Research Article Verification of Opacity and Diagnosability for Pushdown...
Transcript of Research Article Verification of Opacity and Diagnosability for Pushdown...
Hindawi Publishing CorporationJournal of Applied MathematicsVolume 2013 Article ID 654059 10 pageshttpdxdoiorg1011552013654059
Research ArticleVerification of Opacity and Diagnosability forPushdown Systems
Koichi Kobayashi and Kunihiko Hiraishi
School of Information Science Japan Advanced Institute of Science and Technology Ishikawa 923-1292 Japan
Correspondence should be addressed to Koichi Kobayashi k-kobayajaistacjp
Received 26 February 2013 Revised 28 April 2013 Accepted 30 April 2013
Academic Editor Guiming Luo
Copyright copy 2013 K Kobayashi and K HiraishiThis is an open access article distributed under the Creative CommonsAttributionLicense which permits unrestricted use distribution and reproduction in anymedium provided the originalwork is properly cited
In control theory of discrete event systems (DESs) one of the challenging topics is the extension of theory of finite-state DESsto that of infinite-state DESs In this paper we discuss verification of opacity and diagnosability for infinite-state DESs modeledby pushdown automata (called here pushdown systems) First we discuss opacity of pushdown systems and prove that opacity ofpushdown systems is in general undecidable In addition a decidable class is clarified Next in diagnosability we prove that under acertain assumption which is different from the assumption in the existing result diagnosability of pushdown systems is decidableFurthermore a necessary condition and a sufficient condition using finite-state approximations are derived Finally as one of theapplications we consider data integration using XML (Extensible Markup Language) The obtained result is useful for developingcontrol theory of infinite-state DESs
1 Introduction
To extend control theory of discrete event systems (DESs)expressed by finite automata [1] to that of infinite-state DESsis one of the challenging topics Infinite automata [2] andunbounded Petri nets [3 4] are common models of infinite-state DESs In this paper we focus on a pushdown automaton(PDA) [5 6] which is one of the standard classes of infiniteautomata A PDA is a finite automaton having a stack withinfinite length and a state transition is decided by the inputsymbol (event) and the stack symbol in the top of thestack The stack can be manipulated by the input symbol inwhich the empty symbol is included Furthermore a visiblypushdown automaton (VPA) has been proposed as a specialclass of PDAs [7 8] Input symbols in a VPA are composedof three kinds of symbols that is push manipulations popmanipulations and internal manipulations (see Section 21for further details) It is easier to analyze a VPA than a PDASome examples are given as applications of PDAs and VPAsIn the modeling of a software system a PDA is frequentlyused (see eg [9]) Also in analysis of a cyber-physical system(CPS) which has recently attracted much attention a PDA isused [10] A CPS is a system featuring a combination betweencomputer systems and physical systems [11] To model
the complicate behavior of such a CPS it is important to use aPDA In addition as an application of a PDA intrusion detec-tion in the field of computer security has been studied so far[12] As an application of a VPA analysis of XML (ExtensibleMarkup Language) which is one of the markup languagesand is widely used in several fields [8 13] has been studiedso far [8 13] Thus a PDA and a VPA have many applicationsand developing theory of DESs using a PDA and a VPA isimportant
For DESs modeled by PDAs and VPAs (called here push-down systems) supervisory control [9 14] and diagnosabilityverification [15] have been studied so far Diagnosabilityverification is the problem of testing if the state reaches agiven failure state under partial observations In diagnosabil-ity verification it has been proven in [15] that diagnosabil-ity of pushdown systems is in general undecidable and isdecidable under the assumption that stack manipulations arecompletely observed This assumption is very strong and isnot practical Furthermore it is important to approximatelyverify diagnosability for pushdown systems without assump-tions On the other hand in recent years opacity in computersecurity has been studied in the framework of DESs [16ndash22]Opacity aims to determine if a secret behavior in the system
2 Journal of Applied Mathematics
is kept opaque to outsiders In [17] it has been shown thatopacity verification of infinite-state systems is undecidableAlso in [19] opacity verification of infinite-state systems hasbeen discussed using approximate models However to ourknowledge opacity verification of pushdown systems has notbeen studied so far
In this paper we discuss verification of opacity and diag-nosability for pushdown systems based on basic results informal language theory [5 6] In opacity verification it isproven that opacity of pushdown systems is in general unde-cidable Furthermore we clarify a condition such that opacityis decidable In diagnosability verification first it is proventhat if a part of observations in the system can be expressedas a regular language that is a language accepted by somefinite automaton then diagnosability is decidable Next anecessary condition for the pushdown system not to be diag-nosable is derived based on finite-state overapproximationsIn a similar way a sufficient condition is also derived based onfinite-state underapproximations The proposed conditionsenable us to verify diagnosability of awider class of pushdownsystems Also the relation among opacity verification diag-nosability verification and the sensor selection problem isdiscussed Finally as one of the applications we consider dataintegration of XML documents In the case that documentsin databases are expressed by the XML one of the importantproblems is data integration which is called here XML dataintegration In particular we discuss XML data integrationwith security considerations and show the effectiveness of theproposed approach The conference paper [23] is a prelimi-nary version of this paper In this paper we provide improvedformulations and explanations discussion on the computa-tional complexity and application to XML data integration
This paper is organized as follows In Section 2 first theoutline of pushdown systems is explained Next decidableproblems and undecidable problems in PDAs and VPAs areexplained Finally we introduce a finite-state overapproxima-tion of PDAs In Section 3 opacity verification is discussed InSection 4 diagnosability verification is discussed and somediagnosability conditions are derived In Section 5 relatedtopics are discussed In Section 6 we consider an applicationof the proposed approach to XML data integration InSection 7 we conclude this paper
Notation For a finite set Σ let Σlowast denote a set of all finitestrings which consist of elements in Σ including the emptystring 120576 Let Σ120596 denote a set of all infinite strings Let |Σ|denote the number of elements in Σ The setN is defined asN = 0 1 2
2 Preliminaries
In this section first we introduce pushdown automata andtheir subclass Next undecidable problems in pushdownautomata are explained Furthermore we introduce assump-tions that will enable the undecidable problems to becomedecidable Finally a finite-state overapproximation used indiagnosability verification is explained
21 Pushdown Systems Consider the following pushdownautomaton (PDA)
119866 = (119876 Σ Γ Δ 1199020 1198850 119865) (1)
where 119876 is the finite set of states Σ cup 120576 is the finite set ofinput symbols (events) Γ are the finite set of stack symbolsΔ = Δ push cup Δ pop cup Δ int transition relations 119902
0isin 119876 are the
initial state and 1198850isin Γ is the initial stack symbol 119865 sube 119876 the
set of final statesIn theory of DESs the empty string 120576 is regarded as an
unobservable event In the PDA to be studied here transitionrelations are composed of Δ push Δ pop and Δ int which arecalled here a ldquopushrdquo manipulation a ldquopoprdquo manipulationand an ldquointernalrdquo manipulation respectively In the pushmanipulation a particular symbol is pushed to the top of thestack In the popmanipulation the top of the stack is poppedoff In the internalmanipulation the stack is not changed andonly the state is changedMore precisely threemanipulationsare given as
Δ push sube (119876 times Σ times Γ) times 119876
Δ pop sube (119876 times Σ) times (119876 times (Γ minus 1198850))
Δ int sube (119876 times Σ) times 119876
(2)
respectively Functional forms of 120575 = (119902 120590 120574 1199021015840
) isin Δ push120575 = (119902 120590 119902
1015840
120574) isin Δ pop and 120575 = (119902 120590 1199021015840
) isin Δ int are givenas 120575 (119902 120590 120574) rarr 119902
1015840 120575 (119902 120590) rarr (1199021015840
120574) and 120575 (119902 120590) rarr1199021015840 respectively If the state and the symbol sequence in thestack are uniquely determined for given initial state and inputsymbol a given PDA is said to be deterministic
In addition if the state reaches some element of a subset1198761015840
sube 119876 by an execution 119906 isin Σlowast then it is said that an
execution 119906 reaches1198761015840 Furthermore we can naturally extendthese definitions to an infinite execution If the state reachessome element of 1198761015840 by one of the prefixes of an infiniteexecution 119908 isin Σ
120596 then it is said that the infinite execution119908 reaches 1198761015840
Let Σ119900sube Σ denote the set of observable events and the set
Σ119906119900= Σ119900is the set of unobservable events Let 119871(119866) denote
the set of languages accepted by 119866 Then let 119875(119871(119866)) denotethe set of sequences of observable events that is the followingtwo relations hold
119875 (120590) = 120590 if 120590 isin Σ119900
119875 (120590) = 120576 if 120590 isin Σ119906119900
(3)
Since 119875(1205901) = 119875(120590
2) is satisfied for the two unobservable
events 1205901 1205902isin Σ119906119900 two events 120590
1 1205902are indistinguishable
Next we introduce visibly PDAs [7 8] as a subclass ofPDAs
Definition 1 A PDA (1) is said to be a visibly PDA (VPA) ifΣ comprises Σ = Σpush cup Σpop cup Σint where Σpush Σpop andΣint are input symbols corresponding toΔ pushΔ pop andΔ intrespectively
Journal of Applied Mathematics 3
In VPAs manipulations to the stack can be visualizedfrom Σ
We illustrate this with a simple example
Example 2 Consider the VPA 119866 in Figure 1 where
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888 119889
Γ = 1198850 119883 119884
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119884 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883) (1199022 119889 1199022 119884)
Δ int = (1199020 119888 1199022)
119865 = 1199021 1199022 sub 119876
(4)
In Figure 1 119886 + 119883 and 119886 + 119884 express push manipulations119887minus119883 and 119889minus119884 express popmanipulations and 119888 expressesan internal manipulation Since Σ = 119886 119887 119888 119889 comprises
Σpush = 119886 Σpop = 119887 119889 Σint = 119888 (5)
we see that this automaton is a VPA In addition we have
119871 (119866) = 119886119899
119887119899
| 119899 ge 1 cup 119886119898
119888119889119898
| 119898 ge 0 (6)
where 119886119899119887119899 corresponds to the set of event sequences suchthat the state reaches 119902
1 119886119899119888119889119899 corresponds to the set of event
sequences such that the state reaches 1199022
Hereafter a discrete event system expressed by a PDA anda VPA is called a DES-PDA and a DES-VPA respectively If itis not necessary to distinguish a DES-PDA and a DES-VPAthen these discrete event systems are called here pushdownsystems (PDSs)
22 Decidable Problems and Undecidable Problems in Push-down Automata In this subsection we explain decidableproblems and undecidable problems in a language 119871(119866)
accepted by PDA or VPA 119866 that is a context-free language(CFL) See [5 6] for further details
Suppose that the two PDAs 1198661and 119866
2are given Then
119871(1198661) and 119871(119866
2) are CFLs and the following result is known
Lemma 3 The emptiness problem of an intersection of 119871(1198661)
and 119871(1198662) that is the problem of deciding if 119871(119866
1)cap119871(119866
2) = 0
holds is undecidable
This lemma follows from the fact that 119871(1198661)cap119871(119866
2) is not
a CFL in generalThe emptiness problem of an intersection oftwo CFLs is decidable under a given assumption
Lemma4 Assume that either 119871(1198661) or 119871(119866
2) is given as a reg-
ular language that is either1198661or1198662is given as a finite autom-
aton Then the emptiness problem of an intersection of 119871(1198661)
and 119871(1198662) is decidable In addition this problem can be solved
in PTIME
119886+119883
119886+119883
119886+119884
1199020 1199021
119887minus119883
119888
1199022
119889minus119884
Figure 1 Example of VDPDAs 119866
Under the assumption in Lemma 4 119871(1198661) cap 119871(119866
2) is a
CFL and the emptiness problem is decidable This result inthe emptiness problem of an intersection is used in diagnos-ability verification in Section 4
Next the following result on the inclusion problem hasbeen obtained
Lemma 5 The inclusion problem of two PDAs 1198661and 119866
2
that is the problem of deciding if 119871(1198661) sube 119871(119866
2) holds is
undecidable
For VPAs the following result has been obtained [7]
Lemma6 The inclusion problem of two VPAs1198661and119866
2 that
is the problem of deciding if 119871(1198661) sube 119871(119866
2) holds is decidable
In addition this problem can be solved in EXPTIME
On the other hand a class of deterministic PDAs suchthat the inclusion problem is decidable is called superde-terministic PDAs [24] A deterministic VPA is a subclassof the superdeterministic PDAs This fact is clear from thedefinitions in [7 24] As a result the following result can beobtained
Lemma 7 Assume that 1198661and 119866
2are given as a PDA and a
deterministic VPA respectivelyThen the problem of deciding if119871(1198661) sube 119871(119866
2) is decidable In addition this problem can be
solved in 2-EXPTIME
These results of the inclusion problem are used in opacityverification in Section 3
23 Finite-State Overapproximation of Pushdown AutomataIn this section we explain the finite-state overapproximationsof PDAs Several approximations have been proposed so far(see eg [25] for further details) In this paper the followingfinite-state overapproximation proposed in [9] is used
4 Journal of Applied Mathematics
Definition 8 For a given PDA119866 of (1) the finite-state overap-proximation of 119866 is defined by
119866119900= (119876 Σ
119876 Δ119900 1199020 119865) (7)
where Σ119876and Δ
119900are defined as follows
(i) Σ119876= 120590 sdot 119902 | 120590 isin Σ 119902 isin 119876
(ii) Δ119900is given as Δ
119900sube (119876 times Σ
119876) times 119876 120575 = (119902 120590 sdot 1199021015840 1199021015840) isin
Δ119900holds if and only if one of the following three
conditions holds
(1) 120575 = (119902 120590 120574 1199021015840) isin Δ push holds for some 120574 isin Γ(2) 120575 = (119902 120590 1199021015840 120574) isin Δ pop holds for some 120574 isin Γ(3) 120575 = (119902 120590 1199021015840) isin Δ int holds
Let119866119904denote the PDAobtained by replacing120590 isin Σwith120590119902 isin
Σ119876 In the transitions of 119866
119900 the conditions on the stack are
ignored So 119871(119866119904) sube 119871(119866
119900) holds
A finite-state overapproximation will be used in the topicon diagnosability (see Section 44 for further details)
3 Opacity Verification
This section looks at opacity verification of PDSs First thenotion of opacity is defined Next after a condition for a PDSto be opaque is derived a decidable class of PDSs is clarified
31 Definition of Opacity First secret states are defined Let119876119904sub 119865 denote the set of secret states Then we define the
