Ning Ran,Shouguang Wang,Hongye Su,Chengying Wang

DOI: https://doi.org/10.1093/imamci/dnv059

2017-01-01

IMA Journal of Mathematical Control and Information

Abstract:It is important to solve the forbidden state problem in discrete event systems modelled by Petri nets with unobservable transitions. This paper studies the structurally optimal transformation for a class of Petri nets whose unobservable influence subnets are alpha nets. First, the concepts of an unobservable influence subnet, an A-path, an A-circuit and an a net are alpha defined, and some of their properties are proposed. Next, a method is proposed to transform a given generalized mutual exclusion constraint into a structurally optimal one that can be enforced directly on the net in the form of monitor-based supervisors. It has high-computational efficiency since it is of polynomial complexity with respect to the net size. Finally, an example is used to illustrate the application of the proposed method.

Jiliang Luo,Weimin Wu,Hongye Su,Jian Chu

2006-01-01

Abstract:This paper addresses supervisor synthesis for discrete event systems modeled by controlled Petri nets. The considered control problem is to enforce a conjunction of generalized mutual exclusion constraint-, on a controlled Petri net where the influence uncontrollable subnets are joint-free nets. The properties of jointfree nets are proposed. The necessary and sufficient condition of the existence of the maximally permissive (optimal) supervisor is then obtained utilizing these properties. Furthermore, an algorithm is proposed to design the optimal supervisor with a complexity of polynomial times. The theoretic results are illustrated by an example of synthesizing the optimal supervisor for a manufacturing system.

Y Ru,WM Wu,HY Su,J Chu

DOI: https://doi.org/10.23919/acc.2004.1384018

2004-01-01

Abstract:This paper addresses the supervisor synthesis on the forbidden state problem, in which the forbidden markings cannot be easily expressed as linear inequality constraints using reported methods. The system to be controlled is modelled by bounded Petri nets with uncontrollable transitions. Through the analysis of the reverse net, we obtain the weakly forbidden markings in order to deal with uncontrollable transitions. By introducing a transformation function, which facilitates not only tracking the system state but also determining the control pattern, we propose a synthesis method to obtain the maximally permissive supervisor. The method need not analyze the reachability graph and the online computation has the complexity of polynomial times. In addition, for a special class of generalized Petri nets called the input dominant Petri nets, the synthesis method can be applied conveniently, as illustrated by an example in the reported literature.

Jiliang Luo,Weimin Wu,Hongye Su,Jian Chu

DOI: https://doi.org/10.1109/acc.2006.1657373

2009-01-01

Chinese Journal of Computers

Abstract:This paper describes a method for synthesizing an optimal supervisor for a controlled Petri net. The considered class of control problems is to enforce a conjunction of general mutual exclusion constraints (GMEC) on a controlled Petri net, in which the influence uncontrollable subnets are forward synchronization and backward conflict free (FSBCF) nets. An FSBCF net is an ordinary Petri net in which each transition has exactly one input place, and each place has exactly one output transition. Its properties are given. Based on these properties, the criterion of the admissible markings is obtained in the form of a conjunction of linear inequalities. Then it is utilized to obtain the necessary and sufficient condition of the existence of the supervisor, and to construct the method to synthesize the optimal supervisor. Note that the supervisor can be online computed within polynomial times. The theoretical results are illustrated by the synthesis of the output-port controllers (OPC) of an asynchronous transfer mode (ATM) switch

Ning Ran,Hongye Su,Weimin Wu,Shouguang Wang,Huixia Liu

DOI: https://doi.org/10.1109/ICNSC.2015.7116087

2015-01-01

Abstract:This paper deals with constraint transformation problems in a system with unobservable events, which is modeled by Petri nets with unobservable transitions. First, the concept of an unobservable influence subnet is presented and its properties are studied. Next, based on the properties, an algorithm is proposed to transform a given generalized mutual exclusion constraint (GMEC) into an optimal admissible one that can be enforced directly on the net in the form of monitor-based supervisor. The proposed algorithm has high computational efficiency at the expense of application scope. Finally, an example is used to illustrate the application of the proposed method.

Jiliang Luo,Weimin Wu,Hongye Su,Jian Chu

DOI: https://doi.org/10.1109/tsmca.2009.2027111

2009-01-01

Abstract:The considered class of generalized mutual exclusion constraints (GMECs) on a controlled Petri net are such that the influence-uncontrollable subnets are forward-concurrent-free nets. Some structural properties of forward-concurrent-free nets are firstly proposed. Utilizing these properties, a method is then proposed to transform a given conjunction of GMECs into a conjunction of admissible GMECs. Furthermore, the necessary and sufficient condition of the existence of the permissive supervisor is obtained, and the optimal supervisor with a complexity of polynomial time is designed. The theoretic results are illustrated by an example that synthesizes a maximally permissive supervisor for a manufacturing system.

