Probabilistic system opacity in discrete event systems

In many emerging security applications, a system designer frequently needs to ensure that a certain property of a given system (that may reveal important details about the system’s operation) be kept secret (opaque) to outside observers (eavesdroppers). Motivated by such applications, several researchers have formalized, analyzed, and described methods to verify notions of opacity in discrete event systems of interest. This paper introduces and analyzes a notion of opacity in systems that can be modeled as probabilistic finite automata or hidden Markov models. We consider a setting where a user needs to choose a specific hidden Markov model (HMM) out of m possible (different) HMMs, but would like to “hide” the true system from eavesdroppers, by not allowing them to have an arbitrary level of confidence as to which system has been chosen. We describe necessary and sufficient conditions (that can be checked with polynomial complexity), under which the intruder cannot distinguish the true HMM, namely, the intruder cannot achieve a level of certainty about its decision, which is above a certain threshold that we can a priori compute.     

Polynomial-time verification of diagnosability of fuzzy discrete event systems

A fuzzy approach to perform diagnosis of fuzzy discrete event systems(FDESs)is proposed by constructing diagnosers,which may more effectively cope with the problems of vagueness and fuzziness arising from failure diagnosis of fuzzy systems.However,the complexity of constructing this kind of diagnosers is exponential in the state space and the number of fuzzy events of the system.In this paper,we present an algorithm for verifying the diagnosability of FDESs based on the construction of a nondeterministic automaton called F-verifier instead of diagnosers.Both the construction of F-verifiers and the verification of diagnosability of FDESs can be realized with a polynomial-time complexity.     

Verification of robust diagnosability for partially observed discrete event systems

In this paper, we study robust failure diagnosis of discrete event systems. Given a set of possible models, each of which has its own nonfailure specification, we consider the existence of a single diagnoser such that, for all possible models, it detects any occurrence of a failure within a uniformly bounded number of steps. We call such a diagnoser a robust diagnoser. We introduce a notion of robust diagnosability, and prove that it serves as a necessary and sufficient condition for the existence of a robust diagnoser. We then present an algorithm for verifying the robust diagnosability condition.     

A new algorithm for testing diagnosability of fuzzy discrete event systems

Failure diagnosis and detection of fuzzy discrete event systems play a significant role in the study of complex systems. In this paper, we investigate the diagnosability of fuzzy discrete event systems by proposing a new algorithm based on the concept of undistinguishable strings. Moreover, a necessary and sufficient condition for fuzzy diagnosability is obtained in terms of certain properties of the diagnoser, which is constructed with respect to the minimal observable event. The computing process to check the diagnosability of fuzzy DESs and some examples serving to illuminate the applications are developed and described.     

基于不确定观测下离散事件系统可诊断性的研究

在实际应用系统中,由于传感器故障、传感器限制和网络中的数据包丢失等原因,事件的可观测值变得不确定,使得观测系统行为变得尤为复杂。针对离散事件系统中,同个事件串可能有多个观测值以及不同状态下同个事件观测值也可能不同的问题,提出一种不确定观测下故障诊断验证的方法。首先对不确定观测的离散事件系统的可诊断性进行形式化,然后构建出用于上述故障诊断验证的验证器;基于验证器提出了系统基于不确定观测下可诊断的充要条件及验证算法;最后,实例说明不确定观测下故障诊断验证算法的应用。与现有研究相比,提出的方法对故障事件的观测值没有约束,可以为0个或多个观测值,使此方法应用的场景更为广泛。     

A necessary and sufficient condition for diagnosability of stochastic discrete event systems

Stochastic discrete event systems (SDES) are systems whose evolution is described by the occurrence of a sequence of events, where each event has a defined probability of occurring from each state. The diagnosability problem for SDES is the problem of determining the conditions under which occurrences of a fault can be detected in finite time with arbitrarily high probability. (IEEE Trans Autom Control 50(4):476–492 2005) proposed a class of SDES and proposed two definitions of stochastic diagnosability for SDES called A- and A A-diagnosability and reported a necessary and sufficient condition for A-diagnosability, but only a sufficient condition for A A-diagnosability. In this paper, we provide a condition that is both necessary and sufficient for determining whether or not an SDES is A A-diagnosable. We also show that verification of A A-diagnosability is equivalent to verification of the termination of the cumulative sum (CUSUM) procedure for hidden Markov models, and that, for a specific class of SDES called fault-immediate systems, the sequential probability ratio test (SPRT) minimizes the expected number of observable events required to distinguish between the normal and faulty modes.     

