Siyuan Liu,Majid Zamani

DOI: https://doi.org/10.1016/j.automatica.2021.109745

IF: 6.4

2021-09-01

Automatica

Abstract:<p>In this paper, we propose a compositional approach to construct opacity-preserving finite abstractions (a.k.a symbolic models) for networks of discrete-time <a class="topic-link" href="/topics/engineering/nonlinear-control-systems">nonlinear control systems</a>. Particularly, we introduce new notions of simulation functions that characterize the distance between control systems while preserving opacity properties across them. Instead of treating large-scale systems in a monolithic manner, we develop a compositional scheme to construct the finite abstractions together with the overall opacity-preserving simulation functions based on those of the smaller subsystems. For a network of incrementally input-to-state stable control subsystems and under some small-gain type condition, an algorithm for designing local quantization parameters is presented to orderly build the local symbolic models of subsystems. We show that the network of those constructed symbolic models simulates the original network for an a-priori defined abstraction accuracy while preserving its opacity properties.</p>

automation & control systems,engineering, electrical & electronic

Bingzhuo Zhong,Siyuan Liu,Marco Caccamo,Majid Zamani

2024-02-17

Abstract:In this paper, we present the synthesis of secure-by-construction controllers that address safety and security properties simultaneously in cyber-physical systems. Our focus is on studying a specific security property called opacity, which characterizes the system's ability to maintain plausible deniability of its secret behavior in the presence of an intruder. These controllers are synthesized based on a concept of so-called (augmented) control barrier functions, which we introduce and discuss in detail. We propose conditions that facilitate the construction of the desired (augmented) control barrier functions and their corresponding secure-by-construction controllers. To compute these functions, we propose an iterative scheme that leverages iterative sum-of-square programming techniques. This approach enables efficient computation of these functions, particularly for polynomial systems. Moreover, we demonstrate the flexibility of our approach by incorporating user-defined cost functions into the construction of secure-by-construction controllers. Finally, we validate the effectiveness of our results through two case studies, illustrating the practical applicability and benefits of our proposed approach.

Systems and Control

Weiwei Han,Yi Li,Zhipeng Zhang,Chengyi Xia

DOI: https://doi.org/10.1016/j.ins.2023.119130

IF: 8.1

2023-05-12

Information Sciences

Abstract:Finite-state machines are among the most important models for studying the logic dynamic behavior of cyber–physical systems, and their security and privacy are urgent problems to be solved at present. This paper explores state-opacity-based privacy verification and synthesis problems for finite-state machines from an algebraic perspective. First, the dynamics of a finite-state machine can be established as an algebraic expression using the semi-tensor product of matrices. Beginning with this novel representation, we propose an algebraic criterion to verify whether the privacy state is opaque to intruders. Subsequently, we investigate the opacity-enhancement synthesis problem from two perspectives. On one hand, we design a feedback supervisory controller by disabling controllable events such that the closed-loop system is opaque with respect to privacy states; on the other hand, we investigate the editing of an observable function simply by assigning specific events in the observation channel instead of changing the transition behavior of the system. We observe that these synthesis problems can be addressed by calculating a system of algebraic equations, and we further develop two algorithms to obtain the controller or function. Finally, an interesting example is presented to demonstrate the validity of the proposed algebraic method. Taken together, these results are conducive to a systematic understanding of privacy enhancement problems.

computer science, information systems

Xiaoying Bai,Thomas Moor

DOI: https://doi.org/10.1109/cdc.2017.8263722

2017-01-01

Abstract:A common approach to controller design of large scale discrete-event systems or hybrid systems is to apply synthesis procedures on an abstraction that is realised on a significantly smaller state set. However, for every abstraction-based controller design, an inherent problem is to guarantee that the controller is also admissible to the actual plant. This paper addresses abstraction-based supervisory control for not-necessarily topologically closed ω-languages and upper-bound language-inclusion specifications. We refer to an abstraction as consistent for the purpose of controller design, if any controller obtained for the abstraction is also admissible to the actual plant. The main results of our study are sufficient and necessary conditions to characterise consistency.

