Skip to main content

Supervisory Control of Discrete-Event Systems Under Attacks


We consider a multi-adversary version of the supervisory control problem for discrete-event systems (DES), in which an adversary corrupts the observations available to the supervisor. The supervisor’s goal is to enforce a specific language in spite of the opponent’s actions and without knowing which adversary it is playing against. This problem is motivated by applications to computer security in which a cyber defense system must make decisions based on reports from sensors that may have been tampered with by an attacker. We start by showing that the problem has a solution if and only if the desired language is controllable (in the DES classical sense) and observable in a (novel) sense that takes the adversaries into account. For the particular case of attacks that insert symbols into or remove symbols from the sequence of sensor outputs, we show that testing the existence of a supervisor and building the supervisor can be done using tools developed for the classical DES supervisory control problem, by considering a family of automata with modified output maps, but without expanding the size of the state space and without incurring on exponential complexity on the number of attacks considered.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2


  1. Amin S, Litrico X, Sastry S, Bayen AM (2013) Cyber security of water SCADA systems-part I: analysis and experimentation of stealthy deception attacks. IEEE Trans Control Syst Technol 21:1963–1970

    Article  Google Scholar 

  2. Cassandras CG, Lafortune S (2008) Introduction to discrete event systems, 2nd edn. Springer, Berlin

    Book  Google Scholar 

  3. Chong MS, Wakaiki M, Hespanha JP (2015) Observability of linear systems under adversarial attacks. In: Proceedings of the 2015 American control conference

  4. Corporation TM (2018) Common vulnerabilities and exposures (CVE) list. Accessed 1 Oct 2017

  5. Dubreil J, Darondeau P, Marchand H (2010) Supervisory control for opacity. IEEE Trans Autom Control 55:1089–1100

    MathSciNet  Article  Google Scholar 

  6. Fawzi H, Tabuada P, Diggavi S (2014) Secure estimation and control for cyber-physical systems under adversarial attacks. IEEE Trans Autom Control 59:1454–1467

    MathSciNet  Article  Google Scholar 

  7. Feng L, Wonham W (2006) TCT: a computation tool for supervisory control synthesis. In: 8th international workshop on discrete event systems, pp 388–389

  8. Hubballi N, Biswas S, Roopa S, Ratti R, Nandi S (2011) LAN attack detection using discrete event systems. ISA Trans 50:119–130

    Article  Google Scholar 

  9. Ji Y, Lee S, Downing E, Wang W, Fazzini M, Kim T, Orso A, Lee W (2017) Rain: refinable attack investigation with on-demand inter-process information flow tracking. In: Proceedings of the 2017 ACM SIGSAC conference on computer and communications security. ACM, pp 377–390

  10. Lafortune S, Ricker L (2014) Desuma2. Accessed 1 Oct 2017

  11. Lin F (1993) Robust and adaptive supervisory control of discrete event systems. IEEE Trans Automt Control 38:1848–1852

    MathSciNet  Article  Google Scholar 

  12. Paoli A, Sartini M, Lafortune S (2011) Active fault tolerant control of discrete event systems using online diagnostics. Automatica 47:639–649

    MathSciNet  Article  Google Scholar 

  13. Ramadge PJ, Wonham WM (1989) The control of discrete event systems. Proc IEEE 77:81–98

    Article  Google Scholar 

  14. Saboori A, Hadjicostis CN (2012) Opacity-enforcing supervisory strategies via state estimator constructions. IEEE Trans Autom Control 57:1155–1165

    MathSciNet  Article  Google Scholar 

  15. Saboori A, Zad SH (2006) Robust nonblocking supervisory control of discrete-event systems under partial observation. Syst Control Lett 55:839–848

    MathSciNet  Article  Google Scholar 

  16. Sánchez AM, Montoya FJ (2006) Safe supervisory control under observability failure. Discrete Event Dyn Syst Theory Appl 16:493–525

