Automatica, Vol.94, 35-44, 2018
Supervisor synthesis to thwart cyber attack with bounded sensor reading alterations
One of the major challenges about cyber-physical systems is how to protect system integrity from cyber attacks. There has been a large number of different types of attacks discussed in the literature. In this paper we aim to investigate one special type of attacks in the discrete-event system framework, where an attacker can arbitrarily alter sensor readings after intercepting them from a target system, aiming to trick a given supervisor to issue improper control commands, which can drive the system to an undesirable state. We first consider the cyber attack problem from an attacker's point of view, and formulate an attack-with-bounded-sensor-reading-alterations (ABSRA) problem. We then show that the supremal (or least restrictive) ABSRA exists and can be computed, as long as the plant model and the supervisor model are regular, i.e., representable by finite-state automata. Upon the synthesis of the supremal ABSRA, we present a synthesis algorithm, which computes a supervisor that is ABSRA-robust in the sense that any ABSRA will either be detectable or inflict no damage to the system. (C) 2018 Elsevier Ltd. All rights reserved.
Keywords:Discrete-event systems;Supervisory control;Cyber security;Attack under bounded sensor reading alterations;Partial observation;Controllability