Milad Kazemi,Rupak Majumdar,Mahmoud Salamati,Sadegh Soudjani,Ben Wooding

DOI: https://doi.org/10.1016/j.nahs.2024.101467

2024-05-01

Abstract:This paper studies formal synthesis of controllers for continuous-space systems with unknown dynamics to satisfy requirements expressed as linear temporal logic formulas. Formal abstraction-based synthesis schemes rely on a precise mathematical model of the system to build a finite abstract model, which is then used to design a controller. The abstraction-based schemes are not applicable when the dynamics of the system are unknown. We propose a data-driven approach that computes a growth bound of the system using a finite number of trajectories. The computed growth bound together with the sampled trajectories are then used to construct the abstraction and synthesise a controller. Our approach casts the computation of a growth bound as a robust convex optimisation program (RCP). Since the unknown dynamics appear in the optimisation, we formulate a scenario convex program (SCP) corresponding to the RCP using a finite number of sampled trajectories. We establish a sample complexity result that gives a lower bound for the number of sampled trajectories to guarantee the correctness of the growth bound computed from the SCP with a given confidence. Our sample complexity result requires knowing a possibly conservative bound on the Lipschitz constant of the system. We also provide a sample complexity result for the satisfaction of the specification on the system in closed loop with the designed controller for a given confidence. Our data-driven synthesised controller can provide guarantees on satisfaction of both finite and infinite-horizon specifications. We show that our data-driven approach can be readily used as a model-free abstraction refinement scheme by modifying the formulation of the system’s growth bounds and providing similar sample complexity results. The performance of our approach is shown on three case studies.

automation & control systems,mathematics, applied

Yifan Xie,Xiang Yin,Shaoyuan Li

DOI: https://doi.org/10.48550/arXiv.2102.01402

2021-02-02

Abstract:In this paper, we investigate both qualitative and quantitative synthesis of optimal privacy-enforcing supervisors for partially-observed discrete-event systems. We consider a dynamic system whose information-flow is partially available to an intruder, which is modeled as a passive observer. We assume that the system has a "secret" that does not want to be revealed to the intruder. Our goal is to synthesize a supervisor that controls the system in a least-restrictive manner such that the closed-loop system meets the privacy requirement. For the qualitative case, we adopt the notion of infinite-step opacity as the privacy specification by requiring that the intruder can never determine for sure that the system is/was at a secret state for any specific instant. If the qualitative synthesis problem is not solvable or the synthesized solution is too restrictive, then we further investigate the quantitative synthesis problem so that the secret is revealed (if unavoidable) as late as possible. Effective algorithms are provided to solve both the qualitative and quantitative synthesis problems. Specifically, by building suitable information structures that involve information delays, we show that the optimal qualitative synthesis problem can be solved as a safety-game. The optimal quantitative synthesis problem can also be solved as an optimal total-cost control problem over an augmented information structure. Our work provides a complete solution to the standard infinite-step opacity control problem, which has not been solved without assumption on the relationship between controllable events and observable events. Furthermore, we generalize the opacity enforcement problem to the numerical setting by introducing the secret-revelation-time as a new quantitative measure.

Systems and Control

Siyuan Liu,Xiang Yin,Dimos V. Dimarogonas,Majid Zamani

2024-01-04

Abstract:This paper investigates an important class of information-flow security property called opacity for stochastic control systems. Opacity captures whether a system's secret behavior (a subset of the system's behavior that is considered to be critical) can be kept from outside observers. Existing works on opacity for control systems only provide a binary characterization of the system's security level by determining whether the system is opaque or not. In this work, we introduce a quantifiable measure of opacity that considers the likelihood of satisfying opacity for stochastic control systems modeled as general Markov decision processes (gMDPs). We also propose verification methods tailored to the new notions of opacity for finite gMDPs by using value iteration techniques. Then, a new notion called approximate opacity-preserving stochastic simulation relation is proposed, which captures the distance between two systems' behaviors in terms of preserving opacity. Based on this new system relation, we show that one can verify opacity for stochastic control systems using their abstractions (modeled as finite gMDPs). We also discuss how to construct such abstractions for a class of gMDPs under certain stability conditions.

Systems and Control

Matthias Rungger,Majid Zamani

DOI: https://doi.org/10.1109/TCNS.2016.2583063

2016-06-25

Abstract:We consider a compositional construction of approximate abstractions of interconnected control systems. In our framework, an abstraction acts as a substitute in the controller design process and is itself a continuous control system. The abstraction is related to the concrete control system via a so-called simulation function: a Lyapunov-like function, which is used to establish a quantitative bound between the behavior of the approximate abstraction and the concrete system. In the first part of the paper, we provide a small gain type condition that facilitates the compositional construction of an abstraction of an interconnected control system together with a simulation function from the abstractions and simulation functions of the individual subsystems. In the second part of the paper, we restrict our attention to linear control system and characterize simulation functions in terms of controlled invariant, externally stabilizable subspaces. Based on those characterizations, we propose a particular scheme to construct abstractions for linear control systems. We illustrate the compositional construction of an abstraction on an interconnected system consisting of four linear subsystems. We use the abstraction as a substitute to synthesize a controller to enforce a certain linear temporal logic specification.

