This work addresses the security problem of protecting secrets in the framework of discrete event systems that are modeled by deterministic finite automata. We characterize a global secret that composes of one or multiple states, in which each state is assigned to a security level. A state is said to be protected if any event sequence from the initial state for reaching it contains the amount of protected events equal to or greater than the required security level. In addition, we assume that the protected event labels must be recovered within a bounded of consecutive protected events (called as K-protection). Our objective is to design a K-protection event policy such that the protected secret state pieces satisfy a predefined protection threshold. To this end, we first construct a security automaton that integrates the system state information and its current security level, and a K-protection automaton that lists all the possible protections of event sequences. Then by using the supervisor control theory technique, the valid protecting policy to enforce the security requirement is obtained. Finally, examples are used to illustrate the proposed protection method.
K-Protection of Global Secret in Discrete Event Systems Using Supervisor Control / Liu, R.; Duan, W.; Mangini, A. M.; Fanti, M. P.. - (2023), pp. 2832-2837. (Intervento presentato al convegno 2023 IEEE International Conference on Systems, Man, and Cybernetics, SMC 2023 tenutosi a usa nel 2023) [10.1109/SMC53992.2023.10394245].
K-Protection of Global Secret in Discrete Event Systems Using Supervisor Control
Liu R.;Mangini A. M.;Fanti M. P.
2023-01-01
Abstract
This work addresses the security problem of protecting secrets in the framework of discrete event systems that are modeled by deterministic finite automata. We characterize a global secret that composes of one or multiple states, in which each state is assigned to a security level. A state is said to be protected if any event sequence from the initial state for reaching it contains the amount of protected events equal to or greater than the required security level. In addition, we assume that the protected event labels must be recovered within a bounded of consecutive protected events (called as K-protection). Our objective is to design a K-protection event policy such that the protected secret state pieces satisfy a predefined protection threshold. To this end, we first construct a security automaton that integrates the system state information and its current security level, and a K-protection automaton that lists all the possible protections of event sequences. Then by using the supervisor control theory technique, the valid protecting policy to enforce the security requirement is obtained. Finally, examples are used to illustrate the proposed protection method.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
