In this paper, we focus on the synthesis of secure timed systems which are modelled as timed automata. The security property that the system must satisfy is a non-interference property. Intuitively, non-interference ensures the absence of any causal dependency from a high-level domain to a lower-level domain. Various notions of non-interference have been defined in the literature, and in this paper we focus on Strong Non-deterministic Non-Interference (SNNI) and two (bi)simulation based variants thereof (CSNNI and BSNNI). We consider timed non-interference properties for timed systems specified by timed automata and we study the two following problems: (1) check whether it is possible to find a sub-system so that it is non-interferent; if yes (2) compute a (largest) sub-system which is non-interferent.Security Predicate (BSP) is presented but the synthesis problem is not addressed. Recently supervisory control for opacity property has been studied in [11], [12], [13] in the untimed setting. Opacity is undecidable for timed systems [14] and thus the associated control problem is undecidable as well. In [15] the controller synthesis problem for non-interference properties is addressed for untimed systems. In [16], supervisory control to enforce Intransitive non-interference for three level security systems is proposed in the untimed setting.The non-interference synthesis problem for dense-time systems specified by timed automata was first considered in [17]. The non-interference property considered in [17] is the state non-interference property, which is less demanding than the one we consider here. This paper extends the results of [18] about SNNI control problems for timed systems: Section V addresses the SNNI control problem for timed systems and is a detailed presentation of the result of [18] with proofs of the theorems that were unpublished. Sections III and IV are new and the latter provides a new result, Theorem 2. Section VI addresses the CSNNI and BSNNI control problems for timed systems and also contains new results: Theorems 9, 10, 11 and Propositions 4 and 5.Our Contribution. In this paper, we first exhibit a class dTA of timed automata for which the SNNI verification problem is decidable. The other main results are: (1) we prove that deciding whether there is a controller C for a timed automaton A such that (s.t. in the following) C(A) is SNNI, is decidable for the previous class dTA;(2) we reduce the SNNI controller synthesis problem to solving a sequence of safety timed games; (3) we show that there is not always a most permissive controller for CSNNI and BSNNI; (4) we prove that the control problem for CSNNI is decidable for the class dTA and that the CSNNI controller synthesis problem for dTA reduces to the SNNI controller synthesis problem. We also give the theoretical complexities of these problems. Organization of the paper. Section II recalls the basics of timed automata, timed languages and some results on safety timed games. Section III gives the definition of the non-interference propertie...
We investigate how two agents can communicate through a noisy medium modeled as a finite non deterministic transducer. The sender and the receiver are also described by finite transducers which can respectively encode and decode binary messages. When the communication is reliable, we call the encoder/decoder pair a channel. We study the channel synthesis problem which, given a transducer, asks whether or not such sender and receiver exist and builds them if the answer is positive. To that effect we introduce the structural notion of encoding state in a transducer which is a necessary condition for the existence of a channel. It is not, however, a sufficient condition. In fact, we prove that the problem is undecidable. Nonetheless, we obtain a synthesis procedure when the transducer is functional. We discuss these results in relation to security properties.
In this paper, we focus on the synthesis of secure timed systems which are given by timed automata. The security property that the system must satisfy is a non-interference property. Various notions of non-interference have been defined in the literature, and in this paper we focus on Strong Non-deterministic Non-Interference (SNNI) and we study the two following problems: (1) check whether it is possible to enforce a system to be SNNI; if yes (2) compute a subsystem which is SNNI.In this paper, we consider the problem of synthesizing non-interferent timed systems. In contrast to verification, the non-interference synthesis problem assumes the system is open i.e., we can restrict the behaviors of S: some events, in a particular set Σ c , of S can be disabled. The non-interference control problem for a system S asks the following: "Is there a controller C s.t. C(S) is non-interferent?" The associated non-interference controller synthesis problem asks to compute a witness mapping C.Related Work. In [4] the authors consider the complexity of many non-interference verification problems but synthesis is not addressed. In [5] an exponential time decision procedure for checking whether a finite state system satisfies a given Basic Security Predicate (BSP) is presented but the synthesis problem is not addressed. There is also a large body of work on the use of static analysis techniques to enforce information flow policies. A general overview can be found in [6]. The non-interference synthesis problem was first considered in [7] for dense-time systems specified by timed automata. The non-interference property considered in [7] is the state non-interference property, which is less demanding than the one we consider here.This paper is a follow-up of our previous work [8] about non-interference control problems for untimed systems. In [8], we assumed that the security domains coincided with the controllable and uncontrollable actions: high-level actions (Σ h ) could be disabled (Σ c = Σ h ) whereas low-level actions (Σ l ) could not. We studied the synthesis problems for SNNI and BSNNI and proved they are decidable. In the present paper we extend the previous work in two directions: (1) we release the constraint Σ c = Σ h and (2) consider the synthesis problem for timed automata. Nevertheless we restrict the class of non-interference properties to SNNI.The motivations for this work are manyfold. Releasing Σ c = Σ h is interesting in practice because it enables one to specify that an action from Σ h cannot be disabled (a service must be given), while some actions of Σ l can be disabled. We can view actions of Σ l as capabilities of the low-level user (e.g., pressing a button), and it thus makes sense to prevent the user from using the button for instance by disabling/hiding it temporarily.It is also of theoretical interest, because this non-interference synthesis problem is really more difficult than the corresponding verification problem in the sense that we can reduce the SNNI verification problem to a particular instance ...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
Contact Info
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Product
Resources
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Copyright © 2025 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.