notion of opacity based on the definition in [20]
Definition 9 For the PDS 119866 of (1) suppose that the set ofsecret states 119876
119904and the set of observable events Σ
119900are given
Then the PDS is said to be opaque if for all 119905 isin 119871(119866) thereexists 119904 isin 119871(119866) minus 119905 such that if 119905 reaches 119876
119904 then 119904 does not
reach 119876119904and 119875(119904) = 119875(119905)
Several definitions of opacity have been proposed so far(see eg [17 20ndash22]) In this paper the simplest definition in[20] is used
32 Decidability of Opacity Let 1198811denote the set of finite
event sequences such that the state reaches 119876119904 Let 119881
2denote
the set of finite event sequences such that the state reaches119876minus119876
119904 Then the opacity condition of PDSs can be derived as
follows
Theorem 10 A PDS is opaque if and only if 119875(1198811) sube 119875(119881
2)
holds
Proof If a PDS is opaque then 119875(1198811) is included in 119875(119881
2)
Conversely if 119875(1198811) sube 119875(119881
2) holds then for any V
1isin 119875(119881
1)
there exists V2isin 119875(119881
2) such that V
1= V2 So the PDS is
opaque
FromLemma 5 andTheorem 10 we can obtain the follow-ing result immediately
Theorem 11 Opacity of a DES-PDA is in general undecidable
In addition from Lemma 5 and Theorem 10 we canobtain the following result
Theorem 12 Opacity of a DES-VPA is in general undecidable
Proof Even if1198811and1198812are languages accepted byVPAs then
119875(1198811) and119875(119881
2) are in general given as languages accepted by
PDAs [15] Then from Lemma 5 and Theorem 10 opacity ofa DES-VPA is undecidable
From Theorems 11 and 12 we see that opacity of a DES-PDA and a DES-VPA are in general undecidable On theother hand from Lemma 6 and Theorem 10 we see that ifobservations of a DES-PDA is expressed by some VPA thenopacity of a DES-PDAmay be decidable Then we can obtainthe following result
Theorem 13 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by VPAs respectively Then the problem of decidingif 119875(119881
1) sube 119875(119881
2) holds is decidable that is opacity of a PDS is
decidable In addition this problem can be solved in EXPTIME
In addition from Lemma 7 and Theorem 10 we canobtain the following result
Theorem 14 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by a PDA and a deterministic VPA respectively Thenthe problem of deciding if 119875(119881
1) sube 119875(119881
2) holds is decidable
that is opacity of a PDS is decidable In addition this problemcan be solved in 2-EXPTIME
From Theorem 14 we see that if 119875(1198812) is given as a
language accepted by a deterministic VPA then the decidablecondition is relaxed Comparing Theorem 13 with Theo-rem 14 the inclusion problem inTheorem 14 is more difficultthan that in Theorem 13 This is because in Theorem 14119875(1198811) may be given as a language accepted by a PDA If an
overapproximation of a PDA can be derived as a VPA thenwe can obtain a sufficient condition of a PDS to be opaque Infuture work we plan to consider how to approximate a PDAby a VPA On the other hand in recent years VPAs have beenapplied to several applications (see eg [7ndash9]) ThereforeTheorem 13 andTheorem 14 will be useful
Finally we show a simple example
Example 15 Consider the DES-VPA in Figure 1 Assume 119889 =119887 Suppose that Σ
119900= 119886 119887 Σ
119906119900= 119888 and 119876
119904= 1199022 are
given Then we obtain119875 (1198811) = 119875 (119881
2) = 119886119899
119887119899
(8)119875(1198811) and119875(119881
2) are languages accepted byVPAs respectively
and 119875(1198811) = 119875(119881
2) holds Therefore this system is opaque
4 Diagnosability Verification
In this section first diagnosability for the PDS (1) is definedaccording to the definition in [15 26 27] Next after the exist-ing results in [15] are explained two kinds of diagnosabilityconditions are proposed
Journal of Applied Mathematics 5
41 Definition of Diagnosability First failure states aredefined Let 119876
119891sub 119876 denote the set of failure states For 119876
119891
the following two assumptions are made (i) 119876119891sub 119865 and
(ii) if the state reaches the set 119876119891 then the state stays within
119876119891 Since in this paper we focus on whether some failure has
occurred in the past or not these assumptions are imposedThese assumptions also imply that any failure is not restoredautomatically Let 119871
119891sub 119871(119866) denote the set of executions
such that the state reaches some element in 119876119904
Next the notion of diagnosability for the PDS (1) isdefined according to [15 26 27]
Definition 16 For the PDS (1) suppose that the set of failurestates 119876
119891and the set of observable events Σ
119900are given Then
the PDS (1) is diagnosable if the following condition holds
(exist119899 isin N minus infin) (forall119904 isin 119871119891) (forall119905 isin
119871 (119866)
119904)
|119905| ge 119899 997904rArr 119875minus1
119875 (119904119905) cap 119871 (119866) sube 119871119891
(9)
where 119871(119866)119904 = 119905 isin Σlowast
| 119904119905 isin 119871(119866) and 119875minus1119875(119904119905) is the setof executions such that an observation is 119875(119904119905)
In this definition 119875minus1119875(119904119905) cap 119871(119866) sube 119871119891implies that all
executions such that an observation is 119875(119904119905) are included in119871119891 So a failure can be detected from a finite observation
In other words if there exists an unobservable infinite suffixthen the system is not diagnosable Furthermore deriving 119899in this definition is important but this topic is not discussedin this paper In [15] under some assumptions a method forderiving 119899 has been already discussed
Hereafter a construction method of a diagnoser is notfocused on (see [15] for construction of a diagnoser) and amethod to test diagnosability is considered
42 Existing Results First we introduce a necessary and suf-ficient condition of the PDS (1) not to be diagnosable [15 28]
Lemma17 For the PDS (1) suppose that the set of failure states119876119891and the set of observable events Σ
119900are given Then the PDS
is not diagnosable if and only if there exist two indistinguishableinfinite executions119908
1and119908
2such that119908
1reaches119876
119891while119908
2
does not
Next the existing results [15] on diagnosability verifica-tion are introduced
Lemma 18 Diagnosability of a DES-PDA is in general unde-cidable
Lemma 19 Diagnosability of a DES-VPA is in general unde-cidable
These results can be obtained immediately because theemptiness problem for an intersection of observations ofinfinite executions 119908
1and 119908
2such that 119908
1reaches 119876
119891while
1199082does not is undecidable from Lemma 3In [15] the following result has been derived
Lemma 20 Assume Σ119906119900sube Σint Then diagnosability of a DES-
VPA is decidable
In Lemma 20 it is assumed that events correspondingto push and pop manipulations of the stack are observableIn [15] the diagnosability verification problem is reduced tothe emptiness problem of Buchi automata under Σ
119906119900sube Σint
So the property of pushdown automata is not considered Inthis paper as another approach we consider diagnosabilityverification under other assumptions Furthermore approx-imate methods for verifying diagnosability of PDSs withoutassumptions are proposed
43 Proposed Diagnosability Condition First based onLemma 4 we propose a diagnosability condition of PDSs
Let1198821denote the set of finite event sequences such that
the state reaches119876minus119876119891 Let119882
2denote the set of finite event
sequences such that the state reaches 119876119891
Then we obtain the following result
Theorem 21 Assume that either 119875(1198821) or 119875(119882
2) is given
as a language accepted by some finite automaton that is aregular language Then diagnosability of a PDS is decidableFurthermore a PDS is not diagnosable if and only if 119875(119882
1) cap
119875(1198822) = 0 holds In addition this problem can be solved in
PTIME
Proof From Lemma 4 and Lemma 17 this theorem isobtained straightforwardly
We show a simple example
Example 22 Consider the DES-VPA in Figure 1 again Sup-pose that Σ
119900= 119886 119887 119888 Σ
119906119900= 119889 and 119876
119891= 1199022 are given
Then we obtain1198821= 119886119899
119887119899
1198822= 119886119898
119888119889119898
119899 ge 1 119898 ge 0
119875 (1198821) = 119886119899
119887119899
119875 (1198822) = 119886119898
119888 119899 ge 1 119898 ge 0
(10)
Since 119875(1198822) is a regular language diagnosability of this DES-
VPA is decidable In fact we see that 119875(1198821) cap 119875(119882
2) = 0
does not hold and the defect can be detected by observingthe event 119888 This example is very simple However we notethat diagnosability of this system is undecidable in the caseusing the existing result in [15] This is because this systemdoes not satisfy the assumption in Lemma 20 that is theunobservable event 119889 is not an internal manipulation and isa pop manipulation
From this example we can indicate that even if 1198821 1198822
are CFLs then 119875(1198821) 119875(119882
2) are generally neither CFLs nor
regular languages In the above example 1198822is a CFL but
119875(1198822) is a regular language So we may consider to directly
approximate 119875(1198821) 119875(119882
2) by a regular language From this
viewpoint we propose diagnosability conditions using thefinite-state overunder-approximations
44 Proposed Diagnosability Conditions Using Finite-StateApproximations Now we show a diagnosability conditionusing a finite-state overapproximation in Definition 8
6 Journal of Applied Mathematics
Theorem 23 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state overapproximation in Definition 8Let 119875
1and 119875
2denote approximated 119875(119882
1) and 119875(119882
2)
respectively Then a necessary condition for a PDS to be notdiagnosable is that either 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0
holds In addition this condition can be solved in PTIME
Proof From Theorem 21 119875(1198821) sube 119875
1 and 119875(119882
2) sube 119875
2 we
obtain the theorem immediately
Theorem 23 provides a necessary conditionOn the other hand it is also important to obtain a
sufficient condition Then a finite-state underapproximationmust be considered A simple method to derive a finite-stateunderapproximation is that the length of the stack in a PDSis limited to a given finite length See Example 25 belowfor further details So we assume that a finite-state under-approximation of either 119875(119882
1) or 119875(119882
2) is given
Then we obtain the following result
Theorem 24 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state under-approximation Let 1198751and 119875
2
denote approximated 119875(1198821) and 119875(119882
2) respectively Then a
sufficient condition for a PDS to be not diagnosable is thateither 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0 holds In addition
this condition can be solved in PTIME
Proof From Theorem 21 1198751sube 119875(119882
1) and 119875
2sube 119875(119882
2) we
obtain the theorem immediately
From Theorems 23 and 24 we see that diagnosability ofa PDS can be approximately verified in PTIME SoTheorems23 and 24 are simple but can be applied to several systemssuch as software systems
Example 25 Suppose that 119875(1198821) and 119875(119882
2) are given as
119875 (1198821) = 119886
119899
119887119899
119888119894
| 119899 ge 1 119894 ge 1
119875 (1198822) = 119886
119894
119887119899
119888119899
| 119899 ge 1 119894 ge 1
(11)
respectively Then 119875(1198821) cap 119875(119882
2) = 119886
119899
119887119899
119888119899
| 119899 ge 1 = 0
is obtained and we see that this system is not diagnosableHowever 119875(119882
1) cap 119875(119882
2) is not a CFL (see [6] for further
details)Next we verify diagnosability using Theorem 23 In this
example we approximate 119875(1198821) by a regular language The
PDA 1198661accepting 119875(119882
1) is given by
1198661= (119876 Σ Γ Δ 119902
0 1198850 119865)
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888
Γ = 1198850 119883
Δ = Δ push cup Δ pop cup Δ int
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883)
Δ int = (1199021 119888 1199022) (1199022 119888 1199022)
119865 = 1199022 sub 119876
(12)
See also Figure 2 Consider to derive the finite-state overap-proximation in Definition 8 Then Σ
119876is given as
Σ119876= 119886 sdot 119902
0 119886 sdot 1199021 119886 sdot 1199022 119887 sdot 1199020 119887 sdot 1199021 119887 sdot 1199022
119888 sdot 1199020 119888 sdot 1199021 119888 sdot 1199022
(13)
Next we derive Δ119900 From Δ push we obtain
1205751= (1199020 119886 sdot 1199020 1199020) 120575
2= (1199020 119886 sdot 1199021 1199021) (14)
From Δ pop we obtain
1205753= (1199021 1198871199021 1199021) (15)
From Δ int we obtain
1205754= (1199021 1198881199022 1199022) 120575
5= (1199022 1198881199022 1199022) (16)
So Δ119900= 1205751 1205752 1205753 1205754 1205755 is obtained Thus we can obtain
the finite-state overapproximation 1198661of the PDA 119866
1(see
Figure 3) Using Σ = 119886 119887 119888 the language accepted by 1198661
is obtained by
119871 (1198661) = 119886
lowast
119886119887lowast
119888119888lowast
(17)
From the obtained 119871(1198661) we see that 119875(119882
1) sube 119871(119866
1) holds
Furthermore since 119871(1198661) cap 119875(119882
2) = 0 holds the necessary
condition inTheorem 23 is satisfied
Next we verify diagnosability using Theorem 24 Bylimiting the length of the stack in 119875(119882
1) to 119899 = 2 the finite-
state under-approximation 1198751can be obtained as
1198751= 119886119886119887119887119888119888
lowast
sube 119875 (1198821) (18)
1198751is accepted by the finite automaton in Figure 4 Since
1198751cap 119875(119882
2) = 0 holds the sufficient condition inTheorem 24
is satisfied
5 Discussions
51 Relationship between Opacity and Diagnosability Verifi-cations Opacity and diagnosability are closely related con-cepts We can interpret that opacity is the converse notion ofdiagnosability However decidability conditions are different
In opacity verification if 119875(1198811) and 119875(119881
2) are languages
accepted by someVPA respectively then opacity is decidable(see also Theorem 13) That is opacity can be discussed onlyin the framework of VPAs
On the other hand in diagnosability verification if either119875(1198821) or119875(119882
2) is a language accepted by somefinite automa-
ton then diagnosability is decidable (see Section 43) Thusapproximations such as finite-state approximations describedin Section 23 are required
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
2 Journal of Applied Mathematics
is kept opaque to outsiders In [17] it has been shown thatopacity verification of infinite-state systems is undecidableAlso in [19] opacity verification of infinite-state systems hasbeen discussed using approximate models However to ourknowledge opacity verification of pushdown systems has notbeen studied so far
In this paper we discuss verification of opacity and diag-nosability for pushdown systems based on basic results informal language theory [5 6] In opacity verification it isproven that opacity of pushdown systems is in general unde-cidable Furthermore we clarify a condition such that opacityis decidable In diagnosability verification first it is proventhat if a part of observations in the system can be expressedas a regular language that is a language accepted by somefinite automaton then diagnosability is decidable Next anecessary condition for the pushdown system not to be diag-nosable is derived based on finite-state overapproximationsIn a similar way a sufficient condition is also derived based onfinite-state underapproximations The proposed conditionsenable us to verify diagnosability of awider class of pushdownsystems Also the relation among opacity verification diag-nosability verification and the sensor selection problem isdiscussed Finally as one of the applications we consider dataintegration of XML documents In the case that documentsin databases are expressed by the XML one of the importantproblems is data integration which is called here XML dataintegration In particular we discuss XML data integrationwith security considerations and show the effectiveness of theproposed approach The conference paper [23] is a prelimi-nary version of this paper In this paper we provide improvedformulations and explanations discussion on the computa-tional complexity and application to XML data integration
