Strong current-state and initial-state opacity of discrete-event systems
Opacity, as an important property in information-flow security, characterizes the ability of a system to keep some secret information from an intruder. In discrete-event systems, based on a standard setting in which an intruder has the complete knowledge of the system's structure, the standard versions of current-state opacity and initial-state opacity cannot perfectly characterize high-level privacy requirements. To overcome such a limitation, in this paper we propose two stronger versions of opacity in partially-observed discrete-event systems, called strong current-state opacity and strong initial-state opacity. Strong current-state opacity describes that an intruder never makes for sure whether a system is in a secret state at the current time, that is, if a system satisfies this property, then for each run of the system ended by a secret state, there exists a non-secret run whose observation is the same as that of the previous run. Strong initial-state opacity captures that the visit of a secret state at the initial time cannot be inferred by an intruder at any instant. Specifically, a system is said to be strongly initial-state opaque if for each run starting from a secret state, there exists a non-secret run of the system that has the same observation as the previous run has. To verify these two properties, we propose two information structures using a novel concurrent-composition technique, which has exponential-time complexity O(|X|^4|Σ_o||Σ_uo||Σ|2^|X|), where |X| (resp., |Σ|, |Σ_o|, |Σ_uo|) is the number of states (resp., events, observable events, unobservable events) of a system.
READ FULL TEXT