Current-state opacity enforcement in discrete event systems under incomparable observations

In this paper we tackle the opacity enforcement problem in discrete event systems using supervisory control theory. In particular, we consider the case where the intruder and the supervisor may observe different sets of events and neither of these sets needs to be contained in the other one. Moreover, there may be controllable events that cannot be observed by the supervisor. We propose a finite structure, called an augmented I-observer, to characterize the strings that will not leak the secret. Based on such a structure, a locally optimal supervisor enforcing current-state opacity is designed.     

Max-plus algebra in the history of discrete event systems

This paper is a survey of the history of max-plus algebra and its role in the field of discrete event systems during the last three decades. It is based on the perspective of the authors but it covers a large variety of topics, where max-plus algebra plays a key role.     

Overview of discrete event systems opacity: Models,validation, and quantification

Over the last decade, opacity of discrete event systems (DES) has become a very fertile field of research. Driven by safety and privacy concerns in network communications and online services, much theoretical work has been conducted in order to design opaque systems. A system is opaque if an external observer in unable to infer a “secret” about the system behavior. This paper aims to review the most commonly used techniques of opacity validation for deterministic models and opacity quantification for probabilistic ones. Available complexity results are also provided. Finally, we review existing tools for opacity validation and current applications.     

On controllability of discrete event systems in a behavioral framework

The purpose of this paper is to investigate the controllability and the achievability of discrete event systems within a behavioral framework. Based on the notion of Willems’ behavioral controllability [1, 2], we introduce a new concept related to the controllability of discrete event systems. By using the controllability proposed here and the notion related to achievable behaviors [3, 4], we show that the behavioral controllability for a given specification with respect to language is equivalent to the existence of a controller, so that an interconnected system satisfies the specification exactly. A proposed controller here is represented by the intersection of the behavior of a given plant and that of a given (controllable) specification. We also clarify that our controllers for a given specification fit the properties of well-known supervisory controllers proposed and developed by Ramadge and Wonham [5]. The text was submitted by the authors in English.     

离散事件系统N步稳定性分析

讨论基于自动机/形式语言模型的离散事件系统(DES)稳定性问题,引入了确定性离散事件系统N步稳定性定义,并得到了稳定性的判据定理,推导了具体的算法实现。该算法具有多项式复杂度。     

On controlling prioritized discrete event systems with real-time constraints

We study a class of prioritized Discrete Event Systems (DESs) that involve the control of resources allocated to tasks under real-time constraints. Our work is motivated by applications in communication systems, computing systems, and manufacturing systems where the objective is to minimize energy consumption while guaranteeing that task deadlines are always met. In the off-line setting, we discover several structural properties of the optimal sample path of such DESs. Using the structural properties, we also propose a greedy algorithm which is shown numerically near optimal. For on-line control, we design a Receding Horizon (RH) controller. Using worst-case estimation, the RH control is able to guarantee feasibility (when the off-line problem is feasible) and achieve good performance.     

On condition/event systems with discrete state realizations

This paper introduces condition/event (C/E) systems as a class of continuous-time discrete event dynamic systems (DEDS) with two types of discrete-valued input and output signals:condition signals andevent signals. In applications such as discrete control, C/E systems provide an intuitive continuous-time modeling framework amenable to block diagram representation. In this paper we consider C/E systems with discrete state realizations, and study the relationship between continuous-time C/E systems and untimed models of their sequential inputoutput behavior called C/E languages. We show that C/E systems with discrete state realizations are necessarilytime-change invariant (Theorem 3.1), which means the ensemble of admissible continuous-time input-output behaviors is completely characterized by the C/E language for the system (Theorem 4.1). It is also shown that deterministic C/E systems with discrete state realizations are necessarily discrete-time (clocked) systems (Corollary 3.1), and that finite discrete state realizations exist for a C/E system only if its related C/E language has a finite state generator (Theorem 4.2). Finally, we develop equivalent discrete-state realizations for C/E systems resulting from cascade and feedback interconnections. The paper concludes with a discussion of several directions for future research.Please direct correspondence concerning this paper to B.H. Krogh at the above address.     

