Enforcement of opacity security properties for ship information system

In this paper, we consider the cybersecurity issue of ship information system (SIS) from a new perspective which is called opacity. For a SIS, its confidential information (named as “secret”) may be leaked through the working behaviors of each Distributed Control Unit (DCU) from an outside observer called an “intruder” which is able to determine ship's mission state by detecting the source of each data flow from the corresponding DCUs in SIS. Therefore we proposed a dual layer mechanism to enforce opacity by activating non-essential DCU during secret mission. This mechanism is calculated by two types of insertion functions: Safety-assured insertion function (fIS) and Admissibility-assured insertion function (fIA). Due to different objectives, fIS is designed to confuse intruder by constructing a non-secret behaviors from a unsafe one, and the division of fIA is to polish the modified output behaviors back to normal. We define the property of “I2–Enforceability” that dual layer insertion functions has the ability to enforce opacity. By a given mission map of SIS and the marked secret missions, we propose an algorithm to select fIS and compute its matchable fIA and then the DCUs which should be activated to release non-essential data flow in each step is calculable.