Control and Synthesis of Non-Interferent Timed Systems

Gilles Benattar,Franck Cassez,Didier Lime,Olivier H. Roux
DOI: https://doi.org/10.48550/arXiv.1207.4984
2012-07-11
Abstract:In this paper, we focus on the synthesis of secure timed systems which are modelled as timed automata. The security property that the system must satisfy is a non-interference property. Intuitively, non-interference ensures the absence of any causal dependency from a high-level domain to a lower-level domain. Various notions of non-interference have been defined in the literature, and in this paper we focus on Strong Non-deterministic Non-Interference (SNNI) and two (bi)simulation based variants thereof (CSNNI and BSNNI). We consider timed non-interference properties for timed systems specified by timed automata and we study the two following problems: (1) check whether it is possible to find a sub-system so that it is non-interferent; if yes (2) compute a (largest) sub-system which is non-interferent.
Logic in Computer Science,Formal Languages and Automata Theory,Systems and Control
What problem does this paper attempt to address?
The core problem that this paper attempts to solve is about how to synthesize non - interferent real - time systems, which are modeled as timed automata. Specifically, the author focuses on Strong Non - deterministic Non - Interference (SNNI) and its two (co - ) simulation - based variants (CSNNI and BSNNI), and studies two main problems: 1. **Check whether there is a subsystem that makes it satisfy the non - interference property**: that is, verify whether a given system can limit its behavior in some way to ensure the non - interference property. 2. **If such a subsystem exists, calculate a maximum non - interference subsystem**: that is, after confirming that the system can satisfy the non - interference property, find and maximize this property. ### Importance of the non - interference property The non - interference property ensures that high - security - level information in the system will not be leaked to the low - security level. Specifically, it prevents any causal dependency from the high - level domain to the low - level domain. This is especially important when dealing with sensitive data, such as users' private data or an organization's confidential information. ### Research background and motivation With the development of modern computing environments, programs can be transferred or obtained between different sites, and these programs may involve sensitive information. Therefore, it is crucial to ensure that these programs do not maliciously or unintentionally leak sensitive data. This security is usually called secrecy, and information flow analysis defines a non - interference property to guarantee this. ### Main contributions of this paper 1. **Decidability results**: The author proves that for a specific class of timed automata (dTA), the SNNI verification problem is decidable. 2. **Solvability of the controller synthesis problem**: It is proved that for this type of timed automata, it is decidable to determine whether there is a controller \(C\) such that \(C(A)\) satisfies SNNI, and the SNNI controller synthesis problem is reduced to solving a series of safety - timed games. 3. **Existence of the most permissive controller**: It is shown that for CSNNI and BSNNI, the most permissive controller does not always exist. 4. **Complexity analysis**: The theoretical complexity of these problems is given. ### Conclusion Through the above research, the author not only solves the verification and synthesis problems of the non - interference property, but also provides a theoretical basis and practical methods for designing more secure real - time systems. This is of great significance for ensuring data security in information systems.