Towards Incorporating Discrete-Event Systems in Secure Software Development

Whittaker, Sarah-Jane; Zulkernine, Mohammad; Rudie, Karen

doi:10.1109/ares.2008.70

Cited by 3 publications

(4 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several aspects of security have also been considered in the DES literature, including the stealthy deception attacks in [1,22] that aim at injecting false information without being detected by the controller; or the opacity of DESs in [21,5,14,29] and references there in, whose goal is to keep the system's secret behavior uncertain to outsiders. Intrusion detection in the DES framework has been investigated in [23,27,8], with the goal of guaranteeing the confidentiality and integrity of DESs.…”

Section: Corrupted String (May Be An Empty String) Observa9on String ...mentioning

confidence: 99%

Supervisory Control of Discrete-Event Systems Under Attacks

2018

View full text Add to dashboard Cite

We consider a multi-adversary version of the supervisory control problem for discrete-event systems, in which an adversary corrupts the observations available to the supervisor. The supervisor's goal is to enforce a specific language in spite of the opponent's actions and without knowing which adversary it is playing against. This problem is motivated by applications to computer security in which a cyber defense system must make decisions based on reports from sensors that may have been tampered with by an attacker. We start by showing that the problem has a solution if and only if the desired language is controllable (in the Discrete event system classical sense) and observable in a (novel) sense that takes the adversaries into account. For the particular case of attacks that insert symbols into or remove symbols from the sequence of sensor outputs, we show that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered.Discrete event systems (DESs) are non-deterministic transition systems defined over a typically finite statespace. The DESs supervisory control problem refers to the design of a feedback controller -called a supervisor -that restricts the set of possible sequences of transitions (typically represented by strings over an alphabet of transitions) to a desired set K. The supervisor's task is complicated by the fact that (i) only a subset of transitions can be inhibited (the so called "controllable" transitions) and (ii) the supervisor only has partial information about the state of the system, which it gathers by observing a string of "output symbols." This basic problem is motivated by a wide range of applications that include manufacturing systems, chemical batch plants, power grids, transportation systems, database management, communication protocols, logistics, and computer security. The latter is the key motivating application for the work reported here.

show abstract

Section: Corrupted String (May Be An Empty String) Observa9on String ...mentioning

confidence: 99%

Supervisory Control of Discrete-Event Systems Under Attacks

2018

View full text Add to dashboard Cite

show abstract

“…Following that, a state estimator called a diagnoser (or detector, if only detection of failure is required) is designed which observes sequences of events generated by the system to decide whether the states through which the system traverses correspond to the normal or faulty DES model. This idea has been used to develop host based IDS [14,15], where a sequence of system calls under normal conditions comprises the normal model and the sequence under compromised conditions comprises the failure (attack) model. So, the DES detector acts as the host IDS.…”

Section: Introductionmentioning

confidence: 99%

“…Design of such an IDS requires certain extensions over the (classical) theory [13] and techniques which have been used in [14][15][16]. The basic motivations and the extensions are enumerated below:…”

Section: Introductionmentioning

confidence: 99%