A timed discrete event system strong opacity verification method and system based on label time Petri net

By constructing a labeled time Petri net model and a partially modified state class graph, and combining it with a linear programming problem, the problem of verifying the strong current state opacity of time-specified discrete event systems is solved, achieving efficient and accurate security verification, which is applicable to complex systems.

CN122241693APending Publication Date: 2026-06-19WUHAN UNIV OF SCI & TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
WUHAN UNIV OF SCI & TECH
Filing Date
2026-03-25
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing technologies cannot effectively handle the time dimension when verifying the strong current state opacity of timed discrete event systems, causing the verification conclusions to fail in practice. Furthermore, the high computational complexity makes it difficult to apply to systems of real scale.

Method used

A labeled time Petri net model is constructed. By partially modifying the state class graph and solving the linear programming problem, the path that is logically consistent with the time label sequence is efficiently enumerated, the set of time-consistent paths is selected, the set of possible current states of the system is calculated, and it is determined whether the observation satisfies strong current state opacity.

Benefits of technology

It achieves rigorous and reliable security verification, improves the accuracy and efficiency of verification, is applicable to complex systems, fills a technological gap, and overcomes the problems of state space explosion and high computational complexity.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122241693A_ABST
    Figure CN122241693A_ABST
Patent Text Reader

Abstract

This invention belongs to the field of information security technology and discloses a method for verifying the strong opacity of time-assigned discrete event systems based on labeled temporal Petri nets. First, the time-assigned discrete event system to be analyzed is accurately modeled by constructing its labeled temporal Petri net model to formally describe the system's states, events, time constraints, and partial observability. Second, for a given time-labeled sequence (i.e., externally observed events and their timestamps), this invention proposes to efficiently enumerate all logically consistent paths with the sequence by constructing a partially modified state class graph and extracting their time constraints. Finally, based on this set of time-consistent paths, the set of all possible reachable current states (identifiers) of the system is calculated. This invention provides a method for verifying the strong opacity of time-assigned discrete event systems based on labeled temporal Petri nets, solving the problems in the background technology, reducing computational complexity, and making it more suitable for complex systems.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information security technology, and in particular relates to a method and system for verifying the strong opacity of time-assigned discrete event systems based on labeled time Petri nets. Background Technology

[0002] Time-assigned discrete-event systems, as a key modeling framework for cyber-physical systems, are widely used in networked control systems, industrial automation, the Internet of Things (IoT), and real-time communication protocols. The security of such systems, particularly their ability to keep their internal state information confidential from external observers, is a core concern in system design and evaluation. Opacity, as an important information flow confidentiality property, describes a system's ability to hide specific secrets (such as a set of sensitive states) from the view of external observers. Strong current-state opacity requires that for any path derived from real-time observations that terminates at a secret state (a state-event sequence with time information), there exists a non-secret path that has never visited the secret state and has the same real-time observations as that path. Rigorous formal verification of strong current-state opacity is fundamental to ensuring that the system meets high-level privacy and security requirements at the design level.

[0003] In discrete event systems theory, there has been considerable research on verifying opacity. Early work primarily relied on models such as finite state automata or ordinary Petri nets, constructing observers, diagnostics, or various state estimators to determine whether the system satisfies opacity. However, these methods generally treat system events as instantaneous and focus only on their logical sequence, failing to incorporate the temporal constraints involved in event occurrence, duration, or observation. In real-world time-stamped systems, intruders can not only observe the sequence of event tags but may also obtain precise timestamps or interval information of event occurrences. Ignoring the time dimension can lead to serious security misjudgments: a system that appears opaque at a purely logical level may be uniquely deduced as a secret state by an intruder due to its unique temporal pattern, thus rendering traditional verification conclusions invalid in practice.