This paper is organized as follows In Section 2 first theoutline of pushdown systems is explained Next decidableproblems and undecidable problems in PDAs and VPAs areexplained Finally we introduce a finite-state overapproxima-tion of PDAs In Section 3 opacity verification is discussed InSection 4 diagnosability verification is discussed and somediagnosability conditions are derived In Section 5 relatedtopics are discussed In Section 6 we consider an applicationof the proposed approach to XML data integration InSection 7 we conclude this paper
Notation For a finite set Σ let Σlowast denote a set of all finitestrings which consist of elements in Σ including the emptystring 120576 Let Σ120596 denote a set of all infinite strings Let |Σ|denote the number of elements in Σ The setN is defined asN = 0 1 2
2 Preliminaries
In this section first we introduce pushdown automata andtheir subclass Next undecidable problems in pushdownautomata are explained Furthermore we introduce assump-tions that will enable the undecidable problems to becomedecidable Finally a finite-state overapproximation used indiagnosability verification is explained
21 Pushdown Systems Consider the following pushdownautomaton (PDA)
119866 = (119876 Σ Γ Δ 1199020 1198850 119865) (1)
where 119876 is the finite set of states Σ cup 120576 is the finite set ofinput symbols (events) Γ are the finite set of stack symbolsΔ = Δ push cup Δ pop cup Δ int transition relations 119902
0isin 119876 are the
initial state and 1198850isin Γ is the initial stack symbol 119865 sube 119876 the
set of final statesIn theory of DESs the empty string 120576 is regarded as an
unobservable event In the PDA to be studied here transitionrelations are composed of Δ push Δ pop and Δ int which arecalled here a ldquopushrdquo manipulation a ldquopoprdquo manipulationand an ldquointernalrdquo manipulation respectively In the pushmanipulation a particular symbol is pushed to the top of thestack In the popmanipulation the top of the stack is poppedoff In the internalmanipulation the stack is not changed andonly the state is changedMore precisely threemanipulationsare given as
Δ push sube (119876 times Σ times Γ) times 119876
Δ pop sube (119876 times Σ) times (119876 times (Γ minus 1198850))
Δ int sube (119876 times Σ) times 119876
(2)
respectively Functional forms of 120575 = (119902 120590 120574 1199021015840
) isin Δ push120575 = (119902 120590 119902
1015840
120574) isin Δ pop and 120575 = (119902 120590 1199021015840
) isin Δ int are givenas 120575 (119902 120590 120574) rarr 119902
1015840 120575 (119902 120590) rarr (1199021015840
120574) and 120575 (119902 120590) rarr1199021015840 respectively If the state and the symbol sequence in thestack are uniquely determined for given initial state and inputsymbol a given PDA is said to be deterministic
In addition if the state reaches some element of a subset1198761015840
sube 119876 by an execution 119906 isin Σlowast then it is said that an
execution 119906 reaches1198761015840 Furthermore we can naturally extendthese definitions to an infinite execution If the state reachessome element of 1198761015840 by one of the prefixes of an infiniteexecution 119908 isin Σ
120596 then it is said that the infinite execution119908 reaches 1198761015840
Let Σ119900sube Σ denote the set of observable events and the set
Σ119906119900= Σ119900is the set of unobservable events Let 119871(119866) denote
the set of languages accepted by 119866 Then let 119875(119871(119866)) denotethe set of sequences of observable events that is the followingtwo relations hold
119875 (120590) = 120590 if 120590 isin Σ119900
119875 (120590) = 120576 if 120590 isin Σ119906119900
(3)
Since 119875(1205901) = 119875(120590
2) is satisfied for the two unobservable
events 1205901 1205902isin Σ119906119900 two events 120590
1 1205902are indistinguishable
Next we introduce visibly PDAs [7 8] as a subclass ofPDAs
Definition 1 A PDA (1) is said to be a visibly PDA (VPA) ifΣ comprises Σ = Σpush cup Σpop cup Σint where Σpush Σpop andΣint are input symbols corresponding toΔ pushΔ pop andΔ intrespectively
Journal of Applied Mathematics 3
In VPAs manipulations to the stack can be visualizedfrom Σ
We illustrate this with a simple example
Example 2 Consider the VPA 119866 in Figure 1 where
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888 119889
Γ = 1198850 119883 119884
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119884 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883) (1199022 119889 1199022 119884)
Δ int = (1199020 119888 1199022)
119865 = 1199021 1199022 sub 119876
(4)
In Figure 1 119886 + 119883 and 119886 + 119884 express push manipulations119887minus119883 and 119889minus119884 express popmanipulations and 119888 expressesan internal manipulation Since Σ = 119886 119887 119888 119889 comprises
Σpush = 119886 Σpop = 119887 119889 Σint = 119888 (5)
we see that this automaton is a VPA In addition we have
119871 (119866) = 119886119899
119887119899
| 119899 ge 1 cup 119886119898
119888119889119898
| 119898 ge 0 (6)
where 119886119899119887119899 corresponds to the set of event sequences suchthat the state reaches 119902
1 119886119899119888119889119899 corresponds to the set of event
sequences such that the state reaches 1199022
Hereafter a discrete event system expressed by a PDA anda VPA is called a DES-PDA and a DES-VPA respectively If itis not necessary to distinguish a DES-PDA and a DES-VPAthen these discrete event systems are called here pushdownsystems (PDSs)
22 Decidable Problems and Undecidable Problems in Push-down Automata In this subsection we explain decidableproblems and undecidable problems in a language 119871(119866)
accepted by PDA or VPA 119866 that is a context-free language(CFL) See [5 6] for further details
Suppose that the two PDAs 1198661and 119866
2are given Then
119871(1198661) and 119871(119866
2) are CFLs and the following result is known
Lemma 3 The emptiness problem of an intersection of 119871(1198661)
and 119871(1198662) that is the problem of deciding if 119871(119866
1)cap119871(119866
2) = 0
holds is undecidable
This lemma follows from the fact that 119871(1198661)cap119871(119866
2) is not
a CFL in generalThe emptiness problem of an intersection oftwo CFLs is decidable under a given assumption
Lemma4 Assume that either 119871(1198661) or 119871(119866
2) is given as a reg-
ular language that is either1198661or1198662is given as a finite autom-
aton Then the emptiness problem of an intersection of 119871(1198661)
and 119871(1198662) is decidable In addition this problem can be solved
in PTIME
119886+119883
119886+119883
119886+119884
1199020 1199021
119887minus119883
119888
1199022
119889minus119884
Figure 1 Example of VDPDAs 119866
Under the assumption in Lemma 4 119871(1198661) cap 119871(119866
2) is a
CFL and the emptiness problem is decidable This result inthe emptiness problem of an intersection is used in diagnos-ability verification in Section 4
Next the following result on the inclusion problem hasbeen obtained
Lemma 5 The inclusion problem of two PDAs 1198661and 119866
2
that is the problem of deciding if 119871(1198661) sube 119871(119866
2) holds is
undecidable
For VPAs the following result has been obtained [7]
Lemma6 The inclusion problem of two VPAs1198661and119866
2 that
is the problem of deciding if 119871(1198661) sube 119871(119866
2) holds is decidable
In addition this problem can be solved in EXPTIME
On the other hand a class of deterministic PDAs suchthat the inclusion problem is decidable is called superde-terministic PDAs [24] A deterministic VPA is a subclassof the superdeterministic PDAs This fact is clear from thedefinitions in [7 24] As a result the following result can beobtained
Lemma 7 Assume that 1198661and 119866
2are given as a PDA and a
deterministic VPA respectivelyThen the problem of deciding if119871(1198661) sube 119871(119866
2) is decidable In addition this problem can be
solved in 2-EXPTIME
These results of the inclusion problem are used in opacityverification in Section 3
23 Finite-State Overapproximation of Pushdown AutomataIn this section we explain the finite-state overapproximationsof PDAs Several approximations have been proposed so far(see eg [25] for further details) In this paper the followingfinite-state overapproximation proposed in [9] is used
4 Journal of Applied Mathematics
Definition 8 For a given PDA119866 of (1) the finite-state overap-proximation of 119866 is defined by
119866119900= (119876 Σ
119876 Δ119900 1199020 119865) (7)
where Σ119876and Δ
119900are defined as follows
(i) Σ119876= 120590 sdot 119902 | 120590 isin Σ 119902 isin 119876
(ii) Δ119900is given as Δ
119900sube (119876 times Σ
119876) times 119876 120575 = (119902 120590 sdot 1199021015840 1199021015840) isin
Δ119900holds if and only if one of the following three
conditions holds
(1) 120575 = (119902 120590 120574 1199021015840) isin Δ push holds for some 120574 isin Γ(2) 120575 = (119902 120590 1199021015840 120574) isin Δ pop holds for some 120574 isin Γ(3) 120575 = (119902 120590 1199021015840) isin Δ int holds
Let119866119904denote the PDAobtained by replacing120590 isin Σwith120590119902 isin
Σ119876 In the transitions of 119866
119900 the conditions on the stack are
ignored So 119871(119866119904) sube 119871(119866
119900) holds
A finite-state overapproximation will be used in the topicon diagnosability (see Section 44 for further details)
3 Opacity Verification
This section looks at opacity verification of PDSs First thenotion of opacity is defined Next after a condition for a PDSto be opaque is derived a decidable class of PDSs is clarified
31 Definition of Opacity First secret states are defined Let119876119904sub 119865 denote the set of secret states Then we define the
notion of opacity based on the definition in [20]
Definition 9 For the PDS 119866 of (1) suppose that the set ofsecret states 119876
119904and the set of observable events Σ
119900are given
Then the PDS is said to be opaque if for all 119905 isin 119871(119866) thereexists 119904 isin 119871(119866) minus 119905 such that if 119905 reaches 119876
119904 then 119904 does not
reach 119876119904and 119875(119904) = 119875(119905)
Several definitions of opacity have been proposed so far(see eg [17 20ndash22]) In this paper the simplest definition in[20] is used
32 Decidability of Opacity Let 1198811denote the set of finite
event sequences such that the state reaches 119876119904 Let 119881
2denote
the set of finite event sequences such that the state reaches119876minus119876
119904 Then the opacity condition of PDSs can be derived as
follows
Theorem 10 A PDS is opaque if and only if 119875(1198811) sube 119875(119881
2)
holds
Proof If a PDS is opaque then 119875(1198811) is included in 119875(119881
2)
Conversely if 119875(1198811) sube 119875(119881
2) holds then for any V
1isin 119875(119881
1)
there exists V2isin 119875(119881
2) such that V
1= V2 So the PDS is
opaque
FromLemma 5 andTheorem 10 we can obtain the follow-ing result immediately
Theorem 11 Opacity of a DES-PDA is in general undecidable
In addition from Lemma 5 and Theorem 10 we canobtain the following result
Theorem 12 Opacity of a DES-VPA is in general undecidable
Proof Even if1198811and1198812are languages accepted byVPAs then
119875(1198811) and119875(119881
2) are in general given as languages accepted by
PDAs [15] Then from Lemma 5 and Theorem 10 opacity ofa DES-VPA is undecidable
From Theorems 11 and 12 we see that opacity of a DES-PDA and a DES-VPA are in general undecidable On theother hand from Lemma 6 and Theorem 10 we see that ifobservations of a DES-PDA is expressed by some VPA thenopacity of a DES-PDAmay be decidable Then we can obtainthe following result
Theorem 13 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by VPAs respectively Then the problem of decidingif 119875(119881
1) sube 119875(119881
2) holds is decidable that is opacity of a PDS is
decidable In addition this problem can be solved in EXPTIME
In addition from Lemma 7 and Theorem 10 we canobtain the following result
Theorem 14 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by a PDA and a deterministic VPA respectively Thenthe problem of deciding if 119875(119881
1) sube 119875(119881
2) holds is decidable
that is opacity of a PDS is decidable In addition this problemcan be solved in 2-EXPTIME
From Theorem 14 we see that if 119875(1198812) is given as a
language accepted by a deterministic VPA then the decidablecondition is relaxed Comparing Theorem 13 with Theo-rem 14 the inclusion problem inTheorem 14 is more difficultthan that in Theorem 13 This is because in Theorem 14119875(1198811) may be given as a language accepted by a PDA If an
overapproximation of a PDA can be derived as a VPA thenwe can obtain a sufficient condition of a PDS to be opaque Infuture work we plan to consider how to approximate a PDAby a VPA On the other hand in recent years VPAs have beenapplied to several applications (see eg [7ndash9]) ThereforeTheorem 13 andTheorem 14 will be useful
Finally we show a simple example
Example 15 Consider the DES-VPA in Figure 1 Assume 119889 =119887 Suppose that Σ
119900= 119886 119887 Σ
119906119900= 119888 and 119876
119904= 1199022 are
given Then we obtain119875 (1198811) = 119875 (119881
2) = 119886119899
119887119899
(8)119875(1198811) and119875(119881
2) are languages accepted byVPAs respectively
and 119875(1198811) = 119875(119881
2) holds Therefore this system is opaque
4 Diagnosability Verification
In this section first diagnosability for the PDS (1) is definedaccording to the definition in [15 26 27] Next after the exist-ing results in [15] are explained two kinds of diagnosabilityconditions are proposed
Journal of Applied Mathematics 5
41 Definition of Diagnosability First failure states aredefined Let 119876
119891sub 119876 denote the set of failure states For 119876
119891
the following two assumptions are made (i) 119876119891sub 119865 and
(ii) if the state reaches the set 119876119891 then the state stays within
119876119891 Since in this paper we focus on whether some failure has
occurred in the past or not these assumptions are imposedThese assumptions also imply that any failure is not restoredautomatically Let 119871
119891sub 119871(119866) denote the set of executions
such that the state reaches some element in 119876119904
Next the notion of diagnosability for the PDS (1) isdefined according to [15 26 27]
Definition 16 For the PDS (1) suppose that the set of failurestates 119876
119891and the set of observable events Σ
119900are given Then
the PDS (1) is diagnosable if the following condition holds
(exist119899 isin N minus infin) (forall119904 isin 119871119891) (forall119905 isin
119871 (119866)
119904)
|119905| ge 119899 997904rArr 119875minus1
119875 (119904119905) cap 119871 (119866) sube 119871119891
(9)
where 119871(119866)119904 = 119905 isin Σlowast
| 119904119905 isin 119871(119866) and 119875minus1119875(119904119905) is the setof executions such that an observation is 119875(119904119905)
In this definition 119875minus1119875(119904119905) cap 119871(119866) sube 119871119891implies that all
executions such that an observation is 119875(119904119905) are included in119871119891 So a failure can be detected from a finite observation
