J. Dubreil, Ph. Darondeau, H. Marchand. Supervisory Control for Opacity. IEEE Transactions on Automatic Control, 55(5):1089-1100, May 2010.
In the field of computer security, a problem that received little attention so far is the enforcement of confidentiality properties by supervisory control. Given a critical system G that may leak confidential information, the problem consists in designing a controller C, possibly disabling occurrences of a fixed subset of events of G, so that the closed-loop system G/C does not leak confidential information. We consider this problem in the case where G is a finite transition system with set of events A and an inquisitive user, called the adversary, observes a subset A_a of A. The confidential information is the fact (when it is true) that the trace of the execution of G on A^* belongs to a regular set S\subseteqA^*, called the secret. The secret S is said to be opaque w.r.t. G (resp. G/C) and A_a if the adversary cannot safely infer this fact from the trace of the execution of G (resp. G/C) on A_a^*. In the converse case, the secret can be disclosed. We present an effective algorithm for computing the most permissive controller C such that S is opaque w.r.t. G/C and A_a. This algorithm subsumes two earlier algorithms working under the strong assumption that the alphabet A_a of the adversary and the set of events that the controller can disable are comparable
Jérémy Dubreil
Hervé Marchand http://www.irisa.fr/prive/hmarchan
@article{dubreil10,
Author = {Dubreil, J. and Darondeau, Ph. and Marchand, H.},
Title = {Supervisory Control for Opacity},
Journal = {IEEE Transactions on Automatic Control},
Volume = { 55},
Number = {5},
Pages = {1089--1100},
Month = {May},
Year = {2010}
}
Get EndNote Reference (.ref)
| VerTeCs
| Team
| Publications
| New Results
| Softwares
|
Irisa - Inria - Copyright 2005 © Projet VerTeCs |