Weimin Wu,Hongye Su,Jian Chu,Haifeng Zhai

DOI: https://doi.org/10.1109/ICSMC.2001.973509

2001-01-01

Abstract:The previous work of Boel et al. (1996) on the forbidden state problem for the class of discrete event systems modeled by controlled state graph is extended in this paper. The class of Petri nets we consider is a generalized net in which the weight of the arcs may exceed 1. Furthermore, the limit to the output places number of a transition in the net is removed and consequently the Petri net is capable of firing more than one process simultaneously. Based on the calculation of weakly forbidden conditions, the maximally permissive supervisor is obtained

Ji-liang LUO,Wei-min WU,Li-da DONG,Hong-ye SU,Jian CHU

DOI: https://doi.org/10.3969/j.issn.1000-8152.2007.04.020

2007-01-01

Abstract:The forward-synchronization and forward-conflict free (FSFCF) net is a class of Petri nets in which each transition has exactly one input place and each place has at most one input transition. For a class of control problems where the control specification is a general mutual exclusion constraint and the uncontrollable influencing subnet is an FSFCF net, an expression is given to calculate the maximally permissible control policy. An example illustrates the theoretical results.

weimin wu,hongye su,jian chu,haifeng zhai

DOI: https://doi.org/10.3182/20020721-6-es-1901.00526

2002-01-01

IFAC Proceedings Volumes

Abstract:Abstract This paper proposes a new control synthesis method for a class of discrete event systems modeled by controlled ordinary Petri nets with linear marking constraint. Monitor is constructed to track the system state resulted from the uncontrollable firing sequences. The maximally permissive feedback control policy then can be obtained based on the making of the monitor. No non-convex constraint transformation is introduced in the design procedure. The method is capable of synthesizing a class of net that cannot be treated using previous methods due to some necessary restrictions.

王肖,董利达,吴维敏

DOI: https://doi.org/10.3969/j.issn.1001-7119.2004.04.001

2004-01-01

Abstract:DES's ctrl-PN supervisors can be categoried into logic supervisors and structural supervisors in terms of their implementational method. Many researchers preferred structural supervisors as their fast executions of control actions and having integrated description of supervisory plus controlled plant. It is difficult using a structural supervisor to enforce OR-logic linear state constraints because the specification may form non-convex state space. In this paper, the authors first review the origination and signification of OR-logic specification synthesis problem, then introduce three mainstream synthesis methods and analyzes their virtues and shortcomings. In the end, some predictive research directions are presented.

LUO Ji-liang,YUAN Jian-rong,WU Wei-min,SU Hong-ye,WANG Xiao,CHU Jian

DOI: https://doi.org/10.3321/j.issn:1001-0920.2006.06.014

2006-01-01

Abstract:A method is proposed to construct the maximally permissive supervisor to enforce the generalized mutual exclusion constraint(GMEC) on Petri nets,which has the property that for a forbidden place with positive weight,its influencing subnet is a state machine,and for a forbidden place with negative weight,its input and output transitions have at most one input place.A necessary and sufficient condition for the existence of supervisor is obtained.A constraint equivalent transformation method is then constructed to reduce the supervisory control problem of a net with uncontrollable transitions to what is as easy as the control problem without any uncontrollable transitions.An example is provided to illustrate the results.

Yu Ru,Weimin Wu,Hongye Su,Jian Chu

DOI: https://doi.org/10.1109/wcica.2004.1340774

2004-01-01

Abstract:Due to the introduction of uncontrollable transitions in the supervisory control of discrete event systems modeled by controlled Petri nets, a disjunction of several linear inequalities is needed to express the admissible markings. In this paper, we propose a two level hierarchical control synthesis method to deal with this kind of OR logic constraints. In the method, the constraint function plays an important role not only in the construction of the low level monitor but also in the determination of the control policy. The obtained supervisor is maximally permissive and the online computation has the complexity of polynomial times. An example is used to illustrate the proposed synthesis algorithm.

