Property:Abstract

Opacity is an information flow property characterizing whether a system reveals its secret to a passive observer. Several notions of opacity have been introduced in the literature. We study the notions of language-based opacity, current-state opacity, initial-state opacity, initial-and-final-state opacity, K-step opacity, and infinite-step opacity. Comparing the notions is a natural question that has been investigated and summarized by Wu and Lafortune, who provided transformations among current-state opacity, initial-and-final-state opacity, and language-based opacity, and, for prefix-closed languages, also between language-based opacity and initial-state opacity. We extend these results by showing that all the discussed notions of opacity are transformable to each other. Besides a deeper insight into the differences among the notions, the transformations have applications in complexity results. In particular, the transformations are computable in polynomial time and preserve the number of observable events and determinism, and hence the computational complexities of the verification of the notions coincide. We provide a complete and improved complexity picture of the verification of the discussed notions of opacity, and improve the algorithmic complexity of deciding language-based opacity, infinite-step opacity, and K-step opacity.  +

Opacity is an information flow property characterizing whether a system reveals its secret to a passive observer. Several notions of opacity have been introduced in the literature. We study the notions of language-based opacity, current-state opacity, initial-state opacity, initial-and-final-state opacity, K-step opacity, and infinite-step opacity. Comparing the notions is a natural question that has been investigated and summarized by Wu and Lafortune, who provided transformations among current-state opacity, initial-and-final-state opacity, and language-based opacity, and, for prefix-closed languages, also between language-based opacity and initial-state opacity. We extend these results by showing that all the discussed notions of opacity are transformable to each other. Besides a deeper insight into the differences among the notions, the transformations have applications in complexity results. In particular, the transformations are computable in polynomial time and preserve the number of observable events and determinism, and hence the computational complexities of the verification of the notions coincide. We provide a complete and improved complexity picture of the verification of the discussed notions of opacity, and improve the algorithmic complexity of deciding language-based opacity, infinite-step opacity, and K-step opacity.  +

Opacity is an information flow property characterizing whether a system reveals its secret to a passive observer. Several notions of opacity have been introduced in the literature. We study the notions of language-based opacity, current-state opacity, initial-state opacity, initial-and-final-state opacity, K-step opacity, and infinite-step opacity. Comparing the notions is a natural question that has been investigated and summarized by Wu and Lafortune, who provided transformations among current-state opacity, initial-and-final-state opacity, and language-based opacity, and, for prefix-closed languages, also between language-based opacity and initial-state opacity. We extend these results by showing that all the discussed notions of opacity are transformable to each other. Besides a deeper insight into the differences among the notions, the transformations have applications in complexity results. In particular, the transformations are computable in polynomial time and preserve the number of observable events and determinism, and hence the computational complexities of the verification of the notions coincide. We provide a complete and improved complexity picture of the verification of the discussed notions of opacity, and improve the algorithmic complexity of deciding language-based opacity, infinite-step opacity, and K-step opacity.  +

Open, irreversible, dynamically routed, zone-controlled guidepath-based transport systems model the operation of many automated unit-load material handling systems that are used in various production and distribution facilities. An important requirement for these systems is to preserve the system liveness – i.e., the ability of each system agent to reach any location of the underlying guidepath network – by blocking those traffic states that will result in deadlock and/or livelock. The remaining set of traffic states are characterized as “live”. The worst-case computational complexity of the decision problem of assessing the state liveness in the considered class of transport systems is an open issue. This work capitalizes upon some recent developments on the problem of assessing state liveness in the considered transport systems in order to provide a novel algorithm for this problem. The worst-case computational complexity of this algorithm is not polynomially bounded with respect to the size of the underlying transport system, but the empirical complexity of the algorithm is expected to be very benign for the reasons that are explained in the paper.  +

Conditions preserving observability of specifications between the plant and its abstraction are essential for hierarchical supervisory control of discrete-event systems under partial observation. Observation consistency and local observation consistency were identified as such conditions. To preserve normality, only observation consistency is required. Although observation consistency preserves normality between the levels for normal specifications, for specifications that are not normal, observation consistency is insufficient to guarantee that the supremal normal sublanguage computed on the low level and on the high level coincide. We define modified observation consistency, under which the supremal normal sublanguages of different levels coincide. We show that the verification of (modified) observation consistency is PSPACE-hard for finite automata and undecidable for slightly more expressive models than finite automata. Decidability of (modified) observation consistency is an open problem. Hence we further discuss two stronger conditions that are easy to verify. Finally, we illustrate the conditions on an example of a railroad controller and on a case study of a part of an MRI scanner.  +