[0004] To address the impact of time factors, some studies have begun to incorporate the time dimension into opacity analysis frameworks. However, these methods often face the challenge of state space explosion when dealing with systems exhibiting complex concurrency, synchronization, and resource sharing characteristics, and are not specifically optimized for the particular property of strong current state opacity. On the other hand, temporal Petri nets (TNBs) exhibit unique advantages in modeling and analyzing real-time concurrent systems because they can more naturally describe parallel and conflicting behaviors and their time interval constraints. Although existing research has explored the application of TNBs in reachability, scheduling, and fault diagnosis, the shortcomings of current state opacity verification techniques for time-assigned discrete event systems modeled using labeled temporal Petri nets are as follows: First, there is a lack of a precise formal definition of strong current state opacity combined with time-labeled sequences under the semantics of labeled temporal Petri nets. Second, given a time-labeled sequence, how to efficiently calculate all the running trajectories of the system that are completely consistent with it in terms of event logical order and occurrence time (i.e., time-consistent paths) is a key and unsolved problem. Enumerating all possible state classes has extremely high computational complexity and is difficult to apply to systems of practical scale. Finally, there is a lack of a complete and computable technical solution for how to systematically determine whether the current set of system states constitutes sufficient ambiguity for an intruder based on these time-consistent paths, thereby completing the determination of strong opacity.

[0005] Therefore, there is an urgent need in this field for an innovative verification method that can perform rigorous and efficient analysis of the strong current state opacity of time-stressed discrete event systems directly on a labeled time Petri net model, and provide a reliable tool for the design and verification of highly secure real-time systems. Summary of the Invention

[0006] To address the problems existing in the prior art, this invention provides a method for verifying the strong opacity of time-assigned discrete event systems based on labeled time Petri nets.

[0007] This invention relates to a method for verifying the strong opacity of time-assigned discrete event systems based on labeled-time Petri nets, belonging to the technical field of information security and formal verification of discrete event systems. Existing technologies for verifying strong current-state opacity mostly focus on models without time constraints, failing to accurately handle the time dimension prevalent in real-world systems. To address this issue, this invention provides a rigorous and efficient verification method. First, the time-assigned discrete event system to be analyzed is accurately modeled, constructing its labeled-time Petri net model to formally describe the system's states, events, time constraints, and partial observability. Second, for a given time-labeled sequence (i.e., externally observed events and their timestamps), this invention proposes to efficiently enumerate all logically consistent paths from this sequence by constructing a partially modified state class graph, and extract their time constraints. Furthermore, by constructing and solving a linear programming problem, all time-consistent paths that also perfectly match the observed sequence in the time dimension are precisely selected from these logically consistent paths. Finally, based on this time-consistent path set, calculate the set of all possible reachable current states (identifiers) of the system; if the set contains both secret and non-secret states, the observation is determined to satisfy strong current state opacity, otherwise it is determined not to satisfy it.

[0008] The specific technical solution adopted by this invention is as follows:

[0009] A method for enhancing the opacity of a smart home temperature control system based on tag-time Petri nets includes the following steps:

[0010] S1: Construct a labeled time-time Petri net model for a timed discrete event system;

[0011] S2: A partially corrected state class graph of a logical tag sequence calculation system based on time tag sequences, and a set of transition sequences that can be observably projected onto the logical tag sequence are searched to form a path set of the partially corrected state class graph;

[0012] S3: Utilize the time constraints in the path set of the partially modified state class graph to construct a path set that is consistent with the time of the time label sequence for solving the linear programming problem;

[0013] S4: Obtain the identifier set that is consistent with the time of the time tag sequence by using the path set that is consistent with the time of the time tag sequence, and then determine the opacity of the current state of the time tag sequence;

[0014] S5: Search for non-secret paths in the path set that is consistent with the time of the time tag sequence, and then determine the strong current state opacity of the time tag sequence.

[0015] Based on the above technical solutions and the technical problems solved, the advantages and positive effects of the technical solution to be protected by this invention are as follows:

[0016] First, the present invention provides some inventive technical effects after solving the problems addressed by its technical solution. These are described in detail below:

[0017] (1) Achieved rigorous and reliable security verification: By incorporating time constraints into the formal verification framework, this invention can accurately determine whether an observed sequence of events and its specific occurrence time uniquely reveal that the system is in a secret state, thereby providing a stronger current state opacity determination result with higher confidence for the time-assigned system, significantly improving the accuracy of security assessment.

