Strong current-state and initial-state opacity of discrete-event systems

TL;DR

This paper introduces stronger versions of current-state and initial-state opacity in discrete-event systems to better ensure privacy, along with verification methods that account for complex system behaviors.

Contribution

It proposes two new, stronger opacity definitions and develops a novel concurrent-composition technique for their verification.

Findings

Defined strong current-state opacity and strong initial-state opacity.

Developed a concurrent-composition method for verification.

Analyzed the exponential complexity of the verification process.

Abstract

Opacity, as an important property in information-flow security, characterizes the ability of a system to keep some secret information from an intruder. In discrete-event systems, based on a standard setting in which an intruder has the complete knowledge of the system's structure, the standard versions of current-state opacity and initial-state opacity cannot perfectly characterize high-level privacy requirements. To overcome such a limitation, in this paper we propose two stronger versions of opacity in partially-observed discrete-event systems, called \emph{strong current-state opacity} and \emph{strong initial-state opacity}. Strong current-state opacity describes that an intruder never makes for sure whether a system is in a secret state at the current time, that is, if a system satisfies this property, then for each run of the system ended by a secret state, there exists a non-secret run whose observation is the same as that of the previous run. Strong initial-state opacity captures that the visit of a secret state at the initial time cannot be inferred by an intruder at any instant. Specifically, a system is said to be strongly initial-state opaque if for each run starting from a secret state, there exists a non-secret run of the system that has the same observation as the previous run has. To verify these two properties, we propose two information structures using a novel concurrent-composition technique, which has exponential-time complexity $O(|X|^4|\Sigma_o||\Sigma_{uo}||\Sigma|2^{|X|})$, where $|X|$ (resp., $|\Sigma|$, $|\Sigma_o|$, $|\Sigma_{uo}|$) is the number of states (resp., events, observable events, unobservable events) of a system.