Optimization and Control,Systems and Control

Robert Mattila,Yilin Mo,Richard M. Murray

DOI: https://doi.org/10.1109/cdc.2015.7403186

2015-01-01

Abstract:In this paper, we consider the problem of synthesizing correct-by-construction controllers for discrete-time dynamical systems. A commonly adopted approach in the literature is to abstract the dynamical system into a Finite Transition System (FTS) and thus convert the problem into a two player game between the environment and the system on the FTS. The controller design problem can then be solved using synthesis tools for general linear temporal logic or generalized reactivity(1) specifications. In this article, we propose a new abstraction algorithm. Instead of generating a single FTS to represent the system, we generate two FTSs, which are under- and over-approximations of the original dynamical system. We further develop an iterative abstraction scheme by exploiting the concept of winning sets, i.e., the sets of states for which there exists a winning strategy for the system. Finally, the efficiency of the new abstraction algorithm is illustrated by numerical examples.

Eric S. Kim,Murat Arcak

DOI: https://doi.org/10.48550/arXiv.1807.09973

2018-07-26

Systems and Control

Abstract:Translating continuous control system models into finite automata allows us to use powerful discrete tools to synthesize controllers for complex specifications. The abstraction construction step is unfortunately hamstrung by high runtime and memory requirements for high dimensional systems. This paper describes how the transition relation encoding the abstract system dynamics can be generated by connecting smaller abstract modules in series and parallel. We provide a composition operation and show that composing a collection of abstract modules yields another abstraction satisfying a feedback refinement relation. Through compositionality we circumvent the acute computational cost of directly abstracting a high dimensional system and also modularize the abstraction construction pipeline.

Zhenqi Huang,Yu Wang,Sayan Mitra,Geir Dullerud

DOI: https://doi.org/10.48550/arXiv.1501.04925

2015-01-19

Abstract:We present a controller synthesis algorithm for a discrete time reach-avoid problem in the presence of adversaries. Our model of the adversary captures typical malicious attacks envisioned on cyber-physical systems such as sensor spoofing, controller corruption, and actuator intrusion. After formulating the problem in a general setting, we present a sound and complete algorithm for the case with linear dynamics and an adversary with a budget on the total L2-norm of its actions. The algorithm relies on a result from linear control theory that enables us to decompose and precisely compute the reachable states of the system in terms of a symbolic simulation of the adversary-free dynamics and the total uncertainty induced by the adversary. With this decomposition, the synthesis problem eliminates the universal quantifier on the adversary's choices and the symbolic controller actions can be effectively solved using an SMT solver. The constraints induced by the adversary are computed by solving second-order cone programmings. The algorithm is later extended to synthesize state-dependent controller and to generate attacks for the adversary. We present preliminary experimental results that show the effectiveness of this approach on several example problems.

Systems and Control,Cryptography and Security

Behrad Samari,Mahdieh Zaker,Abolfazl Lavaei

2024-12-05

Abstract:Finite abstractions (a.k.a. symbolic models) offer an effective scheme for approximating the complex continuous-space systems with simpler models in the discrete-space domain. A crucial aspect, however, is to establish a formal relation between the original system and its symbolic model, ensuring that a discrete controller designed for the symbolic model can be effectively implemented as a hybrid controller (using an interface map) for the original system. This task becomes even more challenging when the exact mathematical model of the continuous-space system is unknown. To address this, the existing literature mainly employs scenario-based data-driven methods, which require collecting a large amount of data from the original system. In this work, we propose a data-driven framework that utilizes only two input-state trajectories collected from unknown nonlinear polynomial systems to synthesize a hybrid controller, enabling the desired behavior on the unknown system through the controller derived from its symbolic model. To accomplish this, we employ the concept of alternating simulation functions (ASFs) to quantify the closeness between the state trajectories of the unknown system and its data-driven symbolic model. By satisfying a specific rank condition on the collected data, which intuitively ensures that the unknown system is persistently excited, we directly design an ASF and its corresponding hybrid controller using finite-length data without explicitly identifying the unknown system, while providing correctness guarantees. This is achieved through proposing a data-based sum-of-squares (SOS) optimization program, enabling a systematic approach to the design process. We illustrate the effectiveness of our data-driven approach through a case study.