Detectability in stochastic discrete event systems

A discrete event system possesses the property of detectability if it allows an observer to perfectly estimate the current state of the system after a finite number of observed symbols, i.e., detectability captures the ability of an observer to eventually perfectly estimate the system state. In this paper we analyze detectability in stochastic discrete event systems (SDES) that can be modeled as probabilistic finite automata. More specifically, we define the notion of A-detectability, which characterizes our ability to estimate the current state of a given SDES with increasing certainty as we observe more output symbols. The notion of A-detectability is differentiated from previous notions for detectability in SDES because it takes into account the probability of problematic observation sequences (that do not allow us to perfectly deduce the system state), whereas previous notions for detectability in SDES considered each observation sequence that can be generated by the underlying system. We discuss observer-based techniques that can be used to verify A-detectability, and provide associated necessary and sufficient conditions. We also prove that A-detectability is a PSPACE-hard problem.     

On tolerable and desirable behaviors in supervisory control of discrete event systems

We formulate and solve a new supervisory control problem for discrete event systems. The objective is to design a logical controller—or supervisor—such that the discrete event system satisfies a given set of requirements that involve event ordering. The controller must deal with a limited amount of controllability in the form of uncontrollable events. Our problem formulation considers that the requirements for the behavior (i.e., set of traces) of the controlled system are specified in terms of a desired behavior and a larger tolerated behavior. Due to the uncontrollable events, one may wish to tolerate behavior that sometimes exceeds the ideal desired behavior if overall this results in achieving more of the desired behavior. The general solution of our problem is completely characterized. The nonblocking solution is also analyzed in detail. This solution requires the study of a new class of controllable languages. Several results are proved about this class of languages. Algorithms to compute certain languages of interest within this class are also presented.Research supported in part by the National Science Foundation under grants ECS-8707671, ECS-9057967, and ECS-9008947.     

Detectability of networked discrete event systems

Detectability of discrete event systems, defined as the ability to determine the current and subsequent states, is very important in diagnosis, control, and many other applications. So far only detectability of non-networked discrete event systems has been defined and investigated. Non-networked discrete event systems assume that all the communications are reliable and instantaneous without any delays or losses. This assumption is often violated in networked systems. In this paper, we study detectability for networked discrete event systems. We investigate the impact of communication delays and losses on detectability. We define two classes of detectabilities: network detectability for determining the state of a networked discrete event systems and network D-detectability for distinguishing certain pairs of states of the systems. Necessary and sufficient conditions for network detectability and network D-detectability are derived. Methods to check network detectability and network D-detectability are also developed. Examples are given to illustrate the results.     

Diagnosability of fair discrete event systems

Failure diagnosability has been widely studied using discrete event system (DES) models. It is, however, shown in this work by means of a counterexample that the diagnosability condition, which has been shown to be necessary and sufficient in the DES context, fails to hold for many real‐world hybrid systems. This is because the abstraction employed in formulating the DES models obliterates the continuous dynamics. In the present work, a new failure diagnosability mechanism has been developed for discrete time hybrid system (DTHS) models to alleviate this problem. A new diagnosability condition is proposed and its necessity and sufficiency with respect to the diagnosability definition are established formally. Finally, the method of A‐diagnosability, which can also be used to circumvent this problem and which needs additional probabilistic information for diagnosability analysis, has been shown to have a higher computational complexity than the DTHS model based method proposed in this paper. Further, it is also highlighted that the DTHS model based diagnosability analysis technique is capable of diagnosing faults that degrade the temporal performance of the system, which cannot be handled by the A‐diagnosability analysis mechanism. Copyright © 2008 John Wiley and Sons Asia Pte Ltd and Chinese Automatic Control Society     

Observability of discrete event dynamic systems

A finite state automaton is adopted as a model for discrete event dynamic systems (DEDS). Observations are assumed to be a subset of the event alphabet. Observability is defined as having perfect knowledge of the current state at points in time separated by bounded numbers of transitions. A polynomial test for observability is given. It is shown that an observer may be constructed and implemented in polynomial time and space. A bound on the cardinality of the observer state space is also presented. A notion of resiliency is defined for observers, and a test for resilient observability and a procedure for the construction of a resilient observer are presented     

The predictability of discrete event systems

Perturbation analysis and the automaton and language model are approaches developed recently for the study of discrete-event systems (DESs). The prediction of a trajectory of a new system is the essential idea of perturbation analysis. The automaton theory models a trajectory of a DES by a string in a particular language. The author formulates the trajectory prediction as a projection of a string onto a language. A sufficient condition is found for one language to be predictable from another language. Examples are given to show the application of this concept