    MathSciNet  Article  Google Scholar 

  17. Sheyner O, Wing J (2004) Tools for generating and analyzing attack graphs. In: de Boer FS, Bonsangue MM, Graf S, de Roever WP (eds) Formal methods for components and objects: second international symposium, FMCO 2003, Leiden, The Netherlands, November 4–7, 2003. Revised Lectures, no. 3188 in Lecture Notes on Computer Science. Springer, Berlin, pp. 344–371

  18. Shoukry Y, Tabuada P (2016) Event-triggered state observers for sparse noise/attacks. IEEE Trans Autom Control 61(8):2079–2091

    MathSciNet  Article  Google Scholar 

  19. Shu S, Lin F (2014) Fault-tolerant control for safety of discrete-event systems. IEEE Trans Autom Sci Eng 11:78–89

    Article  Google Scholar 

  20. Takai S (2000) Robust supervisory control of a class of timed discrete event systems under partial observation. Syst Control Lett 39:267–273

    MathSciNet  Article  Google Scholar 

  21. Takai S, Oka Y (2008) A formula for the supremal controllable and opaque sublanguage arising in supervisory control. SICE J Control Meas Syst Integr 1:307–311

    Article  Google Scholar 

  22. Teixeira A, Shames I, Sandberg H, Johansson KH (2015) A secure control framework for resource-limited adversaries. Automatica 51:135–148

    MathSciNet  Article  Google Scholar 

  23. Thorsley D, Teneketzis D (2006) Intrusion detection in controlled discrete event systems. In: Proceedings of the 45th conference on decision and control

  24. Tsitsiklis JN (1989) On the control of discrete-event dynamical systems. Math Control Signals Syst 2:96–107

    MathSciNet  Article  Google Scholar 

  25. Ushio T, Takai S (2009) Supervisory control of discrete event systems modeled by Mealy automata with nondeterministic output functions. In: Proceedings of the 2009 American control conference

  26. Ushio T, Takai S (2016) Nonblocking supervisory control of discrete event systems modeled by Mealy automata with nondeterministic output functions. IEEE Trans Autom Control 61(3):799–804

    MathSciNet  Article  Google Scholar 

  27. Whittaker SJ, Zulkernine M, Rudie K (2008) Toward incorporating discrete-event systems in secure software development. In: Proceedings of ARES’08

  28. Wonham WM (2010) Supervisory control of discrete-event systems. Accessed 1 Oct 2017

  29. Wu YC, Lafortune S (2014) Synthesis of insertion functions for enforcement of opacity security properties. Automatica 50:1336–1348

    MathSciNet  Article  Google Scholar 

  30. Xu S, Kumar R (2009) Discrete event control under nondeterministic partial observation. In: Proceedings of IEEE CASE’09

  31. Yin X (2017) Supervisor synthesis for Mealy automata with output functions: a model transformation approach. IEEE Trans Autom Control 62(5):2576–2581

    MathSciNet  Article  Google Scholar 

  32. Yoo TS, Lafortune S (2002) A general architecture for decentralized supervisory control of discrete-event systems. Discrete Event Dyn Syst Theory Appl 12:335–377

    MathSciNet  Article  Google Scholar 

Download references

Author information

Authors and Affiliations


Corresponding author

Correspondence to João P. Hespanha.

Additional information

Submitted to Special Issue on Dynamic Games in Cyber Security. This work was supported by the JSPS KAKENHI Grant Number JP17K14699, the National Science Foundation Award No. 1705135, and the U.S. Office of Naval Research under MURI Grant No. N00014-16-1-2710.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Wakaiki, M., Tabuada, P. & Hespanha, J.P. Supervisory Control of Discrete-Event Systems Under Attacks. Dyn Games Appl 9, 965–983 (2019).

Download citation

  • Published:

  • Issue Date:

  • DOI:


  • Supervisory control
  • Discrete-event systems
  • Game theory
  • Computer security