In this paper we will show that safe timed Petri nets (TPNs) with preselection semantics can be represented by deterministic two-level (max,+) automata (2l-MPA). In 2lMPA, the outer dynamics, corresponding to the evolution of component clocks, is represented by deterministic Mealy automata with vector-valued outputs from (max,+) semiring. The outer dynamics is then adjusted by inner dynamics corresponding to synchronizations, which are implemented through scalar-like multiplication of the coefficients by symmetric Boolean matrices. These Boolean matrices encode synchronization among the state machines components. The previous approaches encoded either safe TPNs under preselection policy as nondeterministic (max,+) automata, or TPNs under (more restrictive) race policy as deterministic (max,+) automata.  +

We investigate modular supervisory control of discrete-event systems composed of several groups of components, where each group consists of similar modules. Because of the similar structures of the modules, such systems can be represented as a set of (group) templates. Supervisory control can then be performed on these templates, resulting in a set of template supervisors. We propose a modular approach to construct the template supervisors based on the local computation of supremal symmetric sublanguages and on the concept of conditional decomposability. The supremal symmetric sublanguage of a decomposable language turns out to be decomposable, and can thus be computed locally. It is proven that the local supervisors of the components of a group are similar and can thus be obtained by a symmetry map from the template supervisor of the group.  +

Opacity is an information flow property characterizing whether a system reveals its secret to an intruder. Verification of opacity for discrete-event systems modeled by automata is in general a hard problem. We discuss the question whether there are structural restrictions on the system models for which the opacity verification is tractable. We consider two kinds of automata models: (i) acyclic automata, and (ii) automata where all cycles are only in the form of self-loops. In some sense, these models are the simplest models of (deadlock-free) systems. Although the expressivity of such systems is weaker than the expressivity of linear temporal logic, we show that the opacity verification for these systems is still hard.  +

pacity is a property asking whether a system may reveal its secret to a passive observer who knows the structure of the system but has only limited observations of its behavior. Several notions of opacity have been studied. Similarities among the opacity notions have been investigated via transformations, which have many potential applications. We investigate K-step opacity (K-SO), a notion that generalizes both current-state opacity and infinite-step opacity, and asks whether the intruder cannot decide, at any instant, whether or when the system was in a secret state during the last K observable steps. We provide new polynomial-time transformations among K-SO and other opacity notions. Our results lead, among others, to the general solution of an open problem concerning the computational complexity of the verification of K-SO.  +

Detectability is a state-estimation property asking whether the current and subsequent states of a system can be determined based on observations. To exactly determine the current and subsequent states may be, however, too strict in some applications. Therefore, Shu and Lin relaxed detectability to D-detectability distinguishing only certain pairs of states rather than all states. Four variants of D-detectability were defined: strong (periodic) D-detectability and weak (periodic) D-detectability. Deciding weak (periodic) D-detectability is PSpace-complete, while deciding strong (periodic) detectability or strong D-detectability is polynomial, and we show that it is NL-complete. To the best of our knowledge, it is an open problem whether there exists a polynomial-time algorithm deciding strong periodic D-detectability. We show that deciding strong periodic D-detectability is a PSpace-complete problem, which means that there is no polynomial-time algorithm, unless every problem solvable in polynomial space can be solved in polynomial time. We further show that there is no polynomial-time algorithm even for systems with a single observable event, unless P = NP. Finally, we propose a class of systems for which the problem is tractable.  +

Detectability has been introduced as a generalization of state-estimation properties of discrete event systems studied in the literature. It asks whether the current and subsequent states of a system can be determined based on observations. Since, in some applications, to exactly determine the current and subsequent states may be too strict, a relaxed notion of D-detectability has been introduced, distinguishing only certain pairs of states rather than all states. Four variants of D-detectability have been defined: strong (periodic) D-detectability and weak (periodic) D-detectability. Deciding weak (periodic) D-detectability is PSpace-complete, while deciding strong (periodic) detectability or strong D-detectability is polynomial (and we show that it is actually NL-complete). However, to the best of our knowledge, it is an open problem whether there exists a polynomial-time algorithm deciding strong periodic D-detectability. We solve this problem by showing that deciding strong periodic D-detectability is a PSpace-complete problem, and hence there is no polynomial-time algorithm unless PSpace = P. We further show that there is no polynomial-time algorithm deciding strong periodic D-detectability even for systems with a single observable event, unless P = NP. Finally, we propose a class of systems for which the problem is tractable.  +

Opacity is an important property asking whether a passive observer (an intruder), who knows the structure of the system but has only a limited observation of its behavior, may reveal the secret of the system. Several notions of opacity have been studied in the literature, including current-state opacity, k-step opacity, and infinite-step opacity. We investigate weak and strong k-step opacity, the notions that generalize both current-state opacity and infinite-step opacity, and ask whether the intruder is not able to decide, at any instant, when respectively whether the system was in a secret state during the last k observable steps. We design a new algorithm to verify weak k-step opacity, the complexity of which is lower than that of existing algorithms and that does not depend on the parameter k. Then, we show how to use this algorithm to verify strong k-step opacity by reducing the verification of strong k-step opacity to the verification of weak k-step opacity. The complexity of the resulting approach is again better than that of existing algorithms, and does not depend on the parameter k.  +