In other words if there exists an unobservable infinite suffixthen the system is not diagnosable Furthermore deriving 119899in this definition is important but this topic is not discussedin this paper In [15] under some assumptions a method forderiving 119899 has been already discussed
Hereafter a construction method of a diagnoser is notfocused on (see [15] for construction of a diagnoser) and amethod to test diagnosability is considered
42 Existing Results First we introduce a necessary and suf-ficient condition of the PDS (1) not to be diagnosable [15 28]
Lemma17 For the PDS (1) suppose that the set of failure states119876119891and the set of observable events Σ
119900are given Then the PDS
is not diagnosable if and only if there exist two indistinguishableinfinite executions119908
1and119908
2such that119908
1reaches119876
119891while119908
2
does not
Next the existing results [15] on diagnosability verifica-tion are introduced
Lemma 18 Diagnosability of a DES-PDA is in general unde-cidable
Lemma 19 Diagnosability of a DES-VPA is in general unde-cidable
These results can be obtained immediately because theemptiness problem for an intersection of observations ofinfinite executions 119908
1and 119908
2such that 119908
1reaches 119876
119891while
1199082does not is undecidable from Lemma 3In [15] the following result has been derived
Lemma 20 Assume Σ119906119900sube Σint Then diagnosability of a DES-
VPA is decidable
In Lemma 20 it is assumed that events correspondingto push and pop manipulations of the stack are observableIn [15] the diagnosability verification problem is reduced tothe emptiness problem of Buchi automata under Σ
119906119900sube Σint
So the property of pushdown automata is not considered Inthis paper as another approach we consider diagnosabilityverification under other assumptions Furthermore approx-imate methods for verifying diagnosability of PDSs withoutassumptions are proposed
43 Proposed Diagnosability Condition First based onLemma 4 we propose a diagnosability condition of PDSs
Let1198821denote the set of finite event sequences such that
the state reaches119876minus119876119891 Let119882
2denote the set of finite event
sequences such that the state reaches 119876119891
Then we obtain the following result
Theorem 21 Assume that either 119875(1198821) or 119875(119882
2) is given
as a language accepted by some finite automaton that is aregular language Then diagnosability of a PDS is decidableFurthermore a PDS is not diagnosable if and only if 119875(119882
1) cap
119875(1198822) = 0 holds In addition this problem can be solved in
PTIME
Proof From Lemma 4 and Lemma 17 this theorem isobtained straightforwardly
We show a simple example
Example 22 Consider the DES-VPA in Figure 1 again Sup-pose that Σ
119900= 119886 119887 119888 Σ
119906119900= 119889 and 119876
119891= 1199022 are given
Then we obtain1198821= 119886119899
119887119899
1198822= 119886119898
119888119889119898
119899 ge 1 119898 ge 0
119875 (1198821) = 119886119899
119887119899
119875 (1198822) = 119886119898
119888 119899 ge 1 119898 ge 0
(10)
Since 119875(1198822) is a regular language diagnosability of this DES-
VPA is decidable In fact we see that 119875(1198821) cap 119875(119882
2) = 0
does not hold and the defect can be detected by observingthe event 119888 This example is very simple However we notethat diagnosability of this system is undecidable in the caseusing the existing result in [15] This is because this systemdoes not satisfy the assumption in Lemma 20 that is theunobservable event 119889 is not an internal manipulation and isa pop manipulation
From this example we can indicate that even if 1198821 1198822
are CFLs then 119875(1198821) 119875(119882
2) are generally neither CFLs nor
regular languages In the above example 1198822is a CFL but
119875(1198822) is a regular language So we may consider to directly
approximate 119875(1198821) 119875(119882
2) by a regular language From this
viewpoint we propose diagnosability conditions using thefinite-state overunder-approximations
44 Proposed Diagnosability Conditions Using Finite-StateApproximations Now we show a diagnosability conditionusing a finite-state overapproximation in Definition 8
6 Journal of Applied Mathematics
Theorem 23 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state overapproximation in Definition 8Let 119875
1and 119875
2denote approximated 119875(119882
1) and 119875(119882
2)
respectively Then a necessary condition for a PDS to be notdiagnosable is that either 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0
holds In addition this condition can be solved in PTIME
Proof From Theorem 21 119875(1198821) sube 119875
1 and 119875(119882
2) sube 119875
2 we
obtain the theorem immediately
Theorem 23 provides a necessary conditionOn the other hand it is also important to obtain a
sufficient condition Then a finite-state underapproximationmust be considered A simple method to derive a finite-stateunderapproximation is that the length of the stack in a PDSis limited to a given finite length See Example 25 belowfor further details So we assume that a finite-state under-approximation of either 119875(119882
1) or 119875(119882
2) is given
Then we obtain the following result
Theorem 24 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state under-approximation Let 1198751and 119875
2
denote approximated 119875(1198821) and 119875(119882
2) respectively Then a
sufficient condition for a PDS to be not diagnosable is thateither 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0 holds In addition
this condition can be solved in PTIME
Proof From Theorem 21 1198751sube 119875(119882
1) and 119875
2sube 119875(119882
2) we
obtain the theorem immediately
From Theorems 23 and 24 we see that diagnosability ofa PDS can be approximately verified in PTIME SoTheorems23 and 24 are simple but can be applied to several systemssuch as software systems
Example 25 Suppose that 119875(1198821) and 119875(119882
2) are given as
119875 (1198821) = 119886
119899
119887119899
119888119894
| 119899 ge 1 119894 ge 1
119875 (1198822) = 119886
119894
119887119899
119888119899
| 119899 ge 1 119894 ge 1
(11)
respectively Then 119875(1198821) cap 119875(119882
2) = 119886
119899
119887119899
119888119899
| 119899 ge 1 = 0
is obtained and we see that this system is not diagnosableHowever 119875(119882
1) cap 119875(119882
2) is not a CFL (see [6] for further
details)Next we verify diagnosability using Theorem 23 In this
example we approximate 119875(1198821) by a regular language The
PDA 1198661accepting 119875(119882
1) is given by
1198661= (119876 Σ Γ Δ 119902
0 1198850 119865)
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888
Γ = 1198850 119883
Δ = Δ push cup Δ pop cup Δ int
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883)
Δ int = (1199021 119888 1199022) (1199022 119888 1199022)
119865 = 1199022 sub 119876
(12)
See also Figure 2 Consider to derive the finite-state overap-proximation in Definition 8 Then Σ
119876is given as
Σ119876= 119886 sdot 119902
0 119886 sdot 1199021 119886 sdot 1199022 119887 sdot 1199020 119887 sdot 1199021 119887 sdot 1199022
119888 sdot 1199020 119888 sdot 1199021 119888 sdot 1199022
(13)
Next we derive Δ119900 From Δ push we obtain
1205751= (1199020 119886 sdot 1199020 1199020) 120575
2= (1199020 119886 sdot 1199021 1199021) (14)
From Δ pop we obtain
1205753= (1199021 1198871199021 1199021) (15)
From Δ int we obtain
1205754= (1199021 1198881199022 1199022) 120575
5= (1199022 1198881199022 1199022) (16)
So Δ119900= 1205751 1205752 1205753 1205754 1205755 is obtained Thus we can obtain
the finite-state overapproximation 1198661of the PDA 119866
1(see
Figure 3) Using Σ = 119886 119887 119888 the language accepted by 1198661
is obtained by
119871 (1198661) = 119886
lowast
119886119887lowast
119888119888lowast
(17)
From the obtained 119871(1198661) we see that 119875(119882
1) sube 119871(119866
1) holds
Furthermore since 119871(1198661) cap 119875(119882
2) = 0 holds the necessary
condition inTheorem 23 is satisfied
Next we verify diagnosability using Theorem 24 Bylimiting the length of the stack in 119875(119882
1) to 119899 = 2 the finite-
state under-approximation 1198751can be obtained as
1198751= 119886119886119887119887119888119888
lowast
sube 119875 (1198821) (18)
1198751is accepted by the finite automaton in Figure 4 Since
1198751cap 119875(119882
2) = 0 holds the sufficient condition inTheorem 24
is satisfied
5 Discussions
51 Relationship between Opacity and Diagnosability Verifi-cations Opacity and diagnosability are closely related con-cepts We can interpret that opacity is the converse notion ofdiagnosability However decidability conditions are different
In opacity verification if 119875(1198811) and 119875(119881
2) are languages
accepted by someVPA respectively then opacity is decidable(see also Theorem 13) That is opacity can be discussed onlyin the framework of VPAs
On the other hand in diagnosability verification if either119875(1198821) or119875(119882
2) is a language accepted by somefinite automa-
ton then diagnosability is decidable (see Section 43) Thusapproximations such as finite-state approximations describedin Section 23 are required
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 3
In VPAs manipulations to the stack can be visualizedfrom Σ
We illustrate this with a simple example
Example 2 Consider the VPA 119866 in Figure 1 where
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888 119889
Γ = 1198850 119883 119884
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119884 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883) (1199022 119889 1199022 119884)
Δ int = (1199020 119888 1199022)
119865 = 1199021 1199022 sub 119876
(4)
In Figure 1 119886 + 119883 and 119886 + 119884 express push manipulations119887minus119883 and 119889minus119884 express popmanipulations and 119888 expressesan internal manipulation Since Σ = 119886 119887 119888 119889 comprises
Σpush = 119886 Σpop = 119887 119889 Σint = 119888 (5)
we see that this automaton is a VPA In addition we have
119871 (119866) = 119886119899
119887119899
| 119899 ge 1 cup 119886119898
119888119889119898
| 119898 ge 0 (6)
where 119886119899119887119899 corresponds to the set of event sequences suchthat the state reaches 119902
1 119886119899119888119889119899 corresponds to the set of event
sequences such that the state reaches 1199022
Hereafter a discrete event system expressed by a PDA anda VPA is called a DES-PDA and a DES-VPA respectively If itis not necessary to distinguish a DES-PDA and a DES-VPAthen these discrete event systems are called here pushdownsystems (PDSs)
22 Decidable Problems and Undecidable Problems in Push-down Automata In this subsection we explain decidableproblems and undecidable problems in a language 119871(119866)
accepted by PDA or VPA 119866 that is a context-free language(CFL) See [5 6] for further details
Suppose that the two PDAs 1198661and 119866
2are given Then
119871(1198661) and 119871(119866
2) are CFLs and the following result is known
Lemma 3 The emptiness problem of an intersection of 119871(1198661)
and 119871(1198662) that is the problem of deciding if 119871(119866
1)cap119871(119866
2) = 0
holds is undecidable
This lemma follows from the fact that 119871(1198661)cap119871(119866
2) is not
a CFL in generalThe emptiness problem of an intersection oftwo CFLs is decidable under a given assumption
Lemma4 Assume that either 119871(1198661) or 119871(119866
2) is given as a reg-
ular language that is either1198661or1198662is given as a finite autom-
aton Then the emptiness problem of an intersection of 119871(1198661)
and 119871(1198662) is decidable In addition this problem can be solved
in PTIME
119886+119883
119886+119883
119886+119884
1199020 1199021
119887minus119883
119888
1199022
119889minus119884
Figure 1 Example of VDPDAs 119866
Under the assumption in Lemma 4 119871(1198661) cap 119871(119866
2) is a
CFL and the emptiness problem is decidable This result inthe emptiness problem of an intersection is used in diagnos-ability verification in Section 4
Next the following result on the inclusion problem hasbeen obtained
Lemma 5 The inclusion problem of two PDAs 1198661and 119866
2
that is the problem of deciding if 119871(1198661) sube 119871(119866
2) holds is
undecidable
For VPAs the following result has been obtained [7]
Lemma6 The inclusion problem of two VPAs1198661and119866
2 that
is the problem of deciding if 119871(1198661) sube 119871(119866
2) holds is decidable
In addition this problem can be solved in EXPTIME
On the other hand a class of deterministic PDAs suchthat the inclusion problem is decidable is called superde-terministic PDAs [24] A deterministic VPA is a subclassof the superdeterministic PDAs This fact is clear from thedefinitions in [7 24] As a result the following result can beobtained
Lemma 7 Assume that 1198661and 119866
2are given as a PDA and a
deterministic VPA respectivelyThen the problem of deciding if119871(1198661) sube 119871(119866
2) is decidable In addition this problem can be
solved in 2-EXPTIME
These results of the inclusion problem are used in opacityverification in Section 3
23 Finite-State Overapproximation of Pushdown AutomataIn this section we explain the finite-state overapproximationsof PDAs Several approximations have been proposed so far(see eg [25] for further details) In this paper the followingfinite-state overapproximation proposed in [9] is used
4 Journal of Applied Mathematics
Definition 8 For a given PDA119866 of (1) the finite-state overap-proximation of 119866 is defined by
119866119900= (119876 Σ
119876 Δ119900 1199020 119865) (7)
where Σ119876and Δ
119900are defined as follows
(i) Σ119876= 120590 sdot 119902 | 120590 isin Σ 119902 isin 119876
(ii) Δ119900is given as Δ
119900sube (119876 times Σ
119876) times 119876 120575 = (119902 120590 sdot 1199021015840 1199021015840) isin
Δ119900holds if and only if one of the following three
conditions holds
(1) 120575 = (119902 120590 120574 1199021015840) isin Δ push holds for some 120574 isin Γ(2) 120575 = (119902 120590 1199021015840 120574) isin Δ pop holds for some 120574 isin Γ(3) 120575 = (119902 120590 1199021015840) isin Δ int holds
Let119866119904denote the PDAobtained by replacing120590 isin Σwith120590119902 isin
Σ119876 In the transitions of 119866
119900 the conditions on the stack are
ignored So 119871(119866119904) sube 119871(119866
119900) holds
A finite-state overapproximation will be used in the topicon diagnosability (see Section 44 for further details)
3 Opacity Verification
This section looks at opacity verification of PDSs First thenotion of opacity is defined Next after a condition for a PDSto be opaque is derived a decidable class of PDSs is clarified
31 Definition of Opacity First secret states are defined Let119876119904sub 119865 denote the set of secret states Then we define the
notion of opacity based on the definition in [20]
Definition 9 For the PDS 119866 of (1) suppose that the set ofsecret states 119876
119904and the set of observable events Σ
119900are given
Then the PDS is said to be opaque if for all 119905 isin 119871(119866) thereexists 119904 isin 119871(119866) minus 119905 such that if 119905 reaches 119876
119904 then 119904 does not
reach 119876119904and 119875(119904) = 119875(119905)
Several definitions of opacity have been proposed so far(see eg [17 20ndash22]) In this paper the simplest definition in[20] is used
32 Decidability of Opacity Let 1198811denote the set of finite
event sequences such that the state reaches 119876119904 Let 119881
2denote
the set of finite event sequences such that the state reaches119876minus119876
119904 Then the opacity condition of PDSs can be derived as
follows
Theorem 10 A PDS is opaque if and only if 119875(1198811) sube 119875(119881
2)
holds
Proof If a PDS is opaque then 119875(1198811) is included in 119875(119881
2)
Conversely if 119875(1198811) sube 119875(119881
2) holds then for any V
1isin 119875(119881
1)
there exists V2isin 119875(119881
2) such that V
1= V2 So the PDS is
opaque
