Synthesis of insertion functions for enforcement of opacity security properties
Opacity is a confidentiality property that characterizes whether a “secret” of a system can be inferred by an outside observer called an “intruder”. In this paper, we consider the problem of enforcing opacity in systems modeled as partially-observed finite-state automata. We propose a novel enforcem...
Gespeichert in:
| Veröffentlicht in: | Automatica (Oxford) 2014-05, Vol.50 (5), p.1336-1348 |
|---|---|
| Hauptverfasser: | , |
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | 1348 |
|---|---|
| container_issue | 5 |
| container_start_page | 1336 |
| container_title | Automatica (Oxford) |
| container_volume | 50 |
| creator | Wu, Yi-Chin Lafortune, Stéphane |
| description | Opacity is a confidentiality property that characterizes whether a “secret” of a system can be inferred by an outside observer called an “intruder”. In this paper, we consider the problem of enforcing opacity in systems modeled as partially-observed finite-state automata. We propose a novel enforcement mechanism based on the use of insertion functions. An insertion function is a monitoring interface at the output of the system that changes the system’s output behavior by inserting additional observable events. We define the property of “i-enforceability” that an insertion function needs to satisfy in order to enforce opacity. I-enforceability captures an insertion function’s ability to respond to every system’s observed behavior and to output only modified behaviors that look like existing non-secret behaviors. Given an insertion function, we provide an algorithm that verifies whether it is i-enforcing. More generally, given an opacity notion, we determine whether it is i-enforceable or not by constructing a structure called the “All Insertion Structure” (AIS). The AIS enumerates all i-enforcing insertion functions in a compact state transition structure. If a given opacity notion has been verified to be i-enforceable, we show how to use the AIS to synthesize an i-enforcing insertion function. |
| doi_str_mv | 10.1016/j.automatica.2014.02.038 |
| format | Article |
| fullrecord | <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_miscellaneous_1671621276</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S0005109814000764</els_id><sourcerecordid>1671621276</sourcerecordid><originalsourceid>FETCH-LOGICAL-c447t-d9a1fe7f60a296318e173c192960f563f8a264f5e7ddfcd1fda2fbca47da4cb23</originalsourceid><addsrcrecordid>eNqFkE9rGzEQxUVIIU6a77CXQi-7lbRrST62JkkLBh_anoU8OyIytuRqtAV_-2ixSY-9zB_4vXnMY6wRvBNcqC_7zk0lHV0J4DrJxdBx2fHe3LCFMLpvpenVLVtwzpet4Ctzx-6J9nUdhJELtv15juUVKVCTfBMiYS4hxcZPEeaBGp9yg7FWwCPGMmPp5CCUc0MIU56HU06nWYj0kX3w7kD4eO0P7Pfz06_193azffmx_rppYRh0aceVEx61V9zJleqFQaF7EKu6cL9UvTdOqsEvUY-jh1H40Um_Azfo0Q2wk_0D-3y5W63_TEjFHgMBHg4uYprICqWFkkJqVVFzQSEnoozennI4uny2gts5Q7u3_zK0c4aWS1szrNJPVxdH4A4-uwiB3vXSDL3Welm5bxcO68t_A2ZLEDACjiEjFDum8H-zN3e5j00</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>1671621276</pqid></control><display><type>article</type><title>Synthesis of insertion functions for enforcement of opacity security properties</title><source>ScienceDirect Journals (5 years ago - present)</source><creator>Wu, Yi-Chin ; Lafortune, Stéphane</creator><creatorcontrib>Wu, Yi-Chin ; Lafortune, Stéphane</creatorcontrib><description>Opacity is a confidentiality property that characterizes whether a “secret” of a system can be inferred by an outside observer called an “intruder”. In this paper, we consider the problem of enforcing opacity in systems modeled as partially-observed finite-state automata. We propose a novel enforcement mechanism based on the use of insertion functions. An insertion function is a monitoring interface at the output of the system that changes the system’s output behavior by inserting additional observable events. We define the property of “i-enforceability” that an insertion function needs to satisfy in order to enforce opacity. I-enforceability captures an insertion function’s ability to respond to every system’s observed behavior and to output only modified behaviors that look like existing non-secret behaviors. Given an insertion function, we provide an algorithm that verifies whether it is i-enforcing. More generally, given an opacity notion, we determine whether it is i-enforceable or not by constructing a structure called the “All Insertion Structure” (AIS). The AIS enumerates all i-enforcing insertion functions in a compact state transition structure. If a given opacity notion has been verified to be i-enforceable, we show how to use the AIS to synthesize an i-enforcing insertion function.