[0018] (2) High verification efficiency and potential for handling complex systems: By introducing a partially modified state class diagram, this invention effectively avoids the computational overhead of enumerating all possible state classes of the system to verify a single observation. Furthermore, the determination of time consistency is transformed into solving a linear programming problem, making the process of checking the time feasibility of the path efficient and deterministic. This combination method improves computational efficiency while ensuring the rigor of verification, making it applicable to complex system models with concurrency and time constraints, and has important general value.

[0019] Secondly, as supporting evidence of the inventiveness of this invention, it is also reflected in the following important aspects:

[0020] (1) The technical solution of this invention fills a technical gap in the industry both domestically and internationally: it proposes for the first time a method for verifying the strong current state opacity of timed discrete event systems based on labeled time Petri nets, filling a technical gap in this field. Although opacity, as an important attribute of information security, has been extensively studied in the field of discrete event systems, existing work mainly focuses on non-time models such as finite state automata or ordinary Petri nets, failing to effectively handle the time dimension information that is prevalent in real-world systems. In addition, existing research often requires enumerating all possible system states in solving time-consistent paths, resulting in high computational complexity and making it difficult to apply to systems of actual scale. This invention, through the technical solution of constructing a partially modified state class diagram combined with linear programming, achieves for the first time an efficient and rigorous verification of the strong current state opacity of timed discrete event systems, effectively filling a gap in this sub-technical field both domestically and internationally.

[0021] (2) The technical solution of this invention solves a long-standing technical problem that people have long desired to solve but have never been able to: opacity verification is even undecided for general Petri nets, and the problem becomes more complex after introducing the time dimension. Intruders can combine the timestamp information of the event to eliminate ambiguity, which makes the traditional verification conclusion based on the pure logic model invalid in practice. This invention successfully solves this long-standing technical problem and achieves strict verification of strong current state opacity. The proposed technical solution not only ensures the accuracy of verification but also significantly improves the computational efficiency, providing a practical solution for the security verification of time-based systems.

[0022] (3) The technical solution of this invention overcomes two long-standing technical biases in this field: one is the bias that "the state space will inevitably explode after the introduction of the time dimension, making verification infeasible"; the other is the bias that "strong current state opacity verification in time-assigned systems is too complex and cannot achieve efficient algorithms." The successful practice of this invention shows that, through innovative technical design, the strong opacity verification of time-assigned discrete event systems is not only feasible, but can also achieve high computational efficiency, opening up new research directions for related technical fields. Attached Figure Description

[0023] Figure 1 This is a flowchart illustrating an embodiment of the present invention's method for verifying the strong opacity of a time-assigned discrete event system based on a labeled time Petri net;

[0024] Figure 2 This is a schematic diagram of a smart home temperature control system, representing an embodiment of the method for verifying the strong opacity of time-assigned discrete event systems based on tagged time Petri nets according to the present invention.

[0025] Figure 3 This is a schematic diagram of a label-time Petri net model in an embodiment of the label-time Petri net-based timed discrete event system strong opacity verification method of the present invention.

[0026] Figure 4 This is a schematic diagram of the MSCG portion of the Tag-Time Petri Net in an embodiment of the strongly opaque verification method for time-assigned discrete event systems based on Tag-Time Petri Nets of the present invention.

[0027] Figure 5 : Schematic diagram of the Petri net structure for time-labeled tags;

[0028] Figure 6 Comparison chart of the growth in the number of some MSCG status classes. Detailed Implementation

[0029] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.

[0030] like Figure 1 As shown, a method for verifying the strong opacity of a time-assigned discrete event system based on labeled temporal Petri nets includes the following steps:

[0031] S1: Construct a labeled time-time Petri net model for a timed discrete event system;

[0032] S2: A partially corrected state class graph of a logical tag sequence calculation system based on time tag sequences, and a set of transition sequences that can be observably projected onto the logical tag sequence are searched to form a path set of the partially corrected state class graph;

[0033] S3: Utilize the time constraints in the path set of the partially modified state class graph to construct a path set that is consistent with the time of the time label sequence for solving the linear programming problem;

[0034] S4: Obtain the identifier set that is consistent with the time of the time tag sequence by using the path set that is consistent with the time of the time tag sequence, and then determine the opacity of the current state of the time tag sequence;

[0035] S5: Search for non-secret paths in the path set that is consistent with the time of the time tag sequence, and then determine the strong current state opacity of the time tag sequence.