FromLemma 5 andTheorem 10 we can obtain the follow-ing result immediately
Theorem 11 Opacity of a DES-PDA is in general undecidable
In addition from Lemma 5 and Theorem 10 we canobtain the following result
Theorem 12 Opacity of a DES-VPA is in general undecidable
Proof Even if1198811and1198812are languages accepted byVPAs then
119875(1198811) and119875(119881
2) are in general given as languages accepted by
PDAs [15] Then from Lemma 5 and Theorem 10 opacity ofa DES-VPA is undecidable
From Theorems 11 and 12 we see that opacity of a DES-PDA and a DES-VPA are in general undecidable On theother hand from Lemma 6 and Theorem 10 we see that ifobservations of a DES-PDA is expressed by some VPA thenopacity of a DES-PDAmay be decidable Then we can obtainthe following result
Theorem 13 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by VPAs respectively Then the problem of decidingif 119875(119881
1) sube 119875(119881
2) holds is decidable that is opacity of a PDS is
decidable In addition this problem can be solved in EXPTIME
In addition from Lemma 7 and Theorem 10 we canobtain the following result
Theorem 14 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by a PDA and a deterministic VPA respectively Thenthe problem of deciding if 119875(119881
1) sube 119875(119881
2) holds is decidable
that is opacity of a PDS is decidable In addition this problemcan be solved in 2-EXPTIME
From Theorem 14 we see that if 119875(1198812) is given as a
language accepted by a deterministic VPA then the decidablecondition is relaxed Comparing Theorem 13 with Theo-rem 14 the inclusion problem inTheorem 14 is more difficultthan that in Theorem 13 This is because in Theorem 14119875(1198811) may be given as a language accepted by a PDA If an
overapproximation of a PDA can be derived as a VPA thenwe can obtain a sufficient condition of a PDS to be opaque Infuture work we plan to consider how to approximate a PDAby a VPA On the other hand in recent years VPAs have beenapplied to several applications (see eg [7ndash9]) ThereforeTheorem 13 andTheorem 14 will be useful
Finally we show a simple example
Example 15 Consider the DES-VPA in Figure 1 Assume 119889 =119887 Suppose that Σ
119900= 119886 119887 Σ
119906119900= 119888 and 119876
119904= 1199022 are
given Then we obtain119875 (1198811) = 119875 (119881
2) = 119886119899
119887119899
(8)119875(1198811) and119875(119881
2) are languages accepted byVPAs respectively
and 119875(1198811) = 119875(119881
2) holds Therefore this system is opaque
4 Diagnosability Verification
In this section first diagnosability for the PDS (1) is definedaccording to the definition in [15 26 27] Next after the exist-ing results in [15] are explained two kinds of diagnosabilityconditions are proposed
Journal of Applied Mathematics 5
41 Definition of Diagnosability First failure states aredefined Let 119876
119891sub 119876 denote the set of failure states For 119876
119891
the following two assumptions are made (i) 119876119891sub 119865 and
(ii) if the state reaches the set 119876119891 then the state stays within
119876119891 Since in this paper we focus on whether some failure has
occurred in the past or not these assumptions are imposedThese assumptions also imply that any failure is not restoredautomatically Let 119871
119891sub 119871(119866) denote the set of executions
such that the state reaches some element in 119876119904
Next the notion of diagnosability for the PDS (1) isdefined according to [15 26 27]
Definition 16 For the PDS (1) suppose that the set of failurestates 119876
119891and the set of observable events Σ
119900are given Then
the PDS (1) is diagnosable if the following condition holds
(exist119899 isin N minus infin) (forall119904 isin 119871119891) (forall119905 isin
119871 (119866)
119904)
|119905| ge 119899 997904rArr 119875minus1
119875 (119904119905) cap 119871 (119866) sube 119871119891
(9)
where 119871(119866)119904 = 119905 isin Σlowast
| 119904119905 isin 119871(119866) and 119875minus1119875(119904119905) is the setof executions such that an observation is 119875(119904119905)
In this definition 119875minus1119875(119904119905) cap 119871(119866) sube 119871119891implies that all
executions such that an observation is 119875(119904119905) are included in119871119891 So a failure can be detected from a finite observation
In other words if there exists an unobservable infinite suffixthen the system is not diagnosable Furthermore deriving 119899in this definition is important but this topic is not discussedin this paper In [15] under some assumptions a method forderiving 119899 has been already discussed
Hereafter a construction method of a diagnoser is notfocused on (see [15] for construction of a diagnoser) and amethod to test diagnosability is considered
42 Existing Results First we introduce a necessary and suf-ficient condition of the PDS (1) not to be diagnosable [15 28]
Lemma17 For the PDS (1) suppose that the set of failure states119876119891and the set of observable events Σ
119900are given Then the PDS
is not diagnosable if and only if there exist two indistinguishableinfinite executions119908
1and119908
2such that119908
1reaches119876
119891while119908
2
does not
Next the existing results [15] on diagnosability verifica-tion are introduced
Lemma 18 Diagnosability of a DES-PDA is in general unde-cidable
Lemma 19 Diagnosability of a DES-VPA is in general unde-cidable
These results can be obtained immediately because theemptiness problem for an intersection of observations ofinfinite executions 119908
1and 119908
2such that 119908
1reaches 119876
119891while
1199082does not is undecidable from Lemma 3In [15] the following result has been derived
Lemma 20 Assume Σ119906119900sube Σint Then diagnosability of a DES-
VPA is decidable
In Lemma 20 it is assumed that events correspondingto push and pop manipulations of the stack are observableIn [15] the diagnosability verification problem is reduced tothe emptiness problem of Buchi automata under Σ
119906119900sube Σint
So the property of pushdown automata is not considered Inthis paper as another approach we consider diagnosabilityverification under other assumptions Furthermore approx-imate methods for verifying diagnosability of PDSs withoutassumptions are proposed
43 Proposed Diagnosability Condition First based onLemma 4 we propose a diagnosability condition of PDSs
Let1198821denote the set of finite event sequences such that
the state reaches119876minus119876119891 Let119882
2denote the set of finite event
sequences such that the state reaches 119876119891
Then we obtain the following result
Theorem 21 Assume that either 119875(1198821) or 119875(119882
2) is given
as a language accepted by some finite automaton that is aregular language Then diagnosability of a PDS is decidableFurthermore a PDS is not diagnosable if and only if 119875(119882
1) cap
119875(1198822) = 0 holds In addition this problem can be solved in
PTIME
Proof From Lemma 4 and Lemma 17 this theorem isobtained straightforwardly
We show a simple example
Example 22 Consider the DES-VPA in Figure 1 again Sup-pose that Σ
119900= 119886 119887 119888 Σ
119906119900= 119889 and 119876
119891= 1199022 are given
Then we obtain1198821= 119886119899
119887119899
1198822= 119886119898
119888119889119898
119899 ge 1 119898 ge 0
119875 (1198821) = 119886119899
119887119899
119875 (1198822) = 119886119898
119888 119899 ge 1 119898 ge 0
(10)
Since 119875(1198822) is a regular language diagnosability of this DES-
VPA is decidable In fact we see that 119875(1198821) cap 119875(119882
2) = 0
does not hold and the defect can be detected by observingthe event 119888 This example is very simple However we notethat diagnosability of this system is undecidable in the caseusing the existing result in [15] This is because this systemdoes not satisfy the assumption in Lemma 20 that is theunobservable event 119889 is not an internal manipulation and isa pop manipulation
From this example we can indicate that even if 1198821 1198822
are CFLs then 119875(1198821) 119875(119882
2) are generally neither CFLs nor
regular languages In the above example 1198822is a CFL but
119875(1198822) is a regular language So we may consider to directly
approximate 119875(1198821) 119875(119882
2) by a regular language From this
viewpoint we propose diagnosability conditions using thefinite-state overunder-approximations
44 Proposed Diagnosability Conditions Using Finite-StateApproximations Now we show a diagnosability conditionusing a finite-state overapproximation in Definition 8
6 Journal of Applied Mathematics
Theorem 23 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state overapproximation in Definition 8Let 119875
1and 119875
2denote approximated 119875(119882
1) and 119875(119882
2)
respectively Then a necessary condition for a PDS to be notdiagnosable is that either 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0
holds In addition this condition can be solved in PTIME
Proof From Theorem 21 119875(1198821) sube 119875
1 and 119875(119882
2) sube 119875
2 we
obtain the theorem immediately
Theorem 23 provides a necessary conditionOn the other hand it is also important to obtain a
sufficient condition Then a finite-state underapproximationmust be considered A simple method to derive a finite-stateunderapproximation is that the length of the stack in a PDSis limited to a given finite length See Example 25 belowfor further details So we assume that a finite-state under-approximation of either 119875(119882
1) or 119875(119882
2) is given
Then we obtain the following result
Theorem 24 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state under-approximation Let 1198751and 119875
2
denote approximated 119875(1198821) and 119875(119882
2) respectively Then a
sufficient condition for a PDS to be not diagnosable is thateither 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0 holds In addition
this condition can be solved in PTIME
Proof From Theorem 21 1198751sube 119875(119882
1) and 119875
2sube 119875(119882
2) we
obtain the theorem immediately
From Theorems 23 and 24 we see that diagnosability ofa PDS can be approximately verified in PTIME SoTheorems23 and 24 are simple but can be applied to several systemssuch as software systems
Example 25 Suppose that 119875(1198821) and 119875(119882
2) are given as
119875 (1198821) = 119886
119899
119887119899
119888119894
| 119899 ge 1 119894 ge 1
119875 (1198822) = 119886
119894
119887119899
119888119899
| 119899 ge 1 119894 ge 1
(11)
respectively Then 119875(1198821) cap 119875(119882
2) = 119886
119899
119887119899
119888119899
| 119899 ge 1 = 0
is obtained and we see that this system is not diagnosableHowever 119875(119882
1) cap 119875(119882
2) is not a CFL (see [6] for further
details)Next we verify diagnosability using Theorem 23 In this
example we approximate 119875(1198821) by a regular language The
PDA 1198661accepting 119875(119882
1) is given by
1198661= (119876 Σ Γ Δ 119902
0 1198850 119865)
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888
Γ = 1198850 119883
Δ = Δ push cup Δ pop cup Δ int
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883)
Δ int = (1199021 119888 1199022) (1199022 119888 1199022)
119865 = 1199022 sub 119876
(12)
See also Figure 2 Consider to derive the finite-state overap-proximation in Definition 8 Then Σ
119876is given as
Σ119876= 119886 sdot 119902
0 119886 sdot 1199021 119886 sdot 1199022 119887 sdot 1199020 119887 sdot 1199021 119887 sdot 1199022
119888 sdot 1199020 119888 sdot 1199021 119888 sdot 1199022
(13)
Next we derive Δ119900 From Δ push we obtain
1205751= (1199020 119886 sdot 1199020 1199020) 120575
2= (1199020 119886 sdot 1199021 1199021) (14)
From Δ pop we obtain
1205753= (1199021 1198871199021 1199021) (15)
From Δ int we obtain
1205754= (1199021 1198881199022 1199022) 120575
5= (1199022 1198881199022 1199022) (16)
So Δ119900= 1205751 1205752 1205753 1205754 1205755 is obtained Thus we can obtain
the finite-state overapproximation 1198661of the PDA 119866
1(see
Figure 3) Using Σ = 119886 119887 119888 the language accepted by 1198661
is obtained by
119871 (1198661) = 119886
lowast
119886119887lowast
119888119888lowast
(17)
From the obtained 119871(1198661) we see that 119875(119882
1) sube 119871(119866
1) holds
Furthermore since 119871(1198661) cap 119875(119882
2) = 0 holds the necessary
condition inTheorem 23 is satisfied
Next we verify diagnosability using Theorem 24 Bylimiting the length of the stack in 119875(119882
1) to 119899 = 2 the finite-
state under-approximation 1198751can be obtained as
1198751= 119886119886119887119887119888119888
lowast
sube 119875 (1198821) (18)
1198751is accepted by the finite automaton in Figure 4 Since
1198751cap 119875(119882
2) = 0 holds the sufficient condition inTheorem 24
is satisfied
5 Discussions
51 Relationship between Opacity and Diagnosability Verifi-cations Opacity and diagnosability are closely related con-cepts We can interpret that opacity is the converse notion ofdiagnosability However decidability conditions are different
In opacity verification if 119875(1198811) and 119875(119881
2) are languages
accepted by someVPA respectively then opacity is decidable(see also Theorem 13) That is opacity can be discussed onlyin the framework of VPAs
On the other hand in diagnosability verification if either119875(1198821) or119875(119882
2) is a language accepted by somefinite automa-
ton then diagnosability is decidable (see Section 43) Thusapproximations such as finite-state approximations describedin Section 23 are required
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
4 Journal of Applied Mathematics
Definition 8 For a given PDA119866 of (1) the finite-state overap-proximation of 119866 is defined by
119866119900= (119876 Σ
119876 Δ119900 1199020 119865) (7)
where Σ119876and Δ
119900are defined as follows
(i) Σ119876= 120590 sdot 119902 | 120590 isin Σ 119902 isin 119876
(ii) Δ119900is given as Δ
119900sube (119876 times Σ
119876) times 119876 120575 = (119902 120590 sdot 1199021015840 1199021015840) isin
Δ119900holds if and only if one of the following three
conditions holds
(1) 120575 = (119902 120590 120574 1199021015840) isin Δ push holds for some 120574 isin Γ(2) 120575 = (119902 120590 1199021015840 120574) isin Δ pop holds for some 120574 isin Γ(3) 120575 = (119902 120590 1199021015840) isin Δ int holds
Let119866119904denote the PDAobtained by replacing120590 isin Σwith120590119902 isin
Σ119876 In the transitions of 119866
119900 the conditions on the stack are
ignored So 119871(119866119904) sube 119871(119866
119900) holds
A finite-state overapproximation will be used in the topicon diagnosability (see Section 44 for further details)
3 Opacity Verification
This section looks at opacity verification of PDSs First thenotion of opacity is defined Next after a condition for a PDSto be opaque is derived a decidable class of PDSs is clarified
31 Definition of Opacity First secret states are defined Let119876119904sub 119865 denote the set of secret states Then we define the
notion of opacity based on the definition in [20]
Definition 9 For the PDS 119866 of (1) suppose that the set ofsecret states 119876
119904and the set of observable events Σ
119900are given
Then the PDS is said to be opaque if for all 119905 isin 119871(119866) thereexists 119904 isin 119871(119866) minus 119905 such that if 119905 reaches 119876
119904 then 119904 does not
reach 119876119904and 119875(119904) = 119875(119905)
Several definitions of opacity have been proposed so far(see eg [17 20ndash22]) In this paper the simplest definition in[20] is used
32 Decidability of Opacity Let 1198811denote the set of finite
event sequences such that the state reaches 119876119904 Let 119881
2denote
the set of finite event sequences such that the state reaches119876minus119876
119904 Then the opacity condition of PDSs can be derived as
follows
Theorem 10 A PDS is opaque if and only if 119875(1198811) sube 119875(119881
2)
holds
Proof If a PDS is opaque then 119875(1198811) is included in 119875(119881