Partially ordered automata are automata where the transition relation induces a partial order on states. The expressive power of partially ordered automata is closely related to the expressivity of fragments of first-order logic on finite words or, equivalently, to the language classes of the levels of the Straubing-Thérien hierarchy. Several fragments (levels) have been intensively investigated under various names. For instance, the fragment of first-order formulae with a single existential block of quantifiers in prenex normal form is known as piecewise testable languages or J-trivial languages. These languages are characterized by confluent partially ordered DFAs or by complete, confluent, and self-loop-deterministic partially ordered NFAs (ptNFAs for short). In this paper, we study the complexity of basic questions for several types of partially ordered automata on finite words; namely, the questions of inclusion, equivalence, and (k-)piecewise testability. The lower-bound complexity boils down to the complexity of universality. The universality problem asks whether a system recognizes all words over its alphabet. For ptNFAs, the complexity of universality decreases if the alphabet is fixed, but it is open if the alphabet may grow with the number of states. We show that deciding universality for general ptNFAs is as hard as for general NFAs. Our proof is a novel and nontrivial extension of our recent construction for self-loop-deterministic partially ordered NFAs, a model strictly more expressive than ptNFAs. We provide a comprehensive picture of the complexities of the problems of inclusion, equivalence, and (k-)piecewise testability for the considered types of automata.  +

Zone-controlled guidepath-based transport systems is a modeling abstraction representing the traffic dynamics of a set of agents circulating in a constricted medium. An important problem for the traffic coordinator of these systems is to preserve liveness, that is, the ability of each agent to successfully complete its current trip and to be engaged in similar trips in the future. We present a polynomial-time algorithm for enforcing liveness in a class of these systems, in a maximally permissive manner. Our result is surprising and applicable in the traffic control of various unit-load material handling systems and other robotic applications.  +

Opacity is a property of privacy and security applications asking whether, given a system model, a passive intruder that makes online observations of system’s behaviour can ascertain some "secret" information of the system. Deciding opacity is a PSpace-complete problem, and hence there are no polynomial-time algorithms to verify opacity under the assumption that PSpace differs from PTime. This assumption, however, gives rise to a question whether the existing exponential-time algorithms are the best possible or whether there are faster, sub-exponential-time algorithms. We show that under the (Strong) Exponential Time Hypothesis, there are no algorithms that would be significantly faster than the existing algorithms. As a by-product, we obtained a new conditional lower bound on the time complexity of deciding universality (and therefore also inclusion and equivalence) for nondeterministic finite automata.  +

Complex systems are often composed of many small communicating components called modules. We investigate the synthesis of supervisory controllers for modular systems under partial observation that, as the closed-loop system, realize the supremal normal sublanguage of the specification. Such controllers are called maximally permissive normal supervisors. The challenge in modular systems is to find conditions under which the global nonblocking and maximally permissive normal supervisor can be achieved locally as the parallel composition of local normal supervisors. We show that a structural concept of hierarchical supervisory control called modified observation consistency (MOC) is such a condition.However, the algorithmic verification of MOC is an open problem, and therefore it is necessary to find easily-verifiable conditions that ensure MOC. We show that the condition that all shared events are observable is such a condition.Considering specifications, we examine both local specifications, where each module has its own specification, and global specifications.Combining our results for normality with the existing results for controllability yields the local synthesis of the nonblocking and maximally permissive controllable and normal supervisor. Finally, we illustrate the results on an industrial case study of the patient table of an MRI scanner.  +

Opacity is an important system-theoretic property expressing whether a system may reveal its secret to a passive observer (an intruder) who knows the structure of the system but has only limited observations of its behavior. Several notions of opacity have been discussed in the literature, including current-state opacity, k-step opacity, and infinite-step opacity. We investigate weak and strong k-step opacity, the notions that generalize both current-state opacity and infinite-step opacity, and ask whether the intruder is not able to decide, at any time instant, when respectively whether the system was in a secret state during the last k observable steps. We design a new algorithm verifying weak k-step opacity, the complexity of which is lower than the complexity of existing algorithms and does not depend on the parameter k, and show how to use it to verify strong k-step opacity by reducing strong k-step opacity to weak k-step opacity. The complexity of the resulting algorithm is again better than the complexity of existing algorithms and does not depend on the parameter k.  +

P-time event graphs (P-TEGs) are event graphs where the residence time of tokens in places is bounded by specified time windows. In this paper, we define a new property of PTEGs, called weak consistency. In weakly consistent P-TEGs, the amount of times a transition can fire before the first violation of a time constraint can be made as large as desired. We show the practical implications of this property and, based on previous results in graph theory, we formulate an algorithm of strongly polynomial time complexity that verifies it. From this algorithm, it is possible to determine, in pseudo-polynomial time, the maximum number of firings before the first constraint violation in a P-TEG.  +