Attack-Resilient Supervisory Control under Energy-Bounded Attacks

In this paper, we investigate the problem of synthesizing safe supervisors for discreteevent systems under attacks. Specifically, we consider an important class of attacks called the actuator enablement attacks (AE-attacks), where an attacker can additionally enable events that are disabled by the supervisor originally. We assume that the attacker consumes certain units of energy each time to launch an attack, and its total energy budget is bounded. Our goal is to synthesize an attack-resilient supervisor such that the closed-loop system is still safe under any attack whose capability is constrained by the energy bound. We provide a necessary and sufficient condition for the existence of such an attack- resilient supervisor based on the notion of safety threshold. When the existence condition holds, an attack-resilient supervisor can be effectively synthesized by dynamically estimating the remaining energy of the attacker. We show the synthesized supervisor is maximally permissive in terms of the nominal behavior without attack. Copyright (c) 2023 The Authors.