[0036] In S1, the labeled-time Petri net model of the time-specified discrete event system consists of triples. Composition, in which Representative containing collections and Change Set Petri nets; It is a change Assign two nonnegative rational numbers and Time function, and express The static launch range; It is for each change Specify a tag Set of symbols (corresponding to observable transitions) or empty strings Label functions (corresponding to unobservable transitions).

[0037] In S1, the state (identifier) ​​of the tag-time Petri net system is represented as: ,in Represents the places of Petri nets The token number in M; the set of transitions enabling M is represented as The time transition sequence is represented as , The logical transition sequence is represented as The set of transitions enabled at M is represented as follows: ;from Launch a time-varying sequence Generate reachable identifier The process is denoted as .

[0038] In S2, the time-labeled sequence (TLS) of the Petri net system is represented as follows: , Indicates the time when the TLS was observed; express A logical label sequence.

[0039] In S2, the modified state class graph (MSCG) of the label-time Petri net system is a directed graph, where each node represents a state class, denoted as […]. ,in For reachability indicators, The inequalities in the equations indicate the transitions. After Launched after a time unit, and after a period of time Emitted a time unit ago; edges connecting state classes are marked as " ",in Indicates from The target class to the edge The allowed transmission interval. The specific steps of the MSCG algorithm include:

[0040] Input: Label-time Petri net, and TLS ;

[0041] S21. Initialize the set ; ; ; ;

[0042] S22, if and ,from Select an observation label ;

[0043] S23, if Then from Choose a state class ;

[0044] S24. For all satisfying or Changes Calculate launch transitions The obtained identifier ;

[0045] S241, Calculation , and add arrive , , ;

[0046] S242, Add a record from arrive And marked as The edge;

[0047] S243, if ,but ;otherwise ;

[0048] S25, from Move out of the middle Proceed to step S23;

[0049] S26, if ,from Move out of the middle ;make and Proceed to step S22;

[0050] Output: Partial MSCG.

[0051] In S2, the logical transition sequence The observable projection is represented as Based on part of MSCG and with The relevant path is defined as follows:

[0052] (1)

[0053] in, and .

[0054] In S3, a Petri net system with given labels and a time-labeled sequence are provided. and Then with A time-consistent path set is defined as:

[0055] (2)

[0056] in express The logical transition sequence; and Time-consistent identifier set is represented as .and The algorithm for estimating time-consistent path sets and identifier sets includes the following steps:

[0057] Input: Tag-Time Petri Net System and time-stamped sequences and given time ;

[0058] S31: Calculation and The relevant part is MSCG; ; ;

[0059] S32: For all satisfying path Construct a constraint set that is related to the observation time;

[0060] S33: If the corresponding linear programming problem (3) has a feasible solution, then ; ;

[0061] Output: Set of transition sequences Identifier set .

[0062] In S33, the satisfiability of time constraints related to the transition is analyzed by solving the linear programming problem (3), and the results are calculated. Time-consistent path sets and identifier sets, and with The set of paths and the set of identifiers that are inconsistent in time. That is, if the linear programming problem (3) has a feasible solution, then the path... and Time is consistent; otherwise, path and The timing is inconsistent.

[0063] (3)

[0064] Finally, due to Time-consistent path sets It can be concluded that... Time-consistent identifier set .

[0065] In S4, a given label-time Petri net system and a time-label sequence are provided. and a set of secret symbols ,like Then the time tag sequence It's about a set of secret symbols. The current status is opaque.

[0066] In S5, a Petri net system with given labels and a time-labeled sequence are provided. and a set of secret symbols If in relation to Time-consistent path sets There exists a non-secret path Then the time tag sequence It's about a set of secret symbols. The current state is not transparent.

