Abstract
We consider a multi-adversary version of the supervisory control problem for discrete-event systems (DES), in which an adversary corrupts the observations available to the supervisor. The supervisor’s goal is to enforce a specific language in spite of the opponent’s actions and without knowing which adversary it is playing against. This problem is motivated by applications to computer security in which a cyber defense system must make decisions based on reports from sensors that may have been tampered with by an attacker. We start by showing that the problem has a solution if and only if the desired language is controllable (in the DES classical sense) and observable in a (novel) sense that takes the adversaries into account. For the particular case of attacks that insert symbols into or remove symbols from the sequence of sensor outputs, we show that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered.
Similar content being viewed by others
References
Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water SCADA systems-part I: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21:1963–1970
Cassandras CG, Lafortune S (2008) Introduction to discrete event systems, 2nd edn. Springer, Berlin
Chong MS, Wakaiki M, Hespanha JP (2015) Observability of linear systems under adversarial attacks. In: Proceedings of the 2015 American control conference
Corporation TM (2018) Common vulnerabilities and exposures (CVE) list. https://cve.mitre.org. Accessed 1 Oct 2017
Dubreil J, Darondeau P, Marchand H (2010) Supervisory control for opacity. IEEE Trans Autom Control 55:1089–1100
Fawzi H, Tabuada P, Diggavi S (2014) Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans Autom Control 59:1454–1467
Feng L, Wonham W (2006) TCT: a computation tool for supervisory control synthesis. In: 8th international workshop on discrete event systems, pp 388–389
Hubballi N, Biswas S, Roopa S, Ratti R, Nandi S (2011) LAN attack detection using discrete event systems. ISA Trans 50:119–130
Ji Y, Lee S, Downing E, Wang W, Fazzini M, Kim T, Orso A, Lee W (2017) Rain: refinable attack investigation with on-demand inter-process information flow tracking. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, pp 377–390
Lafortune S, Ricker L (2014) Desuma2. https://wiki.eecs.umich.edu/desuma/. Accessed 1 Oct 2017
Lin F (1993) Robust and adaptive supervisory control of discrete event systems. IEEE Trans Automt Control 38:1848–1852
Paoli A, Sartini M, Lafortune S (2011) Active fault tolerant control of discrete event systems using online diagnostics. Automatica 47:639–649
Ramadge PJ, Wonham WM (1989) The control of discrete event systems. Proc IEEE 77:81–98
Saboori A, Hadjicostis CN (2012) Opacity-enforcing supervisory strategies via state estimator constructions. IEEE Trans Autom Control 57:1155–1165
Saboori A, Zad SH (2006) Robust nonblocking supervisory control of discrete-event systems under partial observation. Syst Control Lett 55:839–848
Sánchez AM, Montoya FJ (2006) Safe supervisory control under observability failure. Discrete Event Dyn Syst Theory Appl 16:493–525
Sheyner O, Wing J (2004) Tools for generating and analyzing attack graphs. In: de Boer FS, Bonsangue MM, Graf S, de Roever WP (eds) Formal methods for components and objects: second international symposium, FMCO 2003, Leiden, The Netherlands, November 4–7, 2003. Revised Lectures, no. 3188 in Lecture Notes on Computer Science. Springer, Berlin, pp. 344–371
Shoukry Y, Tabuada P (2016) Event-triggered state observers for sparse noise/attacks. IEEE Trans Autom Control 61(8):2079–2091
Shu S, Lin F (2014) Fault-tolerant control for safety of discrete-event systems. IEEE Trans Autom Sci Eng 11:78–89
Takai S (2000) Robust supervisory control of a class of timed discrete event systems under partial observation. Syst Control Lett 39:267–273
Takai S, Oka Y (2008) A formula for the supremal controllable and opaque sublanguage arising in supervisory control. SICE J Control Meas Syst Integr 1:307–311
Teixeira A, Shames I, Sandberg H, Johansson KH (2015) A secure control framework for resource-limited adversaries. Automatica 51:135–148
Thorsley D, Teneketzis D (2006) Intrusion detection in controlled discrete event systems. In: Proceedings of the 45th conference on decision and control
Tsitsiklis JN (1989) On the control of discrete-event dynamical systems. Math Control Signals Syst 2:96–107
Ushio T, Takai S (2009) Supervisory control of discrete event systems modeled by Mealy automata with nondeterministic output functions. In: Proceedings of the 2009 American control conference
Ushio T, Takai S (2016) Nonblocking supervisory control of discrete event systems modeled by Mealy automata with nondeterministic output functions. IEEE Trans Autom Control 61(3):799–804
Whittaker SJ, Zulkernine M, Rudie K (2008) Toward incorporating discrete-event systems in secure software development. In: Proceedings of ARES’08
Wonham WM (2010) Supervisory control of discrete-event systems. http://www.se.wtb.tue.nl/_media/wonham/wonham_scdes2010.pdf. Accessed 1 Oct 2017
Wu YC, Lafortune S (2014) Synthesis of insertion functions for enforcement of opacity security properties. Automatica 50:1336–1348
Xu S, Kumar R (2009) Discrete event control under nondeterministic partial observation. In: Proceedings of IEEE CASE’09
Yin X (2017) Supervisor synthesis for Mealy automata with output functions: a model transformation approach. IEEE Trans Autom Control 62(5):2576–2581
Yoo TS, Lafortune S (2002) A general architecture for decentralized supervisory control of discrete-event systems. Discrete Event Dyn Syst Theory Appl 12:335–377
Author information
Authors and Affiliations
Corresponding author
Additional information
Submitted to Special Issue on Dynamic Games in Cyber Security. This work was supported by the JSPS KAKENHI Grant Number JP17K14699, the National Science Foundation Award No. 1705135, and the U.S. Office of Naval Research under MURI Grant No. N00014-16-1-2710.
Rights and permissions
About this article
Cite this article
Wakaiki, M., Tabuada, P. & Hespanha, J.P. Supervisory Control of Discrete-Event Systems Under Attacks. Dyn Games Appl 9, 965–983 (2019). https://doi.org/10.1007/s13235-018-0285-3
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13235-018-0285-3