</description><identifier>ISSN: 0005-1098</identifier><identifier>EISSN: 1873-2836</identifier><identifier>DOI: 10.1016/j.automatica.2014.02.038</identifier><identifier>CODEN: ATCAA9</identifier><language>eng</language><publisher>Kidlington: Elsevier Ltd</publisher><subject>Algorithms ; Applied sciences ; Computer science; control theory; systems ; Discrete event systems ; Exact sciences and technology ; Insertion ; Mathematical models ; Memory and file management (including protection and security) ; Memory organisation. Data processing ; Monitoring ; Observers ; Opacity ; Security ; Software ; Synthesis</subject><ispartof>Automatica (Oxford), 2014-05, Vol.50 (5), p.1336-1348</ispartof><rights>2014 Elsevier Ltd</rights><rights>2015 INIST-CNRS</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c447t-d9a1fe7f60a296318e173c192960f563f8a264f5e7ddfcd1fda2fbca47da4cb23</citedby><cites>FETCH-LOGICAL-c447t-d9a1fe7f60a296318e173c192960f563f8a264f5e7ddfcd1fda2fbca47da4cb23</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://dx.doi.org/10.1016/j.automatica.2014.02.038$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>314,780,784,3550,27924,27925,45995</link.rule.ids><backlink>$$Uhttp://pascal-francis.inist.fr/vibad/index.php?action=getRecordDetail&idt=28437775$$DView record in Pascal Francis$$Hfree_for_read</backlink></links><search><creatorcontrib>Wu, Yi-Chin</creatorcontrib><creatorcontrib>Lafortune, Stéphane</creatorcontrib><title>Synthesis of insertion functions for enforcement of opacity security properties</title><title>Automatica (Oxford)</title><description>Opacity is a confidentiality property that characterizes whether a “secret” of a system can be inferred by an outside observer called an “intruder”. In this paper, we consider the problem of enforcing opacity in systems modeled as partially-observed finite-state automata. We propose a novel enforcement mechanism based on the use of insertion functions. An insertion function is a monitoring interface at the output of the system that changes the system’s output behavior by inserting additional observable events. We define the property of “i-enforceability” that an insertion function needs to satisfy in order to enforce opacity. I-enforceability captures an insertion function’s ability to respond to every system’s observed behavior and to output only modified behaviors that look like existing non-secret behaviors. Given an insertion function, we provide an algorithm that verifies whether it is i-enforcing. More generally, given an opacity notion, we determine whether it is i-enforceable or not by constructing a structure called the “All Insertion Structure” (AIS). The AIS enumerates all i-enforcing insertion functions in a compact state transition structure. If a given opacity notion has been verified to be i-enforceable, we show how to use the AIS to synthesize an i-enforcing insertion function.</description><subject>Algorithms</subject><subject>Applied sciences</subject><subject>Computer science; control theory; systems</subject><subject>Discrete event systems</subject><subject>Exact sciences and technology</subject><subject>Insertion</subject><subject>Mathematical models</subject><subject>Memory and file management (including protection and security)</subject><subject>Memory organisation. Data processing</subject><subject>Monitoring</subject><subject>Observers</subject><subject>Opacity</subject><subject>Security</subject><subject>Software</subject><subject>Synthesis</subject><issn>0005-1098</issn><issn>1873-2836</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2014</creationdate><recordtype>article</recordtype><recordid>eNqFkE9rGzEQxUVIIU6a77CXQi-7lbRrST62JkkLBh_anoU8OyIytuRqtAV_-2ixSY-9zB_4vXnMY6wRvBNcqC_7zk0lHV0J4DrJxdBx2fHe3LCFMLpvpenVLVtwzpet4Ctzx-6J9nUdhJELtv15juUVKVCTfBMiYS4hxcZPEeaBGp9yg7FWwCPGMmPp5CCUc0MIU56HU06nWYj0kX3w7kD4eO0P7Pfz06_193azffmx_rppYRh0aceVEx61V9zJleqFQaF7EKu6cL9UvTdOqsEvUY-jh1H40Um_Azfo0Q2wk_0D-3y5W63_TEjFHgMBHg4uYprICqWFkkJqVVFzQSEnoozennI4uny2gts5Q7u3_zK0c4aWS1szrNJPVxdH4A4-uwiB3vXSDL3Welm5bxcO68t_A2ZLEDACjiEjFDum8H-zN3e5j00</recordid><startdate>20140501</startdate><enddate>20140501</enddate><creator>Wu, Yi-Chin</creator><creator>Lafortune, Stéphane</creator><general>Elsevier