opacity, the knowledge of the secret is of interest to the attacker within K steps after the secret occurs and becomes obsolete afterwards. We introduce the mechanism of runtime enforcer that is placed between the output of the system and the attacker and enforces opacity using delays. If an output event from the system violates K-step opacity, the enforcer stores the event in the memory, for the minimal number of system steps until the secret is no longer interesting to the attacker (or, K-step opacity holds again).

[1]  Benoît Caillaud,et al.  Concurrent Secrets , 2007, 2006 8th International Workshop on Discrete Event Systems.

[2]  Christoforos N. Hadjicostis,et al.  Verification of initial-state opacity in security applications of discrete event systems , 2013, Inf. Sci..

[3]  Yliès Falcone,et al.  Various Notions of Opacity Verified and Enforced at Runtime , 2010 .

[4]  Christoforos N. Hadjicostis,et al.  Delayed State Estimation in Discrete Event Systems and Applications to Security Problems , 2008 .

[5]  Yliès Falcone,et al.  Runtime Verification of Safety-Progress Properties , 2009, RV.

[6]  Christoforos N. Hadjicostis,et al.  Verification of Infinite-Step Opacity and Complexity Considerations , 2012, IEEE Transactions on Automatic Control.

[7]  Stéphane Lafortune,et al.  Enforcement of opacity properties using insertion functions , 2012, 2012 IEEE 51st IEEE Conference on Decision and Control (CDC).

[8]  Pavol Cerný,et al.  Preserving Secrecy Under Refinement , 2006, ICALP.

[9]  Philippe Darondeau,et al.  Supervisory Control for Opacity , 2010, IEEE Transactions on Automatic Control.

[10]  Yliès Falcone,et al.  You Should Better Enforce Than Verify , 2010, RV.

[11]  Amir Pnueli,et al.  PSL Model Checking and Run-Time Verification Via Testers , 2006, FM.

[12]  Yliès Falcone,et al.  Runtime enforcement monitors: composition, synthesis, and enforcement abilities , 2011, Formal Methods Syst. Des..

[13]  Maciej Koutny,et al.  Opacity generalised to transition systems , 2005, International Journal of Information Security.

[14]  Christoforos N. Hadjicostis,et al.  Opacity-Enforcing Supervisory Strategies via State Estimator Constructions , 2012, IEEE Transactions on Automatic Control.

[15]  Kevin W. Hamlen,et al.  Computability classes for enforcement mechanisms , 2006, TOPL.

[16]  Lujo Bauer,et al.  Run-Time Enforcement of Nonsafety Policies , 2009, TSEC.

[17]  Christoforos N. Hadjicostis,et al.  Verification of K-step opacity and analysis of its complexity , 2011, Proceedings of the 48h IEEE Conference on Decision and Control (CDC) held jointly with 2009 28th Chinese Control Conference.

[18]  Shigemasa Takai,et al.  A Formula for the Supremal Controllable and Opaque Sublanguage Arising in Supervisory Control , 2008 .

[19]  Lujo Bauer,et al.  Enforcing Non-safety Security Policies with Program Monitors , 2005, ESORICS.

[20]  Klaus Havelund,et al.  Verify Your Runs , 2005, VSTTE.

[21]  Hervé Marchand,et al.  Dynamic Observers for the Synthesis of Opaque Systems , 2009, ATVA.

[22]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[23]  Christoforos N. Hadjicostis,et al.  Verification of $K$-Step Opacity and Analysis of Its Complexity , 2009, IEEE Transactions on Automation Science and Engineering.

[24]  Thierry Jéron,et al.  Monitoring confidentiality by diagnosis techniques , 2009, 2009 European Control Conference (ECC).

[25]  Thierry Jéron,et al.  Automatic Testing of Access Control for Security Properties , 2009, TestCom/FATES.

[26]  Shigemasa Takai,et al.  Verification and synthesis for secrecy in discrete-event systems , 2009, 2009 American Control Conference.