Yu Ru,Weimin Wu,Hongye Su,Jian Chu

DOI: https://doi.org/10.1109/ICSMC.2004.1399871

2004-01-01

Abstract:This paper addresses the forbidden state problem in which the forbidden marking set can be a set of arbitrary markings, together with deadlock-free specification. The system is modelled by bounded Petri nets, which may contain uncontrollable transitions. Through efficient reverse net analysis, we obtain not only the weakly forbidden markings but also the state feedback control policy. Then we propose a deadlock processing algorithm to deal with deadlocks caused by control. Finally a deadlock-free supervisor expressed as a table is obtained.

Yihui Hu,Ziyue Ma,Ruotian Liu,Maria Pia Fanti,Zhiwu Li

DOI: https://doi.org/10.1109/tsmc.2024.3422925

2024-09-21

IEEE Transactions on Systems Man and Cybernetics Systems

Abstract:This research focuses on the forbidden state problem in the framework of labeled Petri nets (LPNs), i.e., to design a supervisor for a plant modeled by an LPN such that the closed-loop system cannot reach a set of predefined forbidden markings and does not contain any deadlock. Different from the traditional control scheme, the supervisor derived by this work can not only observe the observable transitions, but also the quiescence information. First, a new structure named an extended basis reachability graph (EBRG) is introduced to describe the reachability space of an LPN without computing all reachable markings. Based on an EBRG, a basis observer is then excogitated to represent the behavior of an LPN. Some states in the basis observer are defined as bad states and control-induced deadlocks, which relates to the undesirable behavior of the plant. Finally, an algorithm is introduced to compute a supervisor based on the basis observer. The consideration of system quiescence provides extra information on the marking estimation of the closed-loop system such that certain disabled transitions are re-enabled. Consequently, the developed supervisor in this article is generally more permissive than those do not observe the quiescence.

automation & control systems,computer science, cybernetics

Yifan Xie,Xiang Yin,Shaoyuan Li

DOI: https://doi.org/10.48550/arXiv.2102.01402

2021-02-02

Abstract:In this paper, we investigate both qualitative and quantitative synthesis of optimal privacy-enforcing supervisors for partially-observed discrete-event systems. We consider a dynamic system whose information-flow is partially available to an intruder, which is modeled as a passive observer. We assume that the system has a "secret" that does not want to be revealed to the intruder. Our goal is to synthesize a supervisor that controls the system in a least-restrictive manner such that the closed-loop system meets the privacy requirement. For the qualitative case, we adopt the notion of infinite-step opacity as the privacy specification by requiring that the intruder can never determine for sure that the system is/was at a secret state for any specific instant. If the qualitative synthesis problem is not solvable or the synthesized solution is too restrictive, then we further investigate the quantitative synthesis problem so that the secret is revealed (if unavoidable) as late as possible. Effective algorithms are provided to solve both the qualitative and quantitative synthesis problems. Specifically, by building suitable information structures that involve information delays, we show that the optimal qualitative synthesis problem can be solved as a safety-game. The optimal quantitative synthesis problem can also be solved as an optimal total-cost control problem over an augmented information structure. Our work provides a complete solution to the standard infinite-step opacity control problem, which has not been solved without assumption on the relationship between controllable events and observable events. Furthermore, we generalize the opacity enforcement problem to the numerical setting by introducing the secret-revelation-time as a new quantitative measure.

Systems and Control

Ruochen Tai,Liyong Lin,Yuting Zhu,Rong Su

DOI: https://doi.org/10.48550/arXiv.2104.04299

2021-04-09

Systems and Control

Abstract:This paper investigates the problem of co-synthesis of edit function and supervisor for opacity enforcement in the supervisory control of discrete-event systems (DES), assuming the presence of an external (passive) intruder, where the following goals need to be achieved: 1) the external intruder should never infer the system secret, i.e., the system is opaque, and never be sure about the existence of the edit function, i.e., the edit function remains covert; 2) the controlled plant behaviors should satisfy some safety and nonblockingness requirements, in the presence of the edit function. We focus on the class of edit functions that satisfy the following properties: 1) the observation capability of the edit function in general can be different from those of the supervisor and the intruder; 2) the edit function can implement insertion, deletion, and replacement operations; 3) the edit function performs bounded edit operations, i.e., the length of each string output of the edit function is upper bounded by a given constant. We propose an approach to solve this co-synthesis problem by modeling it as a distributed supervisor synthesis problem in the Ramadge-Wonham supervisory control framework. By taking the special structure of this distributed supervisor synthesis problem into consideration and to improve the possibility of finding a non-empty distributed supervisor, we propose two novel synthesis heuristics that incrementally synthesize the supervisor and the edit function. The effectiveness of our approach is illustrated on an example in the enforcement of the location privacy.