[0067] This invention provides a method for verifying the strong opacity of time-assigned discrete event systems based on labeled temporal Petri nets. This method offers a strong opacity verification scheme for real-time systems, which can improve the security of real-time systems. The code implementation of the proposed verification algorithm can be generated by running in Python in the PyCharm interpreted environment, or it can be implemented using other software tools such as Matlab; no limitation is made here. Furthermore, the proposed verification algorithm is not limited to the embodiments provided in this method, but can also be applied to other embodiments.

[0068] In actual operation, this invention, such as Figure 1 As shown, in this embodiment of the invention, the method for verifying the strong opacity of a time-assigned discrete event system based on a labeled time Petri net includes the following steps:

[0069] S1: Construct a labeled time-time Petri net model for a timed discrete event system;

[0070] S2: A partially corrected state class graph of a logical tag sequence calculation system based on time tag sequences, and a set of transition sequences that can be observably projected onto the logical tag sequence are searched to form a path set of the partially corrected state class graph;

[0071] S3: Utilize the time constraints in the path set of the partially modified state class graph to construct a path set that is consistent with the time of the time label sequence for solving the linear programming problem;

[0072] S4: Obtain the identifier set that is consistent with the time of the time tag sequence by using the path set that is consistent with the time of the time tag sequence, and then determine the opacity of the current state of the time tag sequence;

[0073] S5: Search for non-secret paths in the path set that is consistent with the time of the time tag sequence, and then determine the strong current state opacity of the time tag sequence.

[0074] The following is combined Figure 2 and Figure 3 Step S1 in this implementation will be explained.

[0075] Example 1: Temporal Privacy Verification of Smart Home Thermocontrol System

[0076] In this embodiment, there is a smart apartment with a bedroom, living room, and study, equipped with a monitor, air conditioner, computer, smart thermostat, and monitoring computer. After the user sets the schedule and preferred temperature for the smart thermostat via the computer, the air conditioner can automatically turn on or standby to save energy. The smart thermostat monitors the usage of the smart apartment through the monitor and monitoring computer to automatically adjust the temperature when the user is at home. The smart temperature control system consists of… Figure 3 The label-time Petri net model is shown.

[0077] The system state changes from standby to off within 10 to 15 seconds (transition) ), and is closed when the user leaves their work post at 8:30 a.m. (warehouse) When a user finishes their work at 5:30 PM, the system status will change within 10 to 15 seconds. (From closed state to standby state) Since then, when the system detects someone, it will switch to the open state (warehouse) within 10 to 25 seconds. However, if the system does not detect a user, it will pause for 10 to 25 seconds for energy-saving reasons (variable). Switch to standby mode (warehouse) The automatic facial recognition monitor starts working within 8 to 15 seconds (evolution). ), and is in working condition (warehouse) When a user is identified, the system will automatically select a male user within 8 to 18 seconds (change). or female users (changes) The associated single-person model is then loaded, and the corresponding model (library) is loaded. The system enters the pre-working state of the identified user (transition). ), and set the temperature to male (storage). ) or female users (library) The system selects the preferred temperature when it detects an unregistered user. And enter another single-player mode (the warehouse). Then, the system enters a pre-working state for unregistered users (transition). ), and set another temperature (warehouse) When both male and female users are at home, the system will select a two-person mode for them (change). ) and load this pattern (library) Similarly, the system enters a pre-working state (transition). ), and set the temperature to a suitable value according to the user's personal preferences (warehouse). If the user does not change the selected temperature within 22 to 36 seconds (transition) If the temperature is recorded and saved (in storage), then record and save the temperature. Ultimately, the system was developed by... Figure 3 Label-time Petri net modeling in the middle, where the observable transition set is Their labels are respectively , , , , , , , The remaining transitions are unobservable. The initial identifier of the system is... .

[0078] The following is combined Figure 3 , Figure 4 Steps S2, S3, S4, and S5 in this implementation will be explained.

[0079] Assume an intruder is observing the activity of a smart thermostat. Let the secret information be the system automatically loading a single-user model, i.e., the secret is...

