On Resilient Supervisory Control Against Indefinite Actuator Attacks in Discrete-Event Systems

Abstract

In this letter we study a resilient supervisory control design problem in discrete-event systems. Consider that there are certain unsafe states in the system that must be prevented from entering, and this can be ensured by a supervisor disabling certain controllable events. Also consider that the system is subject to actuator attacks from intruders: some controllable events disabled by a supervisor may be re-enabled by an intruder. Our purpose is to address a challenging scenario where the controllable events that are vulnerable to attacks are <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">indefinite</i> , i.e., any controllable event can be attacked. Associating to each unsafe state with a required <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">safety level</i> (a positive integer), our aim of this letter is to design a resilient supervisor such that for every unsafe state <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$q$ </tex-math></inline-formula> , if the number of actuator attacks is no greater than the safety level of <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$q$ </tex-math></inline-formula> , then the controlled system is guaranteed to avoid entering <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$q$ </tex-math></inline-formula> . We first encode the behavior of the system under attack into an automaton called the <italic xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">resiliency automaton</i> . We then show that the resilient supervisor synthesis problem may be cast into a supervisory control problem in the resiliency automaton. Hence, a maximally permissive resilient supervisor can be obtained by using the Ramadge-Wonham supervisory control paradigm. To the best of our knowledge, this is the first result on supervisory control design against indefinite actuator attacks in discrete-event systems.