2)
Conversely if 119875(1198811) sube 119875(119881
2) holds then for any V
1isin 119875(119881
1)
there exists V2isin 119875(119881
2) such that V
1= V2 So the PDS is
opaque
FromLemma 5 andTheorem 10 we can obtain the follow-ing result immediately
Theorem 11 Opacity of a DES-PDA is in general undecidable
In addition from Lemma 5 and Theorem 10 we canobtain the following result
Theorem 12 Opacity of a DES-VPA is in general undecidable
Proof Even if1198811and1198812are languages accepted byVPAs then
119875(1198811) and119875(119881
2) are in general given as languages accepted by
PDAs [15] Then from Lemma 5 and Theorem 10 opacity ofa DES-VPA is undecidable
From Theorems 11 and 12 we see that opacity of a DES-PDA and a DES-VPA are in general undecidable On theother hand from Lemma 6 and Theorem 10 we see that ifobservations of a DES-PDA is expressed by some VPA thenopacity of a DES-PDAmay be decidable Then we can obtainthe following result
Theorem 13 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by VPAs respectively Then the problem of decidingif 119875(119881
1) sube 119875(119881
2) holds is decidable that is opacity of a PDS is
decidable In addition this problem can be solved in EXPTIME
In addition from Lemma 7 and Theorem 10 we canobtain the following result
Theorem 14 Assume that 119875(1198811) and 119875(119881
2) are languages
accepted by a PDA and a deterministic VPA respectively Thenthe problem of deciding if 119875(119881
1) sube 119875(119881
2) holds is decidable
that is opacity of a PDS is decidable In addition this problemcan be solved in 2-EXPTIME
From Theorem 14 we see that if 119875(1198812) is given as a
language accepted by a deterministic VPA then the decidablecondition is relaxed Comparing Theorem 13 with Theo-rem 14 the inclusion problem inTheorem 14 is more difficultthan that in Theorem 13 This is because in Theorem 14119875(1198811) may be given as a language accepted by a PDA If an
overapproximation of a PDA can be derived as a VPA thenwe can obtain a sufficient condition of a PDS to be opaque Infuture work we plan to consider how to approximate a PDAby a VPA On the other hand in recent years VPAs have beenapplied to several applications (see eg [7ndash9]) ThereforeTheorem 13 andTheorem 14 will be useful
Finally we show a simple example
Example 15 Consider the DES-VPA in Figure 1 Assume 119889 =119887 Suppose that Σ
119900= 119886 119887 Σ
119906119900= 119888 and 119876
119904= 1199022 are
given Then we obtain119875 (1198811) = 119875 (119881
2) = 119886119899
119887119899
(8)119875(1198811) and119875(119881
2) are languages accepted byVPAs respectively
and 119875(1198811) = 119875(119881
2) holds Therefore this system is opaque
4 Diagnosability Verification
In this section first diagnosability for the PDS (1) is definedaccording to the definition in [15 26 27] Next after the exist-ing results in [15] are explained two kinds of diagnosabilityconditions are proposed
Journal of Applied Mathematics 5
41 Definition of Diagnosability First failure states aredefined Let 119876
119891sub 119876 denote the set of failure states For 119876
119891
the following two assumptions are made (i) 119876119891sub 119865 and
(ii) if the state reaches the set 119876119891 then the state stays within
119876119891 Since in this paper we focus on whether some failure has
occurred in the past or not these assumptions are imposedThese assumptions also imply that any failure is not restoredautomatically Let 119871
119891sub 119871(119866) denote the set of executions
such that the state reaches some element in 119876119904
Next the notion of diagnosability for the PDS (1) isdefined according to [15 26 27]
Definition 16 For the PDS (1) suppose that the set of failurestates 119876
119891and the set of observable events Σ
119900are given Then
the PDS (1) is diagnosable if the following condition holds
(exist119899 isin N minus infin) (forall119904 isin 119871119891) (forall119905 isin
119871 (119866)
119904)
|119905| ge 119899 997904rArr 119875minus1
119875 (119904119905) cap 119871 (119866) sube 119871119891
(9)
where 119871(119866)119904 = 119905 isin Σlowast
| 119904119905 isin 119871(119866) and 119875minus1119875(119904119905) is the setof executions such that an observation is 119875(119904119905)
In this definition 119875minus1119875(119904119905) cap 119871(119866) sube 119871119891implies that all
executions such that an observation is 119875(119904119905) are included in119871119891 So a failure can be detected from a finite observation
In other words if there exists an unobservable infinite suffixthen the system is not diagnosable Furthermore deriving 119899in this definition is important but this topic is not discussedin this paper In [15] under some assumptions a method forderiving 119899 has been already discussed
Hereafter a construction method of a diagnoser is notfocused on (see [15] for construction of a diagnoser) and amethod to test diagnosability is considered
42 Existing Results First we introduce a necessary and suf-ficient condition of the PDS (1) not to be diagnosable [15 28]
Lemma17 For the PDS (1) suppose that the set of failure states119876119891and the set of observable events Σ
119900are given Then the PDS
is not diagnosable if and only if there exist two indistinguishableinfinite executions119908
1and119908
2such that119908
1reaches119876
119891while119908
2
does not
Next the existing results [15] on diagnosability verifica-tion are introduced
Lemma 18 Diagnosability of a DES-PDA is in general unde-cidable
Lemma 19 Diagnosability of a DES-VPA is in general unde-cidable
These results can be obtained immediately because theemptiness problem for an intersection of observations ofinfinite executions 119908
1and 119908
2such that 119908
1reaches 119876
119891while
1199082does not is undecidable from Lemma 3In [15] the following result has been derived
Lemma 20 Assume Σ119906119900sube Σint Then diagnosability of a DES-
VPA is decidable
In Lemma 20 it is assumed that events correspondingto push and pop manipulations of the stack are observableIn [15] the diagnosability verification problem is reduced tothe emptiness problem of Buchi automata under Σ
119906119900sube Σint
So the property of pushdown automata is not considered Inthis paper as another approach we consider diagnosabilityverification under other assumptions Furthermore approx-imate methods for verifying diagnosability of PDSs withoutassumptions are proposed
43 Proposed Diagnosability Condition First based onLemma 4 we propose a diagnosability condition of PDSs
Let1198821denote the set of finite event sequences such that
the state reaches119876minus119876119891 Let119882
2denote the set of finite event
sequences such that the state reaches 119876119891
Then we obtain the following result
Theorem 21 Assume that either 119875(1198821) or 119875(119882
2) is given
as a language accepted by some finite automaton that is aregular language Then diagnosability of a PDS is decidableFurthermore a PDS is not diagnosable if and only if 119875(119882
1) cap
119875(1198822) = 0 holds In addition this problem can be solved in
PTIME
Proof From Lemma 4 and Lemma 17 this theorem isobtained straightforwardly
We show a simple example
Example 22 Consider the DES-VPA in Figure 1 again Sup-pose that Σ
119900= 119886 119887 119888 Σ
119906119900= 119889 and 119876
119891= 1199022 are given
Then we obtain1198821= 119886119899
119887119899
1198822= 119886119898
119888119889119898
119899 ge 1 119898 ge 0
119875 (1198821) = 119886119899
119887119899
119875 (1198822) = 119886119898
119888 119899 ge 1 119898 ge 0
(10)
Since 119875(1198822) is a regular language diagnosability of this DES-
VPA is decidable In fact we see that 119875(1198821) cap 119875(119882
2) = 0
does not hold and the defect can be detected by observingthe event 119888 This example is very simple However we notethat diagnosability of this system is undecidable in the caseusing the existing result in [15] This is because this systemdoes not satisfy the assumption in Lemma 20 that is theunobservable event 119889 is not an internal manipulation and isa pop manipulation
From this example we can indicate that even if 1198821 1198822
are CFLs then 119875(1198821) 119875(119882
2) are generally neither CFLs nor
regular languages In the above example 1198822is a CFL but
119875(1198822) is a regular language So we may consider to directly
approximate 119875(1198821) 119875(119882
2) by a regular language From this
viewpoint we propose diagnosability conditions using thefinite-state overunder-approximations
44 Proposed Diagnosability Conditions Using Finite-StateApproximations Now we show a diagnosability conditionusing a finite-state overapproximation in Definition 8
6 Journal of Applied Mathematics
Theorem 23 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state overapproximation in Definition 8Let 119875
1and 119875
2denote approximated 119875(119882
1) and 119875(119882
2)
respectively Then a necessary condition for a PDS to be notdiagnosable is that either 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0
holds In addition this condition can be solved in PTIME
Proof From Theorem 21 119875(1198821) sube 119875
1 and 119875(119882
2) sube 119875
2 we
obtain the theorem immediately
Theorem 23 provides a necessary conditionOn the other hand it is also important to obtain a
sufficient condition Then a finite-state underapproximationmust be considered A simple method to derive a finite-stateunderapproximation is that the length of the stack in a PDSis limited to a given finite length See Example 25 belowfor further details So we assume that a finite-state under-approximation of either 119875(119882
1) or 119875(119882
2) is given
Then we obtain the following result
Theorem 24 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state under-approximation Let 1198751and 119875
2
denote approximated 119875(1198821) and 119875(119882
2) respectively Then a
sufficient condition for a PDS to be not diagnosable is thateither 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0 holds In addition
this condition can be solved in PTIME
Proof From Theorem 21 1198751sube 119875(119882
1) and 119875
2sube 119875(119882
2) we
obtain the theorem immediately
From Theorems 23 and 24 we see that diagnosability ofa PDS can be approximately verified in PTIME SoTheorems23 and 24 are simple but can be applied to several systemssuch as software systems
Example 25 Suppose that 119875(1198821) and 119875(119882
2) are given as
119875 (1198821) = 119886
119899
119887119899
119888119894
| 119899 ge 1 119894 ge 1
119875 (1198822) = 119886
119894
119887119899
119888119899
| 119899 ge 1 119894 ge 1
(11)
respectively Then 119875(1198821) cap 119875(119882
2) = 119886
119899
119887119899
119888119899
| 119899 ge 1 = 0
is obtained and we see that this system is not diagnosableHowever 119875(119882
1) cap 119875(119882
2) is not a CFL (see [6] for further
details)Next we verify diagnosability using Theorem 23 In this
example we approximate 119875(1198821) by a regular language The
PDA 1198661accepting 119875(119882
1) is given by
1198661= (119876 Σ Γ Δ 119902
0 1198850 119865)
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888
Γ = 1198850 119883
Δ = Δ push cup Δ pop cup Δ int
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883)
Δ int = (1199021 119888 1199022) (1199022 119888 1199022)
119865 = 1199022 sub 119876
(12)
See also Figure 2 Consider to derive the finite-state overap-proximation in Definition 8 Then Σ
119876is given as
Σ119876= 119886 sdot 119902
0 119886 sdot 1199021 119886 sdot 1199022 119887 sdot 1199020 119887 sdot 1199021 119887 sdot 1199022
119888 sdot 1199020 119888 sdot 1199021 119888 sdot 1199022
(13)
Next we derive Δ119900 From Δ push we obtain
1205751= (1199020 119886 sdot 1199020 1199020) 120575
2= (1199020 119886 sdot 1199021 1199021) (14)
From Δ pop we obtain
1205753= (1199021 1198871199021 1199021) (15)
From Δ int we obtain
1205754= (1199021 1198881199022 1199022) 120575
5= (1199022 1198881199022 1199022) (16)
So Δ119900= 1205751 1205752 1205753 1205754 1205755 is obtained Thus we can obtain
the finite-state overapproximation 1198661of the PDA 119866
1(see
Figure 3) Using Σ = 119886 119887 119888 the language accepted by 1198661
is obtained by
119871 (1198661) = 119886
lowast
119886119887lowast
119888119888lowast
(17)
From the obtained 119871(1198661) we see that 119875(119882
1) sube 119871(119866
1) holds
Furthermore since 119871(1198661) cap 119875(119882
2) = 0 holds the necessary
condition inTheorem 23 is satisfied
Next we verify diagnosability using Theorem 24 Bylimiting the length of the stack in 119875(119882
1) to 119899 = 2 the finite-
state under-approximation 1198751can be obtained as
1198751= 119886119886119887119887119888119888
lowast
sube 119875 (1198821) (18)
1198751is accepted by the finite automaton in Figure 4 Since
1198751cap 119875(119882
2) = 0 holds the sufficient condition inTheorem 24
is satisfied
5 Discussions
51 Relationship between Opacity and Diagnosability Verifi-cations Opacity and diagnosability are closely related con-cepts We can interpret that opacity is the converse notion ofdiagnosability However decidability conditions are different
In opacity verification if 119875(1198811) and 119875(119881
2) are languages
accepted by someVPA respectively then opacity is decidable(see also Theorem 13) That is opacity can be discussed onlyin the framework of VPAs
On the other hand in diagnosability verification if either119875(1198821) or119875(119882
2) is a language accepted by somefinite automa-
ton then diagnosability is decidable (see Section 43) Thusapproximations such as finite-state approximations describedin Section 23 are required
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 5
41 Definition of Diagnosability First failure states aredefined Let 119876
119891sub 119876 denote the set of failure states For 119876
119891
the following two assumptions are made (i) 119876119891sub 119865 and
(ii) if the state reaches the set 119876119891 then the state stays within
119876119891 Since in this paper we focus on whether some failure has
occurred in the past or not these assumptions are imposedThese assumptions also imply that any failure is not restoredautomatically Let 119871
119891sub 119871(119866) denote the set of executions
such that the state reaches some element in 119876119904
Next the notion of diagnosability for the PDS (1) isdefined according to [15 26 27]
Definition 16 For the PDS (1) suppose that the set of failurestates 119876
119891and the set of observable events Σ
119900are given Then
the PDS (1) is diagnosable if the following condition holds
(exist119899 isin N minus infin) (forall119904 isin 119871119891) (forall119905 isin
119871 (119866)
119904)
|119905| ge 119899 997904rArr 119875minus1
119875 (119904119905) cap 119871 (119866) sube 119871119891
(9)
where 119871(119866)119904 = 119905 isin Σlowast
| 119904119905 isin 119871(119866) and 119875minus1119875(119904119905) is the setof executions such that an observation is 119875(119904119905)
In this definition 119875minus1119875(119904119905) cap 119871(119866) sube 119871119891implies that all
executions such that an observation is 119875(119904119905) are included in119871119891 So a failure can be detected from a finite observation
In other words if there exists an unobservable infinite suffixthen the system is not diagnosable Furthermore deriving 119899in this definition is important but this topic is not discussedin this paper In [15] under some assumptions a method forderiving 119899 has been already discussed
Hereafter a construction method of a diagnoser is notfocused on (see [15] for construction of a diagnoser) and amethod to test diagnosability is considered
42 Existing Results First we introduce a necessary and suf-ficient condition of the PDS (1) not to be diagnosable [15 28]
Lemma17 For the PDS (1) suppose that the set of failure states119876119891and the set of observable events Σ