Wei Duan,Ruotian Liu,Maria Pia Fanti,Christoforos N. Hadjicostis,Zhiwu Li

2024-10-11

Abstract:As an information-flow privacy property, opacity characterizes whether a malicious external observer (referred to as an intruder) is able to infer the secret behavior of a system. This paper addresses the problem of opacity enforcement using edit functions in discrete event systems modeled by partially observed deterministic finite automata. A defender uses the edit function as an interface at the output of a system to manipulate actual observations through insertion, substitution, and deletion operations so that the intruder will be prevented from inferring the secret behavior of the system. Unlike existing work which usually assumes that the observation capabilities of the intruder and the defender are identical, we consider a more general setting where they may observe incomparable subsets of events generated by the <a class="link-external link-http" href="http://system.To" rel="external noopener nofollow">this http URL</a> characterize whether the defender has the ability to enforce opacity of the system under this setting, the notion of \emph{$ic$-enforceability} is introduced. Then, the opacity enforcement problem is transformed to a two-player game, with imperfect information between the system and the defender, which can be used to determine a feasible decision-making strategy for the defender. Within the game scheme, an edit mechanism is constructed to enumerate all feasible edit actions following system behavior. We further show that an $ic$-enforcing edit function (if one exists) can be synthesized from the edit mechanism to enforce opacity.

Formal Languages and Automata Theory,Systems and Control

Zhenzhong Liu

DOI: https://doi.org/10.1109/access.2024.3390774

IF: 3.9

2024-04-27

IEEE Access

Abstract:Opacity is an essential security indicator in archive systems. There exists a set of secret states and an external intruder who can observe the behavior of the system in the archive system. The intruder can steal private information by observing the behavior of the system. The system is said to be -step opaque when the intruder cannot confirm whether the system has been in a secret state at any time, within the observation of events. In the case where an intruder can never be sure whether the system has ever been in a secret state, the system is referred to be infinite-step opaque. To be realistic, we consider an archive system modeled as a bounded labeled Petri net, and propose an algorithm for constructing a modified state estimator to increase the security of the archive system. Our aim is to verify the two types of opacity of the system by the observer and the modified state estimator. Our new algorithm improves the security of the system so that an intruder cannot easily know whether the system is in a secret state or not, which also improves the previously-known results.

computer science, information systems,telecommunications,engineering, electrical & electronic

Chunyan Mu,David Clark

DOI: https://doi.org/10.48550/arXiv.2206.14317

2022-06-29

Abstract:We delineate a methodology for the specification and verification of flow security properties expressible in the opacity framework. We propose a logic, OpacTL , for straightforwardly expressing such properties in systems that can be modelled as partially observable labelled transition <a class="link-external link-http" href="http://systems.We" rel="external noopener nofollow">this http URL</a> develop verification techniques for analysing property opacity with respect to observation notions. Adding a probabilistic operator to the specification language enables quantitative analysis and verification. This analysis is implemented as an extension to the PRISM model checker and illustrated via a number of examples. Finally, an alternative approach to quantifying the opacity property based on entropy is sketched.

Cryptography and Security

Xiaoguang Han,Kuize Zhang,Zhiwu Li

2024-01-19

Abstract:In this paper, we investigate the verification and enforcement of strong state-based opacity (SBO) in discrete-event systems modeled as partially-observed (nondeterministic) finite-state automata, including strong K-step opacity (K-SSO), strong current-state opacity (SCSO), strong initial-state opacity (SISO), and strong infinite-step opacity (Inf-SSO). They are stronger versions of four widely-studied standard opacity notions, respectively. We firstly propose a new notion of K-SSO, and then we construct a concurrent-composition structure that is a variant of our previously-proposed one to verify it. Based on this structure, a verification algorithm for the proposed notion of K-SSO is designed. Also, an upper bound on K in the proposed K-SSO is derived. Secondly, we propose a distinctive opacity-enforcement mechanism that has better scalability than the existing ones (such as supervisory control). The basic philosophy of this new mechanism is choosing a subset of controllable transitions to disable before an original system starts to run in order to cut off all its runs that violate a notion of strong SBO of interest. Accordingly, the algorithms for enforcing the above-mentioned four notions of strong SBO are designed using the proposed two concurrent-composition structures. In particular, the designed algorithm for enforcing Inf-SSO has lower time complexity than the existing one in the literature, and does not depend on any assumption. Finally, we illustrate the applications of the designed algorithms using examples.

Formal Languages and Automata Theory