In this work, we investigate the problem of privacy-preserving supervisory control against an external passive intruder via co-synthesis of a dynamic mask, an edit function, and a supervisor. We attempt to achieve the following goals: (1) the system secret cannot be inferred by the intruder, i.e., opacity of secrets against the intruder, and the existence of the dynamic mask and the edit function should not be discovered by the intruder, i.e., covertness of dynamic mask and edit function against the intruder; (2) some safety and nonblockingness requirement should be satisfied. We assume the intruder can eavesdrop both the sensing information generated by the sensors and the control commands issued to the actuators. Our approach is to model the co-synthesis problem as a distributed supervisor synthesis problem in the Ramadge–Wonham supervisory control framework, and we propose an incremental synthesis heuristic to incrementally synthesize a dynamic mask, an edit function and a supervisor. The effectiveness of our approach is illustrated on an example about location privacy.

在这项工作中，我们通过动态掩码、编辑功能和监督者的共同合成来研究针对外部被动入侵者的隐私保护监督控制问题。我们试图达到以下目标：（1）系统秘密不能被入侵者推断，即秘密对入侵者的不透明性，动态掩码和编辑功能的存在不应该被入侵者发现，即、动态掩码和编辑功能对入侵者的隐蔽性；(2) 应满足一定的安全性和非阻塞性要求。我们假设入侵者可以窃听传感器生成的传感信息和发给执行器的控制命令。我们的方法是将协同综合问题建模为 Ramadge-Wonham 监督控制框架中的分布式监督综合问题，我们提出了一种增量综合启发式方法，以增量合成动态掩码、编辑功能和监督。我们的方法的有效性在一个关于位置隐私的例子中得到了说明。