Systems and Control

Huawei Xie,Jing Liu,Na Li

DOI: https://doi.org/10.1093/comjnl/bxae077

2024-08-23

The Computer Journal

Abstract:Abstract Opacity is an important system property that is particularly relevant in the context of system security and privacy. A system is considered opaque if the predefined secret behavior of the system is not leaked to an external intruder. In this work, the opacity property is studied in the framework of labeled Petri nets (LPNs). The secret in an LPN system is characterized by a subset of reachable markings. Firstly, an opacity basis reachability graph (OBRG) containing opacity information of the system is developed to denote a system’s reachability set without computing all reachable states. Then the observer of the OBRG is computed, based on which a necessary and sufficient condition is derived to verify the opacity of the LPN system. Finally, given an LPN that does not satisfy the opacity, a maximally permissive supervisor is introduced to guarantee that the controlled system is opaque.

computer science, information systems, theory & methods, software engineering, hardware & architecture

Maxence Dutreix,Jeongmin Huh,Samuel Coogan

DOI: https://doi.org/10.48550/arXiv.2001.09236

2020-09-21

Abstract:This paper studies the synthesis of controllers for discrete-time, continuous state stochastic systems subject to omega-regular specifications using finite-state abstractions. We present a synthesis algorithm for minimizing or maximizing the probability that a discrete-time stochastic system with finite number of modes satisfies an omega-regular property. Our approach uses a finite-state abstraction of the underlying dynamics in the form of a Bounded-parameter Markov Decision Process (BMDP) arising from a finite partition of the system's domain. Such abstractions allow for a range of transition probabilities between states for each action. Our method analyzes the product between the abstraction and a Deterministic Rabin Automaton encoding the specification. Synthesis is decomposed into a qualitative problem, where the greatest permanent winning components of the product are created, and a quantitative problem, which requires maximizing the probability of reaching this component. We propose a metric for the quality of the controller with respect to the abstracted states and devise a domain partition refinement technique to reach a quality target. Next, we present a method for computing controllers for stochastic systems with a continuous input set. The system is assumed to be affine in input and disturbance, and we derive a technique for solving the qualitative and quantitative problems in the abstractions of such systems called Controlled Interval-valued Markov Chains. The greatest permanent component of such abstractions are found by partitioning the input space to generate a BMDP accounting for all possible qualitative transitions between states. Maximizing the probability of reaching this component is cast as an optimization problem. Quality of the synthesized controller and a refinement scheme are described for this framework.

Systems and Control

Jun Liu

DOI: https://doi.org/10.1145/3049797.3049826

2018-03-05

Abstract:We define robust abstractions for synthesizing provably correct and robust controllers for (possibly infinite) uncertain transition systems. It is shown that robust abstractions are sound in the sense that they preserve robust satisfaction of linear-time properties. We then focus on discrete-time control systems modelled by nonlinear difference equations with inputs and define concrete robust abstractions for them. While most abstraction techniques in the literature for nonlinear systems focus on constructing sound abstractions, we present computational procedures for constructing both sound and approximately complete robust abstractions for general nonlinear control systems without stability assumptions. Such procedures are approximately complete in the sense that, given a concrete discrete-time control system and an arbitrarily small perturbation of this system, there exists a finite transition system that robustly abstracts the concrete system and is abstracted by the slightly perturbed system simultaneously. A direct consequence of this result is that robust control synthesis for discrete-time nonlinear systems and linear-time specifications is robustly decidable. More specifically, if there exists a robust control strategy that realizes a given linear-time specification, we can algorithmically construct a (potentially less) robust control strategy that realizes the same specification. The theoretical results are illustrated with a simple motion planning example.

Systems and Control

Yifan Xie,Xiang Yin,Shaoyuan Li

DOI: https://doi.org/10.1109/tac.2021.3131125

2020-01-01

IFAC-PapersOnLine

Abstract:In this article, we investigate the enforcement of opacity via supervisory control in the context of discrete-event systems. A system is said to be opaque if the intruder, which is modeled as a passive observer, can never infer confidently that the system is at a secret state. The design objective is to synthesize a supervisor such that the closed-loop system is opaque even when the control policy is publicly known. In this article, we propose a new approach for enforcing opacity using nondeterministic supervisors. A nondeterministic supervisor is a decision mechanism that provides a set of control decisions at each instant, and randomly picks a specific control decision from the decision set to actually control the plant. Compared with the standard deterministic control mechanism, such a nondeterministic control mechanism can enhance the plausible deniability of the controlled system as the online control decision is a random realization and cannot be implicitly inferred from the control policy. We provide a sound and complete algorithm for synthesizing a nondeterministic opacity-enforcing supervisor. Furthermore, we show that nondeterministic supervisors are strictly more powerful than deterministic supervisors in the sense that there may exist a nondeterministic opacity-enforcing supervisor even when deterministic supervisors cannot enforce opacity.

