This paper investigates the violation of current-state anonymity and opacity in discrete-event systems under bounded-state attacks: an active attacker probes the system by querying whether the current state belongs to a secret subset and leverages observed output sequences to infer the exact state or confirm its membership in the secret set. We propose the first comprehensive framework for synthesizing bounded-state attack strategies, constructing a joint observation–attack model based on nondeterministic finite automata and designing a formal-verification-driven algorithm for generating attack paths. We prove the decidability of such attacks and provide a complexity analysis. Experimental results demonstrate that our method effectively computes shortest attack sequences that force either state disclosure or secret-set confirmation, thereby exposing critical privacy vulnerabilities in the system.

Attacks, including the manipulation of sensor readings and the modification of actuator commands, pose a significant challenge to the security and privacy of automated systems. This paper considers discrete event systems that can be modeled with nondeterministic finite state automata that are susceptible to state attacks. A state attack allows an intruder to learn whether or not the current state of a system falls into certain subsets of states. The intruder has a limited total number of state attacks at its disposal, but can launch state attacks at arbitrary instants of its choosing. We are interested on violations of current-state anonymity (resp. opacity), i.e., situations where the intruder, based on the sequence of observations generated by the system and the outcome of any performed state attacks, can ascertain the exact current state of the system (resp. that the current state of the system definitely resides in a subset of secret states). When the system violates current-state anonymity (resp. opacity) under a bounded number of state attacks, a subsequent question is whether the intruder can design an attack strategy such that anonymity-violating (resp. opacity-violating) situations will always be reached. In this latter case, we also design an attack strategy that guarantees that the system will reach a violating situation regardless of system actions. We provide pertinent complexity analysis of the corresponding verification algorithms and examples to illustrate the proposed methods.