Ltd</general><general>Elsevier</general><scope>IQODW</scope><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>7SP</scope><scope>8FD</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope></search><sort><creationdate>20140501</creationdate><title>Synthesis of insertion functions for enforcement of opacity security properties</title><author>Wu, Yi-Chin ; Lafortune, Stéphane</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c447t-d9a1fe7f60a296318e173c192960f563f8a264f5e7ddfcd1fda2fbca47da4cb23</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2014</creationdate><topic>Algorithms</topic><topic>Applied sciences</topic><topic>Computer science; control theory; systems</topic><topic>Discrete event systems</topic><topic>Exact sciences and technology</topic><topic>Insertion</topic><topic>Mathematical models</topic><topic>Memory and file management (including protection and security)</topic><topic>Memory organisation. Data processing</topic><topic>Monitoring</topic><topic>Observers</topic><topic>Opacity</topic><topic>Security</topic><topic>Software</topic><topic>Synthesis</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Wu, Yi-Chin</creatorcontrib><creatorcontrib>Lafortune, Stéphane</creatorcontrib><collection>Pascal-Francis</collection><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><jtitle>Automatica (Oxford)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Wu, Yi-Chin</au><au>Lafortune, Stéphane</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Synthesis of insertion functions for enforcement of opacity security properties</atitle><jtitle>Automatica (Oxford)</jtitle><date>2014-05-01</date><risdate>2014</risdate><volume>50</volume><issue>5</issue><spage>1336</spage><epage>1348</epage><pages>1336-1348</pages><issn>0005-1098</issn><eissn>1873-2836</eissn><coden>ATCAA9</coden><abstract>Opacity is a confidentiality property that characterizes whether a “secret” of a system can be inferred by an outside observer called an “intruder”. In this paper, we consider the problem of enforcing opacity in systems modeled as partially-observed finite-state automata. We propose a novel enforcement mechanism based on the use of insertion functions. An insertion function is a monitoring interface at the output of the system that changes the system’s output behavior by inserting additional observable events. We define the property of “i-enforceability” that an insertion function needs to satisfy in order to enforce opacity. I-enforceability captures an insertion function’s ability to respond to every system’s observed behavior and to output only modified behaviors that look like existing non-secret behaviors. Given an insertion function, we provide an algorithm that verifies whether it is i-enforcing. More generally, given an opacity notion, we determine whether it is i-enforceable or not by constructing a structure called the “All Insertion Structure” (AIS). The AIS enumerates all i-enforcing insertion functions in a compact state transition structure. If a given opacity notion has been verified to be i-enforceable, we show how to use the AIS to synthesize an i-enforcing insertion function.</abstract><cop>Kidlington</cop><pub>Elsevier Ltd</pub><doi>10.1016/j.automatica.2014.02.038</doi><tpages>13</tpages></addata></record> |
| fulltext | fulltext |
| identifier | ISSN: 0005-1098 |
| ispartof | Automatica (Oxford), 2014-05, Vol.50 (5), p.1336-1348 |
| issn | 0005-1098 1873-2836 |
| language | eng |
| recordid | cdi_proquest_miscellaneous_1671621276 |
| source | ScienceDirect Journals (5 years ago - present) |
| subjects | Algorithms Applied sciences Computer science control theory systems Discrete event systems Exact sciences and technology Insertion Mathematical models Memory and file management (including protection and security) Memory organisation. Data processing Monitoring Observers Opacity Security Software Synthesis |
| title | Synthesis of insertion functions for enforcement of opacity security properties |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-07T11%3A46%3A15IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Synthesis%20of%20insertion%20functions%20for%20enforcement%20of%20opacity%20security%20properties&rft.jtitle=Automatica%20(Oxford)&rft.au=Wu,%20Yi-Chin&rft.date=2014-05-01&rft.volume=50&rft.issue=5&rft.spage=1336&rft.epage=1348&rft.pages=1336-1348&rft.issn=0005-1098&rft.eissn=1873-2836&rft.coden=ATCAA9&rft_id=info:doi/10.1016/j.automatica.2014.02.038&rft_dat=%3Cproquest_cross%3E1671621276%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=1671621276&rft_id=info:pmid/&rft_els_id=S0005109814000764&rfr_iscdi=true |