[0080] .

[0081] Assuming the intruder is at time... Observed time-labeled sequences Then it can be calculated with Related parts of MSCG, such as Figure 4 As shown. Based on this observation, the observable projection is The logical transition sequence is Consider the path. The following linear programming problem can be solved:

[0082] (4)

[0083] It can be seen that the above constraints have a solution, therefore the path With time-stamped sequences The timing is consistent. Similarly, by testing all the above logical transition sequences, it can be known that... ,

[0084] .because ,so At any moment The current state is opaque to the intruder. However, due to None of the paths in the observation are non-secret paths that do not pass through the secret state, therefore the observation is not strongly opaque to the current state.

[0085] Example 2: Verification of Security Information Concealment in Industrial Automated Production Lines

[0086] In a discrete manufacturing production line, the production unit includes four processes: raw material loading, processing, quality inspection, and product output. The system operates using discrete event control, and the transitions between processes are modeled as Petri net transitions. When modeling the production scheduling system, the state of each process is represented by a library, and transitions represent process execution events. Each transition is assigned an emission time interval, for example, the processing time interval is 2 to 5 time units. Some transitions in the system are visible to the external monitoring system, while others are unobservable due to internal control logic. By constructing a tagged-time Petri net model and building a partially modified state class graph based on the time tag sequence observed by the monitoring system, a linear programming model is further used to solve for time-consistent paths using time constraints. By calculating all possible reachable sets and comparing them with the secret state set, it can be determined whether the operating state of the production system can be inferred by external observers. This embodiment demonstrates that this technology can effectively analyze the risk of system state leakage in industrial production environments.

[0087] Example 3: State Privacy Verification in Smart Grid Dispatch System

[0088] In smart grid dispatching systems, different control commands and load dispatching operations are abstracted as discrete events. The operating state of grid nodes is represented by a library in a Petri net, and behaviors such as switching operations, load transfers, and backup power startup are represented by transitions. Each transition corresponds to a time interval; for example, the duration of a load switching operation is 1 to 3 time units. The dispatching center in the system can observe some operational events, while internal control events are not visible to external users. By establishing a labeled-time Petri net model for this grid dispatching system, the observed time-labeled sequences are input, and a partially modified state class graph is constructed to search for all possible transition paths. Then, the set of paths consistent with the observation time is filtered out through time constraint solving, and the corresponding set of reachable identifiers is calculated. If there are reachable states that do not belong to the secret set, it indicates that the system's operating state remains opaque. This embodiment illustrates that this technology can be used for power system security monitoring and information protection analysis.

[0089] Example 4: Information Leakage Analysis of Network Intrusion Detection System

[0090] In network security systems, behaviors such as server access requests, authentication, privilege escalation, and data access can all be modeled as discrete events. The system uses a Petri net structure to represent different network states, where successful login and resource access are observable events, while internal permission checks and caching operations are unobservable events. Each event has a corresponding time interval; for example, the user authentication process is 1 to 2 time units. By constructing a labeled-time Petri net model and inputting a time-labeled sequence from network monitoring logs, a partially modified state class graph is constructed to search for transition paths consistent with the observed sequence. Furthermore, linear programming methods are used to solve for the set of paths that satisfy the time constraints, obtaining the corresponding set of system identifiers. If any of these paths do not involve access to sensitive data, it indicates that an attacker cannot determine whether the system is in a secret state based on the observed information. This embodiment demonstrates the application value of this technology in network security analysis.

[0091] Example 5: Verification of the Operation Status of an Unmanned Warehousing and Logistics System

[0092] In automated warehousing and logistics systems, operations such as robot handling, shelf movement, cargo identification, and path planning can all be represented as discrete events. The system uses Petri nets to model the warehousing process, where "place" represents the location of goods and the robot's state, and transitions represent task execution actions. Each action has a corresponding time interval; for example, a robot handling task lasts 3 to 6 time units. The warehouse management system can only observe a portion of the task execution events, while the robot's internal control behavior remains unobservable. By inputting the observed task label sequence and corresponding time information, a partially modified state class graph is constructed, and transition paths consistent with the logical label sequence are searched. By solving the path time consistency constraints, a set of all system states satisfying the observation conditions is obtained. If these states include non-secret states, it indicates that the system's operational information remains hidden. This embodiment demonstrates that this method is suitable for privacy protection analysis of complex logistics systems.