Sumukha Udupa,Jie Fu

2024-10-08

Abstract:Qualitative opacity of a secret is a security property, which means that a system trajectory satisfying the secret is observation-equivalent to a trajectory violating the secret. In this paper, we study how to synthesize a control policy that maximizes the probability of a secret being made opaque against an eavesdropping attacker/observer, while subject to other task performance constraints. In contrast to existing belief-based approach for opacity-enforcement, we develop an approach that uses the observation function, the secret, and the model of the dynamical systems to construct a so-called opaque-observations automaton which accepts the exact set of observations that enforce opacity. Leveraging this opaque-observations automaton, we can reduce the optimal planning in Markov decision processes(MDPs) for maximizing probabilistic opacity or its dual notion, transparency, subject to task constraints into a constrained planning problem over an augmented-state MDP. Finally, we illustrate the effectiveness of the developed methods in robot motion planning problems with opacity or transparency requirements.

Formal Languages and Automata Theory

Xiang Yin,Majid Zamani,Siyuan Liu

DOI: https://doi.org/10.1109/tac.2020.2998733

IF: 6.549

2021-04-01

IEEE Transactions on Automatic Control

Abstract:Opacity is an important information-flow security property in the analysis of cyber-physical systems. It captures the plausible deniability of the system's secret behavior in the presence of an intruder that may access the information flow. Existing works on opacity only consider nonmetric systems by assuming that the intruder can always distinguish between two different outputs precisely. In this article, we extend the concept of opacity to systems whose output sets are equipped with metrics. Such systems are widely used in the modeling of many real-world systems whose measurements are physical signals. A new concept called approximate opacity is proposed in order to quantitatively evaluate the security guarantee level with respect to the measurement precision of the intruder. Then, we propose a new simulation-type relation, called approximate opacity-preserving simulation relation, which characterizes how close two systems are in terms of the satisfaction of approximate opacity. This allows us to verify approximate opacity for large-scale, or even infinite, systems using their abstractions. We also discuss how to construct approximate opacity-preserving symbolic models for a class of discrete-time control systems. Our results extend the definitions and analysis techniques for opacity from nonmetric systems to metric systems.

automation & control systems,engineering, electrical & electronic

Satya Prakash Nayak,Lucas Neves Egidio,Matteo Della Rossa,Anne-Kathrin Schmuck,Raphaël Jungers

DOI: https://doi.org/10.1109/OJCSYS.2023.3305835

2023-08-15

Abstract:We consider the problem of automatically synthesizing a hybrid controller for non-linear dynamical systems which ensures that the closed-loop fulfills an arbitrary \emph{Linear Temporal Logic} specification. Moreover, the specification may take into account logical context switches induced by an external environment or the system itself. Finally, we want to avoid classical brute-force time- and space-discretization for scalability. We achieve these goals by a novel two-layer strategy synthesis approach, where the controller generated in the lower layer provides invariant sets and basins of attraction, which are exploited at the upper logical layer in an abstract way. In order to achieve this, we provide new techniques for both the upper- and lower-level synthesis. Our new methodology allows to leverage both the computing power of state space control techniques and the intelligence of finite game solving for complex specifications, in a scalable way.

Systems and Control,Computer Science and Game Theory

M. Hadi Zibaeenejad,Jun Liu

DOI: https://doi.org/10.1109/tac.2019.2953452

IF: 6.549

2020-10-01

IEEE Transactions on Automatic Control

Abstract:Controller design for continuous systems with linear temporal logic (LTL) specifications is a computationally intensive task. ing a discrete transition system from a real-world continuous-state system often results in a state machine with a large number of states and nondeterministic transitions. This makes controller synthesis for LTL specifications difficult specially when the design specification is lengthy. To reduce the complexity, we consider the specifications that are in the conjunctive form of practical LTL patterns. We use auditor product to incrementally restrict the system to satisfy the safety part of each subspecification. The control strategy, that satisfies the liveness part is then calculated by solving a generalized Buchi game on the result of the auditor product of the discrete transition system with all subspecifications. This approach has the same worst case computational complexity as $text{GR}(1)$ synthesis, but avoids some of the fundamental limitations involved with $Assumption Rightarrow Guarantee$ formulation of the problem.

automation & control systems,engineering, electrical & electronic