Enforcing opacity with Orwellian observation

• Published in: 2016 13th International Workshop on Discrete Event Systems (WODES) pp. 306 - 312
• Main Author: Yeddes, Moez
• Format: Conference Proceeding
• Language: English
• Published: IEEE 01.05.2016
• Subjects: Automata; Computer security; Conferences; Formal verification; Minimal Super-language; Observability; Observers; Opacity; Orwellian observation; Protocols; Security policies; Supremal Sub-language
• DOI: 10.1109/WODES.2016.7497864

In computer security, opacity is widely used and considered as a general language-theoretic scheme of many security properties of systems. A secret behaviour of a system is opaque if a passive attacker can never deduce its occurrence from the system observation. In [9], instead of considering the case of static observability where the set of observable events is fixed off-line or dynamic observability where the set of observable events changes over time depending on the history of the trace, we have introduced Orwellian partial observability where unobservable events are not revealed provided that downgrading events never occurs in the future of the trace. We show in the previous paper verifying opacity for regular secret is opaque for a regular language L w.r.t. an Orwellian projection is PSPACE-complete while it has been proved undecidable even for a regular language L w.r.t. a general Orwellian observation function. In this paper, we address two problems of opacification of a regular secret φ for a regular language L w.r.t. an Orwellian projection πo,d: Given L and a secret φ ∈ L, the first problem consists in computing some minimal regular super-language M of L, if it exists, such that φ is opaque for M w.r.t. πo,d and the second consists to compute the supremal sub-language M' of L such that φ is opaque for M' w.r.t. πo,d. We derive both language-theoretic characterizations and algorithms to solve the two problems.