119900are given Then the PDS
is not diagnosable if and only if there exist two indistinguishableinfinite executions119908
1and119908
2such that119908
1reaches119876
119891while119908
2
does not
Next the existing results [15] on diagnosability verifica-tion are introduced
Lemma 18 Diagnosability of a DES-PDA is in general unde-cidable
Lemma 19 Diagnosability of a DES-VPA is in general unde-cidable
These results can be obtained immediately because theemptiness problem for an intersection of observations ofinfinite executions 119908
1and 119908
2such that 119908
1reaches 119876
119891while
1199082does not is undecidable from Lemma 3In [15] the following result has been derived
Lemma 20 Assume Σ119906119900sube Σint Then diagnosability of a DES-
VPA is decidable
In Lemma 20 it is assumed that events correspondingto push and pop manipulations of the stack are observableIn [15] the diagnosability verification problem is reduced tothe emptiness problem of Buchi automata under Σ
119906119900sube Σint
So the property of pushdown automata is not considered Inthis paper as another approach we consider diagnosabilityverification under other assumptions Furthermore approx-imate methods for verifying diagnosability of PDSs withoutassumptions are proposed
43 Proposed Diagnosability Condition First based onLemma 4 we propose a diagnosability condition of PDSs
Let1198821denote the set of finite event sequences such that
the state reaches119876minus119876119891 Let119882
2denote the set of finite event
sequences such that the state reaches 119876119891
Then we obtain the following result
Theorem 21 Assume that either 119875(1198821) or 119875(119882
2) is given
as a language accepted by some finite automaton that is aregular language Then diagnosability of a PDS is decidableFurthermore a PDS is not diagnosable if and only if 119875(119882
1) cap
119875(1198822) = 0 holds In addition this problem can be solved in
PTIME
Proof From Lemma 4 and Lemma 17 this theorem isobtained straightforwardly
We show a simple example
Example 22 Consider the DES-VPA in Figure 1 again Sup-pose that Σ
119900= 119886 119887 119888 Σ
119906119900= 119889 and 119876
119891= 1199022 are given
Then we obtain1198821= 119886119899
119887119899
1198822= 119886119898
119888119889119898
119899 ge 1 119898 ge 0
119875 (1198821) = 119886119899
119887119899
119875 (1198822) = 119886119898
119888 119899 ge 1 119898 ge 0
(10)
Since 119875(1198822) is a regular language diagnosability of this DES-
VPA is decidable In fact we see that 119875(1198821) cap 119875(119882
2) = 0
does not hold and the defect can be detected by observingthe event 119888 This example is very simple However we notethat diagnosability of this system is undecidable in the caseusing the existing result in [15] This is because this systemdoes not satisfy the assumption in Lemma 20 that is theunobservable event 119889 is not an internal manipulation and isa pop manipulation
From this example we can indicate that even if 1198821 1198822
are CFLs then 119875(1198821) 119875(119882
2) are generally neither CFLs nor
regular languages In the above example 1198822is a CFL but
119875(1198822) is a regular language So we may consider to directly
approximate 119875(1198821) 119875(119882
2) by a regular language From this
viewpoint we propose diagnosability conditions using thefinite-state overunder-approximations
44 Proposed Diagnosability Conditions Using Finite-StateApproximations Now we show a diagnosability conditionusing a finite-state overapproximation in Definition 8
6 Journal of Applied Mathematics
Theorem 23 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state overapproximation in Definition 8Let 119875
1and 119875
2denote approximated 119875(119882
1) and 119875(119882
2)
respectively Then a necessary condition for a PDS to be notdiagnosable is that either 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0
holds In addition this condition can be solved in PTIME
Proof From Theorem 21 119875(1198821) sube 119875
1 and 119875(119882
2) sube 119875
2 we
obtain the theorem immediately
Theorem 23 provides a necessary conditionOn the other hand it is also important to obtain a
sufficient condition Then a finite-state underapproximationmust be considered A simple method to derive a finite-stateunderapproximation is that the length of the stack in a PDSis limited to a given finite length See Example 25 belowfor further details So we assume that a finite-state under-approximation of either 119875(119882
1) or 119875(119882
2) is given
Then we obtain the following result
Theorem 24 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state under-approximation Let 1198751and 119875
2
denote approximated 119875(1198821) and 119875(119882
2) respectively Then a
sufficient condition for a PDS to be not diagnosable is thateither 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0 holds In addition
this condition can be solved in PTIME
Proof From Theorem 21 1198751sube 119875(119882
1) and 119875
2sube 119875(119882
2) we
obtain the theorem immediately
From Theorems 23 and 24 we see that diagnosability ofa PDS can be approximately verified in PTIME SoTheorems23 and 24 are simple but can be applied to several systemssuch as software systems
Example 25 Suppose that 119875(1198821) and 119875(119882
2) are given as
119875 (1198821) = 119886
119899
119887119899
119888119894
| 119899 ge 1 119894 ge 1
119875 (1198822) = 119886
119894
119887119899
119888119899
| 119899 ge 1 119894 ge 1
(11)
respectively Then 119875(1198821) cap 119875(119882
2) = 119886
119899
119887119899
119888119899
| 119899 ge 1 = 0
is obtained and we see that this system is not diagnosableHowever 119875(119882
1) cap 119875(119882
2) is not a CFL (see [6] for further
details)Next we verify diagnosability using Theorem 23 In this
example we approximate 119875(1198821) by a regular language The
PDA 1198661accepting 119875(119882
1) is given by
1198661= (119876 Σ Γ Δ 119902
0 1198850 119865)
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888
Γ = 1198850 119883
Δ = Δ push cup Δ pop cup Δ int
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883)
Δ int = (1199021 119888 1199022) (1199022 119888 1199022)
119865 = 1199022 sub 119876
(12)
See also Figure 2 Consider to derive the finite-state overap-proximation in Definition 8 Then Σ
119876is given as
Σ119876= 119886 sdot 119902
0 119886 sdot 1199021 119886 sdot 1199022 119887 sdot 1199020 119887 sdot 1199021 119887 sdot 1199022
119888 sdot 1199020 119888 sdot 1199021 119888 sdot 1199022
(13)
Next we derive Δ119900 From Δ push we obtain
1205751= (1199020 119886 sdot 1199020 1199020) 120575
2= (1199020 119886 sdot 1199021 1199021) (14)
From Δ pop we obtain
1205753= (1199021 1198871199021 1199021) (15)
From Δ int we obtain
1205754= (1199021 1198881199022 1199022) 120575
5= (1199022 1198881199022 1199022) (16)
So Δ119900= 1205751 1205752 1205753 1205754 1205755 is obtained Thus we can obtain
the finite-state overapproximation 1198661of the PDA 119866
1(see
Figure 3) Using Σ = 119886 119887 119888 the language accepted by 1198661
is obtained by
119871 (1198661) = 119886
lowast
119886119887lowast
119888119888lowast
(17)
From the obtained 119871(1198661) we see that 119875(119882
1) sube 119871(119866
1) holds
Furthermore since 119871(1198661) cap 119875(119882
2) = 0 holds the necessary
condition inTheorem 23 is satisfied
Next we verify diagnosability using Theorem 24 Bylimiting the length of the stack in 119875(119882
1) to 119899 = 2 the finite-
state under-approximation 1198751can be obtained as
1198751= 119886119886119887119887119888119888
lowast
sube 119875 (1198821) (18)
1198751is accepted by the finite automaton in Figure 4 Since
1198751cap 119875(119882
2) = 0 holds the sufficient condition inTheorem 24
is satisfied
5 Discussions
51 Relationship between Opacity and Diagnosability Verifi-cations Opacity and diagnosability are closely related con-cepts We can interpret that opacity is the converse notion ofdiagnosability However decidability conditions are different
In opacity verification if 119875(1198811) and 119875(119881
2) are languages
accepted by someVPA respectively then opacity is decidable(see also Theorem 13) That is opacity can be discussed onlyin the framework of VPAs
On the other hand in diagnosability verification if either119875(1198821) or119875(119882
2) is a language accepted by somefinite automa-
ton then diagnosability is decidable (see Section 43) Thusapproximations such as finite-state approximations describedin Section 23 are required
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
6 Journal of Applied Mathematics
Theorem 23 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state overapproximation in Definition 8Let 119875
1and 119875
2denote approximated 119875(119882
1) and 119875(119882
2)
respectively Then a necessary condition for a PDS to be notdiagnosable is that either 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0
holds In addition this condition can be solved in PTIME
Proof From Theorem 21 119875(1198821) sube 119875
1 and 119875(119882
2) sube 119875
2 we
obtain the theorem immediately
Theorem 23 provides a necessary conditionOn the other hand it is also important to obtain a
sufficient condition Then a finite-state underapproximationmust be considered A simple method to derive a finite-stateunderapproximation is that the length of the stack in a PDSis limited to a given finite length See Example 25 belowfor further details So we assume that a finite-state under-approximation of either 119875(119882
1) or 119875(119882
2) is given
Then we obtain the following result
Theorem 24 Suppose that either 119875(1198821) or 119875(119882
2) is approx-
imated by a finite-state under-approximation Let 1198751and 119875
2
denote approximated 119875(1198821) and 119875(119882
2) respectively Then a
sufficient condition for a PDS to be not diagnosable is thateither 119875
1cap 119875(119882
2) = 0 or 119875(119882
1) cap 1198752= 0 holds In addition
this condition can be solved in PTIME
Proof From Theorem 21 1198751sube 119875(119882
1) and 119875
2sube 119875(119882
2) we
obtain the theorem immediately
From Theorems 23 and 24 we see that diagnosability ofa PDS can be approximately verified in PTIME SoTheorems23 and 24 are simple but can be applied to several systemssuch as software systems
Example 25 Suppose that 119875(1198821) and 119875(119882
2) are given as
119875 (1198821) = 119886
119899
119887119899
119888119894
| 119899 ge 1 119894 ge 1
119875 (1198822) = 119886
119894
119887119899
119888119899
| 119899 ge 1 119894 ge 1
(11)
respectively Then 119875(1198821) cap 119875(119882
2) = 119886
119899
119887119899
119888119899
| 119899 ge 1 = 0
is obtained and we see that this system is not diagnosableHowever 119875(119882
1) cap 119875(119882
2) is not a CFL (see [6] for further
details)Next we verify diagnosability using Theorem 23 In this
example we approximate 119875(1198821) by a regular language The
PDA 1198661accepting 119875(119882
1) is given by
1198661= (119876 Σ Γ Δ 119902
0 1198850 119865)
119876 = 1199020 1199021 1199022
Σ = 119886 119887 119888
Γ = 1198850 119883
Δ = Δ push cup Δ pop cup Δ int
Δ push = (1199020 119886 119883 1199020) (1199020 119886 119883 1199021)
Δ pop = (1199021 119887 1199021 119883)
Δ int = (1199021 119888 1199022) (1199022 119888 1199022)
119865 = 1199022 sub 119876
(12)
See also Figure 2 Consider to derive the finite-state overap-proximation in Definition 8 Then Σ
119876is given as
Σ119876= 119886 sdot 119902
0 119886 sdot 1199021 119886 sdot 1199022 119887 sdot 1199020 119887 sdot 1199021 119887 sdot 1199022
119888 sdot 1199020 119888 sdot 1199021 119888 sdot 1199022
(13)
Next we derive Δ119900 From Δ push we obtain
1205751= (1199020 119886 sdot 1199020 1199020) 120575
2= (1199020 119886 sdot 1199021 1199021) (14)
From Δ pop we obtain
1205753= (1199021 1198871199021 1199021) (15)
From Δ int we obtain
1205754= (1199021 1198881199022 1199022) 120575
5= (1199022 1198881199022 1199022) (16)
So Δ119900= 1205751 1205752 1205753 1205754 1205755 is obtained Thus we can obtain
the finite-state overapproximation 1198661of the PDA 119866
1(see
Figure 3) Using Σ = 119886 119887 119888 the language accepted by 1198661
is obtained by
119871 (1198661) = 119886
lowast
119886119887lowast
119888119888lowast
(17)
From the obtained 119871(1198661) we see that 119875(119882
1) sube 119871(119866
1) holds
Furthermore since 119871(1198661) cap 119875(119882
2) = 0 holds the necessary
condition inTheorem 23 is satisfied
Next we verify diagnosability using Theorem 24 Bylimiting the length of the stack in 119875(119882
1) to 119899 = 2 the finite-
state under-approximation 1198751can be obtained as
1198751= 119886119886119887119887119888119888
lowast
sube 119875 (1198821) (18)
1198751is accepted by the finite automaton in Figure 4 Since
1198751cap 119875(119882
2) = 0 holds the sufficient condition inTheorem 24
is satisfied
5 Discussions
51 Relationship between Opacity and Diagnosability Verifi-cations Opacity and diagnosability are closely related con-cepts We can interpret that opacity is the converse notion ofdiagnosability However decidability conditions are different
In opacity verification if 119875(1198811) and 119875(119881
2) are languages
accepted by someVPA respectively then opacity is decidable(see also Theorem 13) That is opacity can be discussed onlyin the framework of VPAs
On the other hand in diagnosability verification if either119875(1198821) or119875(119882
2) is a language accepted by somefinite automa-
ton then diagnosability is decidable (see Section 43) Thusapproximations such as finite-state approximations describedin Section 23 are required
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 7
119886+119883
119886+1198831199020 1199021 1199022119888
119888119887minus119883
Figure 2 PDA 1198661
1199020 1199021 1199022
119886 middot 1199020
119886 middot 1199021
119887 middot 1199021 119888 middot 1199022
119888 middot 1199022
Figure 3 Finite-state overapproximation 1198661of 1198661
119886 119886 119887 119887 119888
119888
Figure 4 Finite automaton accepting 1198751
From these results the difference between opacity veri-fication and diagnosability verification is clarified from thetheoretical viewpoint However it is known that the compu-tational complexity of the inclusion problem of VPAs isEXPTIME-complete and that of finite automata is PSPACE-complete [7] Thus from the computational viewpoint itmay be desirable to use finite-state approximations in opacityverification
52 Optimal Sensor Selection The optimal sensor selectionproblem that is the problem of minimizing the number ofsensors which observe events such that the system is diag-nosable has been discussed in [29 30] Further in opacity thesensor selection problem has been discussed in [18] One ofthe trivial solutions to the sensor selection problem in opacityis that the number of sensors should be zero but this is notpractical So it is important to consider the optimal sensorselection problem such that the system is opaque and diag-nosable simultaneously under 119876
119904= 119876119891 Then we can derive
an optimal solution of this problem according to the resultsin Sections 4 and 3 This is one of the challenges to be under-taken in the future that is to develop an efficient algorithm
53 Extension to Higher-Order Pushdown Systems Higher-order pushdown automata (HPAs) [31 32] have been pro-posed as one of the extensions of PDAs HPAs are defined byusing higher-order stacks that is a nested ldquostack of stacksrdquostructures HPAs are closely related to infinite graph theoryand higher-order logic programming Decidable problemsand undecidable problems in HPAs are basically similar tothose in PDAs Thus our proposed approach will be appliedto HPAs In fact the conditions that diagnosability of discrete
event systems modeled by HPAs is decidable have beenobtained in [15] Since one of the conditions is Σ
119906119900sube Σint the
conditions obtained can be regarded as a natural extension ofLemma 20
