Optimal Secret Protection in Discrete Event Systems with Dynamic Clearance Levels

In this paper we propose a general framework to design optimal secret protection policies in discrete event systems. In the system, some secret states are associated with confidentiality levels (possibly different), and our purpose is to design an event-protecting policy such that any user (legal or unauthorized) who visits a secret state must have a security clearance level no less than the required confidentiality level. We consider the criteria of optimality on protecting policies as to protecting policies with a minimum degree of disturbance to legal users’ normal operations. We develop an auxiliary data structure called the generalized secret automaton, based on which we propose a method to design a protecting policy using the classical supervisory control theory. The minimally disruptive protecting policy is then represented by an automaton called the secret enforcer whose state size is polynomial both in the number of the plant states and the number of secret states in the plant.