Roughly speaking, differential privacy is a privacy-preserving strategy that guarantees attackers to be unlikely to infer, from the previous system output, the dataset from which an output is derived. This work introduces differential privacy to discrete event systems modeled by probabilistic automata to protect the state information pertaining to system resource configurations. State differential privacy is defined to protect the initial state of a discrete event system, which represents its initial resource configuration. Step-based state differential privacy verification is proposed in the framework of probabilistic automata, such that an attacker is unlikely to determine the initial state from which a system evolves, within a finite step of observations, if two systems with two different initial states satisfy state differential privacy. Specifically, the probability distributions of generating observations within a finite step from the two different initial states are approximate. If the two systems do not satisfy state differential privacy, a control specification is proposed, such that state differential privacy is enforced via supervisory control that is maximally permissive. Experimental studies are given to illustrate that the proposed method can effectively verify state differential privacy and enforce privacy protection in the probabilistic automata framework.
Read full abstract