[0093] Evidence related to the technical effects obtained by the embodiments of the present invention.

[0094] Evidence 1: Theoretical proof of false positive rate elimination

[0095] Example 1 relates to a smart home temperature control system and its tag-time Petri net model. Existing verification methods can only determine whether the time tag sequence is currently opaque, but cannot conclude whether it satisfies strong opacity. However, through the technical solution of this invention (steps S2-S5), it is possible not only to accurately determine whether the observed time tag sequence has current state opacity, but also to further determine whether it has strong opacity. For example, an intruder at time... Observed time-labeled sequences Existing technologies can verify that the observation is currently opaque, meaning the state of the smart home temperature control system is confidential to intruders. However, this invention successfully identifies a path with consistent timing that carries the risk of leaking the secret state, indicating that the observation does not satisfy strong current state opacity. This comparison directly proves that this invention eliminates false positives, provides a rigorous determination of strong current state opacity, and achieves a safe and reliable verification effect.

[0096] Evidence 2: Comparison of the number of state classes in the state space

[0097] Although the size of a partial MSCG increases with system complexity and the length of a considerable logical tag sequence, the technical solution of this invention shows that the number of state classes in a partial MSCG is usually less than the number of classes in the system's MSCG (full state space). As shown in the label-time Petri net model below, this invention has conducted simulation tests for logical tag sequences of different lengths. However, when analyzing using the MSCG-based method, it was found that the number of MSCG state classes in the system is unbounded. Using the partial MSCG strategy of this invention, only the local state space related to the observation (i.e., the logical tag sequence) needs to be calculated. The line graph shows that partial MSCG avoids full state enumeration, significantly reducing computational overhead. This indicates that this invention overcomes the technical bias of state space explosion in time-based systems and has good engineering application prospects.

[0098] Combination Figure 5 and Figure 6 This can further illustrate the technical effects and advantages of the present invention. Figure 5 In the labeled temporal Petri net model shown, by introducing joint modeling of time constraint intervals and logical labels, the state transition relationships of the system under different temporal evolution paths can be accurately characterized. Based on this structure, this invention constructs a locally reachable state space related to the observation sequence through steps S2-S5, thereby theoretically identifying the potential risk of secret state leakage in time-consistent paths, achieving accurate determination of strong current state opacity, and avoiding the misjudgment problem caused by existing methods that rely solely on current state opacity.

[0099] Further integration Figure 6It is known that, under conditions of different lengths of logical label sequences, traditional MSCG-based analysis methods require the construction of a complete state space, resulting in an unbounded increase in the number of state classes. In contrast, this invention employs a partial MSCG strategy, constructing only local state classes relevant to the observation, thus keeping the number of state classes within a controllable range as the sequence length increases. This method effectively avoids the state space explosion problem caused by full state enumeration, significantly reducing computational complexity while maintaining analytical accuracy. Therefore, this invention not only theoretically eliminates the risk of misjudgment in opacity determination but also demonstrates higher computational efficiency and scalability in engineering implementation, reflecting significant technological advancements and practical value.

[0100] The above evidence fully demonstrates that the technical solution of the present invention not only fills a gap, but also achieves significant beneficial effects.

[0101] It should be noted that embodiments of the present invention can be implemented in hardware, software, or a combination of both. The hardware portion can be implemented using dedicated logic; the software portion can be stored in memory and executed by a suitable instruction execution system, such as a microprocessor or dedicated-design hardware. Those skilled in the art will understand that the above-described devices and methods can be implemented using computer-executable instructions and / or included in processor control code, for example, such code provided on a carrier medium such as a disk, CD, or DVD-ROM, a programmable memory such as a read-only memory, or a data carrier such as an optical or electronic signal carrier. The devices and modules of the present invention can be implemented by hardware circuitry such as very large-scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field-programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of the above-described hardware circuitry and software, such as firmware.

