Dynamic Games and Applications

, Volume 9, Issue 4, pp 965–983 | Cite as

Supervisory Control of Discrete-Event Systems Under Attacks

  • Masashi Wakaiki
  • Paulo Tabuada
  • João P. HespanhaEmail author


We consider a multi-adversary version of the supervisory control problem for discrete-event systems (DES), in which an adversary corrupts the observations available to the supervisor. The supervisor’s goal is to enforce a specific language in spite of the opponent’s actions and without knowing which adversary it is playing against. This problem is motivated by applications to computer security in which a cyber defense system must make decisions based on reports from sensors that may have been tampered with by an attacker. We start by showing that the problem has a solution if and only if the desired language is controllable (in the DES classical sense) and observable in a (novel) sense that takes the adversaries into account. For the particular case of attacks that insert symbols into or remove symbols from the sequence of sensor outputs, we show that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered.


Supervisory control Discrete-event systems Game theory Computer security 


  1. 1.
    Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water SCADA systems-part I: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21:1963–1970CrossRefGoogle Scholar
  2. 2.
    Cassandras CG, Lafortune S (2008) Introduction to discrete event systems, 2nd edn. Springer, BerlinCrossRefGoogle Scholar
  3. 3.
    Chong MS, Wakaiki M, Hespanha JP (2015) Observability of linear systems under adversarial attacks. In: Proceedings of the 2015 American control conferenceGoogle Scholar
  4. 4.
    Corporation TM (2018) Common vulnerabilities and exposures (CVE) list. Accessed 1 Oct 2017
  5. 5.
    Dubreil J, Darondeau P, Marchand H (2010) Supervisory control for opacity. IEEE Trans Autom Control 55:1089–1100MathSciNetCrossRefGoogle Scholar
  6. 6.
    Fawzi H, Tabuada P, Diggavi S (2014) Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans Autom Control 59:1454–1467MathSciNetCrossRefGoogle Scholar
  7. 7.
    Feng L, Wonham W (2006) TCT: a computation tool for supervisory control synthesis. In: 8th international workshop on discrete event systems, pp 388–389Google Scholar
  8. 8.
    Hubballi N, Biswas S, Roopa S, Ratti R, Nandi S (2011) LAN attack detection using discrete event systems. ISA Trans 50:119–130CrossRefGoogle Scholar
  9. 9.
    Ji Y, Lee S, Downing E, Wang W, Fazzini M, Kim T, Orso A, Lee W (2017) Rain: refinable attack investigation with on-demand inter-process information flow tracking. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, pp 377–390Google Scholar
  10. 10.
    Lafortune S, Ricker L (2014) Desuma2. Accessed 1 Oct 2017
  11. 11.
    Lin F (1993) Robust and adaptive supervisory control of discrete event systems. IEEE Trans Automt Control 38:1848–1852MathSciNetCrossRefGoogle Scholar
  12. 12.
    Paoli A, Sartini M, Lafortune S (2011) Active fault tolerant control of discrete event systems using online diagnostics. Automatica 47:639–649MathSciNetCrossRefGoogle Scholar
  13. 13.
    Ramadge PJ, Wonham WM (1989) The control of discrete event systems. Proc IEEE 77:81–98CrossRefGoogle Scholar
  14. 14.
    Saboori A, Hadjicostis CN (2012) Opacity-enforcing supervisory strategies via state estimator constructions. IEEE Trans Autom Control 57:1155–1165MathSciNetCrossRefGoogle Scholar
  15. 15.
    Saboori A, Zad SH (2006) Robust nonblocking supervisory control of discrete-event systems under partial observation. Syst Control Lett 55:839–848MathSciNetCrossRefGoogle Scholar
  16. 16.
    Sánchez AM, Montoya FJ (2006) Safe supervisory control under observability failure. Discrete Event Dyn Syst Theory Appl 16:493–525MathSciNetCrossRefGoogle Scholar
  17. 17.
    Sheyner O, Wing J (2004) Tools for generating and analyzing attack graphs. In: de Boer FS, Bonsangue MM, Graf S, de Roever WP (eds) Formal methods for components and objects: second international symposium, FMCO 2003, Leiden, The Netherlands, November 4–7, 2003. Revised Lectures, no. 3188 in Lecture Notes on Computer Science. Springer, Berlin, pp. 344–371Google Scholar
  18. 18.
    Shoukry Y, Tabuada P (2016) Event-triggered state observers for sparse noise/attacks. IEEE Trans Autom Control 61(8):2079–2091MathSciNetCrossRefGoogle Scholar
  19. 19.
    Shu S, Lin F (2014) Fault-tolerant control for safety of discrete-event systems. IEEE Trans Autom Sci Eng 11:78–89CrossRefGoogle Scholar
  20. 20.
    Takai S (2000) Robust supervisory control of a class of timed discrete event systems under partial observation. Syst Control Lett 39:267–273MathSciNetCrossRefGoogle Scholar
  21. 21.
    Takai S, Oka Y (2008) A formula for the supremal controllable and opaque sublanguage arising in supervisory control. SICE J Control Meas Syst Integr 1:307–311CrossRefGoogle Scholar
  22. 22.
    Teixeira A, Shames I, Sandberg H, Johansson KH (2015) A secure control framework for resource-limited adversaries. Automatica 51:135–148MathSciNetCrossRefGoogle Scholar
  23. 23.
    Thorsley D, Teneketzis D (2006) Intrusion detection in controlled discrete event systems. In: Proceedings of the 45th conference on decision and controlGoogle Scholar
  24. 24.
    Tsitsiklis JN (1989) On the control of discrete-event dynamical systems. Math Control Signals Syst 2:96–107MathSciNetCrossRefGoogle Scholar
  25. 25.
    Ushio T, Takai S (2009) Supervisory control of discrete event systems modeled by Mealy automata with nondeterministic output functions. In: Proceedings of the 2009 American control conferenceGoogle Scholar
  26. 26.
    Ushio T, Takai S (2016) Nonblocking supervisory control of discrete event systems modeled by Mealy automata with nondeterministic output functions. IEEE Trans Autom Control 61(3):799–804MathSciNetCrossRefGoogle Scholar
  27. 27.
    Whittaker SJ, Zulkernine M, Rudie K (2008) Toward incorporating discrete-event systems in secure software development. In: Proceedings of ARES’08Google Scholar
  28. 28.
    Wonham WM (2010) Supervisory control of discrete-event systems. Accessed 1 Oct 2017
  29. 29.
    Wu YC, Lafortune S (2014) Synthesis of insertion functions for enforcement of opacity security properties. Automatica 50:1336–1348MathSciNetCrossRefGoogle Scholar
  30. 30.
    Xu S, Kumar R (2009) Discrete event control under nondeterministic partial observation. In: Proceedings of IEEE CASE’09Google Scholar
  31. 31.
    Yin X (2017) Supervisor synthesis for Mealy automata with output functions: a model transformation approach. IEEE Trans Autom Control 62(5):2576–2581MathSciNetCrossRefGoogle Scholar
  32. 32.
    Yoo TS, Lafortune S (2002) A general architecture for decentralized supervisory control of discrete-event systems. Discrete Event Dyn Syst Theory Appl 12:335–377MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Graduate School of System InformaticsKobe UniversityKobeJapan
  2. 2.Department of Electrical EngineeringUniversity of CaliforniaLos AngelesUSA
  3. 3.Center for Control, Dynamical-Systems, and ComputationUniversity of CaliforniaSanta BarbaraUSA

Personalised recommendations