6 Application to XML Data Integration
In this section we consider XML data integration as an appli-cation The XML (Extensible Markup Language) is a markuplanguage that defines a set of rules for encoding data anddocuments and is widely used in several fields such as dataand documents on the Web and medical databases In caseswhere documents in databases are expressed by the XMLone of the important problems is data integration which iscalled here XML data integration In XML data integrationfirst XML documents are extracted frommultiple databasesNext the extracted XML documents are integrated as oneXML document Here we assume the existence of a databasewhere the integrated XML document is indistinguishablefrom its extracted components The XML document in sucha database is called here the target XML document Then weconsider the following problems
Problem 1 Suppose that an integrated XML document and atarget XML document are given Then
(i) can the integrated XML document be indistinguish-able from the target XML document
(ii) by masking particular data in the integrated XMLdocument can the integrated XML document beindistinguishable from the target XML document
These problems are important from the viewpoint of securityIn addition this problem is closely related to opacity verifica-tion of PDSs in Section 3 This is because in recent years amethod for expressing XML documents as a VPA has beenstudied in for example [8 13]
Hereafter the relation between VPAs and XML docu-ments will be explained Next by using a simple example weexplain how to solve the above problems
61 Relation between Pushdown Systems and XML Docu-ments First an example of XML documents expressinginformation about books is shown as follows
ltbookgtlt titlegtIntroduction to Discrete Event Systems
lttitlegtltauthorgt C G Cassandras ltauthorgtltauthorgt S Lafortune ltauthorgtlt ISBNgt 978-0-387-33332-8 ltISBNgt
ltbookgt
TheXML scheme in the above example is based on the exam-ple in [13] In addition the above example implies informa-tion about the book of [1] ltbookgt lttitlegt ltauthorgt and
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
8 Journal of Applied Mathematics
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119887 +119905 minus119905 +119886
+119886minus119886
minus119887 minus119894 +119894book
book title title author
author author
isbnisbn
Figure 5 VPA 1198781expressing the XML document (information
about books)
ltISBNgt are open tags ltbookgt lttitlegt ltauthorgt andltISBNgt are close tags Actual data such as ldquo978-0-387-33332-8rdquo is called a local symbol Since in this paper wefocus on XML schemas we omit local symbols The aboveXML document can then be expressed as the VPA 119878
1=
(119876 Σ Γ Δ push cup Δ pop cup Δ int 1199020 1198850 119865) where
119876 = 1199020 1199021 1199022 1199023 1199024 1199025 1199026 1199027 1199028
Σ = book book title title author author isbn isbn
Γ = 1198850 119886 119887 119894 119905
Δ push = (1199020 book 119887 119902
1) (1199021 title 119905 119902
2)
(1199023 author 119886 119902
4) (1199025 author 119886 119902
4)
(1199025 isbn 119894 119902
6)
Δ pop = (1199022 title 119902
3 119905) (119902
4 author 119902
5 119886)
(1199026 isbn 119902
7 119894) (119902
7 isbn 119902
8 119887)
Δ int = 0
119865 = 1199028 sub 119876
(19)
Close tags are expressed by sdot See also Figure 5 Thus agiven XML document can be expressed by a VPA
62 XML Data Integration with Security ConsiderationsNext suppose that a VPA expressing information aboutpublishers is given as 119878
2in Figure 6 where pub pname
and addr imply ldquopublisherrdquo ldquopublisher namerdquo and ldquoaddressrdquorespectively Consider how to integrate the VPA 119878
1with the
VPA 1198782 One of the simple methods is to connect 119878
1with 119878
2
in series Then we can obtain the VPA 1198783in Figure 7
Here suppose that a target XML document is given asthe VPA in Figure 8 where ldquordquo implies a wild-card event ora wild-card stack symbol We consider Problem 1 (i) Thatis we must check if 119871(119878
3) sube 119871(119879) is satisfied This is the
same as opacity verification In this example 119871(1198783) sube 119871(119879)
is not satisfied because by observing ldquocountryrdquo the VPA 1198783
is distinguishable from the VPA 119879 Therefore a solution ofProblem 1 (i) is ldquonordquo In other words the integrated XMLdocument is not opaque FromTheorem 13 it is assumed thatthis problem is decidable in general cases We remark that inthis case Σ = Σ
119900holds
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119901 +119888 minus119888
minus119899
minus119889minus119901
+119889
+119889
+119899
pub
pub
country country pname
pname
addraddr
addr
Figure 6 VPA 1198782expressing information about publishers
+119887 minus119887+119904 +119901 minus119901 minus119904
1198781 1198782
middot middot middot middot middot middot
book bookbp bppubpub
Figure 7 VPA 1198783obtained by integrating 119878
1with 119878
2
1199020 1199021 1199022 1199023 1199024
1199025119902611990271199028
+119904
minus119904
+119887 minus119887 +119901
minus119901 minus119899
+119899
+
+minus
minus
book bookbp
bp pub
pub
pname
pname
Figure 8 VPA 119879 expressing a target XML document
Next consider Problem 1 (ii) Suppose that the set ofunobservable events Σ
119906119900is given as Σ
119906119900= country Then
the VPA 1198783is indistinguishable from the VPA 119879 Therefore a
solution of Problem 1 (i) is ldquoyesrdquo In other words we can saythat the integratedXMLdocument becomes opaque bymask-ing ldquocountryrdquo Also in general cases this problem is decidableOn the other hand it is one part of the future work that isto develop an efficient algorithm for finding masked eventsSince this problem is the converse notion of the optimal sen-sor selection problem for diagnosability there is a possibilitythat the existing result on sensor selection can be applied
7 Conclusion and Future Work
In this paper opacity and diagnosability of discrete eventsystems expressed by pushdown automata (called here push-down systems PDSs) have been discussed based on formallanguage theory In opacity verification we have not onlyproven that opacity of a PDS is in general undecidablebut also characterized the condition such that opacity isdecidable We have also clarified that depending on aclass of observations the computational complexity is dif-ferent In diagnosability verification we have proposed anew diagnosability condition based on the fact that anintersection of a context-free language and a regular lan-guage is derived as a context-free language In additionwe have derived diagnosability conditions using finite-stateoverunder-approximations of observations Also we have
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Journal of Applied Mathematics 9
clarified that the proposed diagnosability conditions can besolved in PTIME In particular since diagnosability condi-tions using approximations can be applied to a general classof PDSs and can be efficiently solved several applicationswill be able to be considered Finally as an application wehave considered XML data integrationThe obtained result isvaluable as the basis of verification of PDSs and will be thefirst step toward development of control theory for infinite-state discrete event systems
In future work there are many open problems for exam-ple implementation using amodel checker and decentralizeddiagnosis [33] In addition the result on diagnosability anal-ysis of unbounded Petri nets has been obtained in [4] Alsofor recursive tile systems which are a class of infinite discreteevent systems the result on opacity and diagnosability hasbeen obtained in [34] It is important to clarify the relationbetween our result and these results Finally in order to showthe effectiveness of our proposed method it is important toconsider several applications
Acknowledgment
This work was partially supported by Grant-in-Aid for YoungScientists (B) 23760387
References
[1] C G Cassandras and S Lafortune Introduction to DiscreteEvent Systems Springer 2nd edition 2008
[2] W Thomas ldquoA short introduction to infinite automatardquo inDevelopments in Language Theory vol 2295 of Lecture Notes inComputer Science pp 130ndash144 2002
[3] M P Cabasino A Giua S Lafortune and C Seatzu ldquoDiagnos-ability analysis of unbounded Petri netsrdquo in Proceedings of theJoint 48th IEEE Conference on Decision and Control and 28thChinese Control Conference pp 1267ndash1272 2009
[4] M P Cabasino A Giua S Lafortune and C Seatzu ldquoA newapproach for diagnosability analysis of Petri nets using verifiernetsrdquo IEEE Transactions on Automatic Control vol 57 no 12pp 3104ndash3117 2012
[5] J-M Autebert J Berstel and L Boasson ldquoContext-free lan-guages and pushdown automatardquo in Handbook of Formal Lan-guages vol 1 pp 111ndash174 Springer 1997
[6] J E Hopcroft and J D Ullman Introduction to AutomataTheo-ry Languages and Computation Addison-Wesley 3rd edition1979
[7] R Alur and P Madhusudan ldquoVisibly pushdown languagesrdquo inProceedings of the 36th Annual ACM Symposium on Theory ofComputing pp 202ndash211 ACM 2004
[8] V Kumar P Madhusudan andM Viswanathan ldquoVisibly push-down automata for streaming XMLrdquo in Proceedings of the 16thInternational Conference on World Wide Web pp 1053ndash10622007
[9] K Hiraishi and P Kucera ldquoApplications of DES theory to verifi-cation of software componentsrdquo IEICE Transactions on Funda-mentals of Electronics Communications and Computer Sciencesvol 92 no 2 pp 604ndash610 2009
[10] N Saeedloei andGGupta ldquoVerifying complex continuous real-time systemswith coinductive CLP(R)rdquo in Proceedings of the 4thInternational Conference on Language andAutomataTheory and
Applications vol 6031 of Lecture Notes in Computer Science pp536ndash548 2010
[11] E Lee ldquoCyber physical systems design challengesrdquo in Proceed-ings of the 11th International Symposium on Object OrientedReal-Time Distributed Computing pp 363ndash369 2008
[12] DWagner andDDean ldquoIntrusion detection via static analysisrdquoin Proceedings of the IEEE Symposium on Security and Privacypp 156ndash168 2001
[13] A Thomo and S Venkatesh ldquoRewriting of visibly pushdownlanguages for XML data integrationrdquoTheoretical Computer Sci-ence vol 412 no 39 pp 5285ndash5297 2011
[14] C Griffin ldquoA note on the properties of the supremal control-lable sublanguage in pushdown systemsrdquo IEEE Transactions onAutomatic Control vol 53 no 3 pp 826ndash829 2008
[15] C Morvan and S Pinchinat ldquoDiagnosability of pushdown sys-temsrdquo in Proceedings of the Haifa Verification Conference 2009vol 6405 of Lecture Notes in Computer Science pp 21ndash33 2011
[16] E Badouel M Bednarczyk A Borzyszkowski B Caillaud andP Darondeau ldquoConcurrent secretsrdquo Discrete Event DynamicSystems Theory and Applications vol 17 no 4 pp 425ndash4462007
[17] J W Bryans M Koutny L Mazare and P Y A Ryan ldquoOpacitygeneralised to transition systemsrdquo International Journal ofInformation Security vol 7 no 6 pp 421ndash435 2008
[18] F Cassez J Dubreil and H Marchand ldquoSynthesis of opaquesystems with static and dynamic masksrdquo Formal Methods inSystem Design vol 40 no 1 pp 88ndash115 2012
[19] J Dubreil ldquoOpacity and abstractionsrdquo in Proceedings of the 1stInternational Workshop on Abstractions for Petri Nets and OtherModels of Concurrency 2009
[20] A Saboori andCNHadjicostis ldquoNotions of security and opac-ity in discrete event systemsrdquo in Proceedings of the 46th IEEEConference on Decision and Control pp 5056ndash5061 2007
[21] A Saboori and C N Hadjicostis ldquoVerification of infinite-stepopacity and complexity considerationsrdquo IEEE Transactions onAutomatic Control vol 57 no 5 pp 1265ndash1269 2012
[22] A Saboori andCNHadjicostis ldquoVerification of K-step opacityand analysis of its complexityrdquo IEEE Transactions on Automa-tion Science and Engineering vol 8 no 3 pp 549ndash559 2011
[23] K Kobayashi and K Hiraishi ldquoOn opacity and diagnosabilityin discrete event systems modeled by pushdown automatardquo inProceedings of the 8th IEEE International Conference on Auto-mation Science and Engineering pp 658ndash663 2012
[24] S A Greibach and E P Friedman ldquoSuperdeterministic PDAsa subcase with a decidable inclusion problemrdquo Journal of theAssociation for Computing Machinery vol 27 no 4 pp 675ndash700 1980
[25] M Mohri and M J Nederhof ldquoRegular approximation ofcontext-free grammars through transformationrdquo in Robustnessin Language and Speech Technology J-C Junqua and G vanNoord Eds chapter 6 pp 153ndash163 2000
[26] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoDiagnosability of discrete-event systemsrdquoIEEETransactions onAutomatic Control vol 40 no 9 pp 1555ndash1575 1995
[27] M Sampath R Sengupta S Lafortune K Sinnamohideen andD C Teneketzis ldquoFailure diagnosis using discrete-event mod-elsrdquo IEEE Transactions on Control Systems Technology vol 40no 2 pp 105ndash124 1996
[28] T Jeron HMarchand S Pinchinat andM-O Cordier ldquoSuper-vision patterns in discrete event systems diagnosisrdquo in Proceed-ings of the 8th Workshop on Discrete Event Systems 2006
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
10 Journal of Applied Mathematics
[29] S Jiang R Kumar and H E Garcia ldquoOptimal sensor selec-tion for discrete-event systems with partial observationrdquo IEEETransactions on Automatic Control vol 48 no 3 pp 369ndash3812003
[30] T-S Yoo and S Lafortune ldquoNP-completeness of sensor selec-tion problems arising in partially observed discrete-event sys-temsrdquo IEEE Transactions on Automatic Control vol 47 no 9pp 1495ndash1499 2002
[31] A Carayol and S Wohrle ldquoThe Caucal hierarchy of infinitegraphs in terms of logic and higher-order pushdown automatardquoin Proceedings of the Foundations of Software Technology andTheoretical Computer Science vol 2914 of Lecture Notes inComputer Science pp 112ndash123 2003
[32] T Knapik D Niwinski and P Urzyczyn ldquoHigher-order push-down trees are easyrdquo in Proceedings of the 5th InternationalConference on Foundations of Software Science andComputationStructures vol 2303 of Lecture Notes in Computer Science pp205ndash222 2002
[33] W Qiu and R Kumar ldquoDecentralized failure diagnosis of dis-crete event systemsrdquo IEEE Transactions on Systems Man andCybernetics A vol 36 no 2 pp 384ndash395 2006
[34] S Chedor CMorvan S Pinchinat andHMarchand ldquoAnalysisof partially observed recursive tile systemsrdquo in Proceedings of the11th International Workshop on Discrete Event Systems pp 265ndash271 2012
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of
Submit your manuscripts athttpwwwhindawicom
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical Problems in Engineering
Hindawi Publishing Corporationhttpwwwhindawicom
Differential EquationsInternational Journal of
Volume 2014
Applied MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Probability and StatisticsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Mathematical PhysicsAdvances in
Complex AnalysisJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
OptimizationJournal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
CombinatoricsHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Operations ResearchAdvances in
Journal of
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Function Spaces
Abstract and Applied AnalysisHindawi Publishing Corporationhttpwwwhindawicom Volume 2014
International Journal of Mathematics and Mathematical Sciences
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
The Scientific World JournalHindawi Publishing Corporation httpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Algebra
Discrete Dynamics in Nature and Society
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Decision SciencesAdvances in
Discrete MathematicsJournal of
Hindawi Publishing Corporationhttpwwwhindawicom
Volume 2014 Hindawi Publishing Corporationhttpwwwhindawicom Volume 2014
Stochastic AnalysisInternational Journal of