[0102] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any modifications, equivalent substitutions, and improvements made by those skilled in the art within the scope of the technology disclosed in the present invention, and within the spirit and principles of the present invention, should be covered within the scope of protection of the present invention.

Claims

1. A timed discrete event system strong opacity verification method based on a labeled time Petri net, characterized in that, Includes the following steps: Step 1: Construct a labeled time Petri net model for the time-specified discrete event system. The labeled time Petri net model includes a Petri net structure, a transition time interval function, and a label function. The label function is used to assign an observable or unobservable label to each transition. Step 2: Based on the observed time-labeled sequence, construct a partially modified state class graph using the label-time Petri net model, and search for transition sequence paths in the partially modified state class graph whose observable projection is consistent with the logical labeled sequence. Step 3: Construct a linear programming problem using the transition launch time constraints recorded in the path, and solve for the set of feasible paths that satisfy the observation time constraints. Step 4: Determine the system reachability identifier set that is consistent with the time of the time tag sequence based on the set of feasible paths, and determine the opacity of the current state based on the identifier set; Step 5: Search the set of time-consistent paths for paths in which all states do not belong to the secret identifier set, and determine the opacity of the current state based on the path.

2. The method of claim 1, wherein, The labeled temporal Petri net model is represented by a triple, which includes the Petri net structure, a time function, and a label function, wherein: The Petri net structure includes a set of places and a set of transitions; The time function is used to assign a static emission interval consisting of a lower bound time value and an upper bound time value to each transition; The label function is used to specify an observed label or an unobservable label for each transition.

3. The method of claim 1, wherein, The partially corrected state class diagram is a directed graph structure, where each node represents a state class. The state class includes a system identifier and a set of time constraints. The set of time constraints describes the allowable launch time interval under the current identifier.

4. The method of claim 1, wherein, The linear programming problem is used to determine the satisfiability of path-time constraints, which include: The launch time of each transition is not less than the lower bound of the corresponding transition time; The launch time of each transition is no greater than the upper bound of the corresponding transition time. The sum of all transition launch times is no greater than the total observation time; The transition launch time corresponding to the observation tag is consistent with the observation time.

5. The method of claim 1, wherein, The rule for determining the opacity of the current state is as follows: If there is an identifier in the identifier set that is consistent with the time of the time tag sequence that does not belong to the secret identifier set, then the time tag sequence satisfies the current state opacity.

6. The method of claim 1, wherein, The rule for determining strong current state opacity is as follows: If there exists a path in the set of time-consistent paths, in which the identifiers corresponding to all states do not belong to the secret identifier set, then the time-label sequence satisfies strong current state opacity.

7. A timed discrete-event system strong opacity verification system, characterized in that, The system is used to perform the method of claim 1, the system comprising: The model building module is used to build labeled-temporal Petri net models of timed discrete event systems. The state class diagram generation module is used to generate a partially corrected state class diagram based on the time tag sequence. The path search module is used to search for transition paths in a partially modified state class graph that have observable projections and logical label sequences. The time consistency solution module is used to construct a linear programming problem based on the transition time constraints and solve for the set of paths that satisfy the observation time constraints. The opacity determination module is used to determine the opacity of the current state and the strong opacity of the current state based on the time-consistent path set and the secret identifier set.

8. The system of claim 7, wherein, The path search module is used to search for paths containing observable and unobservable transitions in the partially modified state class graph, and to calculate the allowable launch time interval for each transition.

9. A discrete event system safety verification apparatus characterized by comprising: The method includes a processor and a memory, wherein the memory stores program instructions, and the processor executes the program instructions to implement the method according to any one of claims 1 to 6.

10. The apparatus of claim 9, wherein, The program stored in the memory is used to implement the following processing procedures: Construct a labeled time Petri net model; Generate a partially corrected state class diagram; Search for paths that match the observed label sequences; Solve for path time consistency constraints; Determine whether the current state of the system is opaque or strongly opaque.