期刊
IEEE TRANSACTIONS ON AUTOMATIC CONTROL
卷 55, 期 5, 页码 1089-1100出版社
IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC
DOI: 10.1109/TAC.2010.2042008
关键词
Confidentiality; control; discrete event systems (DES); opacity; partial observation; security
资金
- Politess RNRT project
In the field of computer security, a problem that received little attention so far is the enforcement of confidentiality properties by supervisory control. Given a critical system G that may leak confidential information, the problem consists in designing a controller C, possibly disabling occurrences of a fixed subset of events of G, so that the closed-loop system G/C does not leak confidential information. We consider this problem in the case where is a finite transition system with set of events Sigma and an inquisitive user, called the adversary, observes a subset Sigma(a) of Sigma. The confidential information is the fact (when it is true) that the trace of the execution of G on Sigma* belongs to a regular set S subset of Sigma*, called the secret. The secret S is said to be opaque w.r.t. G (respectively, G/C) and Sigma(a) if the adversary cannot safely infer this fact from the trace of the execution of G (respectively, G/C) on Sigma(a)*. In the converse case, the secret can be disclosed. We present an effective algorithm for computing the most permissive controller C such that S is opaque w.r.t. G/C and Sigma(a). This algorithm subsumes two earlier algorithms working under the strong assumption that the alphabet Sigma(a) of the adversary and the set of events that the controller can disable are comparable.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据