Opacity-enforcing for Process Algebras ⋆ Damas P. Gruska 1 and M. Carmen Ruiz 2 1 Comenius University, Slovakia 2 Universidad de Castilla-La Mancha, Spain Abstract. Supervisory control as a way how to guarantee security of processes is discussed and studied. We work with a security property called processes opacity and we investigate how it can be enforced. Su- pervisors can restrict behaviour of the original systems by enabling or disabling some actions to guarantee its security. We study maximal su- pervisors as the least restricting supervisory control processes. Moreover, we study also enhanced supervisory control which can add idling between system’s action to prevent timing attacks. Keywords: security, opacity, process algebras, information flow, super- visory control 1 Introduction The great revolution brought about by the internet of things involves the emer- gence of new devices, new protocols and, of course, new security needs to fulfill the new requirements. New protocols come into operation before they have been evaluated in depth. This leads to the appearance of new versions of the pro- tocol that is not always compatible with its predecessors and that companies will not always incorporate in their devices with sufficient speed. In addition, these solutions usually require downloading a new code and this itself is open to security attacks. This lack of security has been detected even in our own works. For example in [Gar16] we present an architecture for Wireless Sensor and Ac- tuator Networks (WSAN) using the Bluetooth Low Energy (BLE) and TCP/IP protocols in conjunction, which make necessary to include bridges that lack ba- sic security requirements. Another example can be found in [Hor17] where we propose a new packet format and a new BLE mesh topology, with two different configurations: Individual Mesh and Collaborative Mesh. All these represent our motivation to study applicability of formal models and formal methods to define and enforce system’s security. As regards formalism, we will work with timed process algebra. Then we exploit information flow based security properties (see [GM82]) which assume an absence of any information flow between private and public systems activities. This means that systems are considered to be secure if from observations of their public activities no information about private ac- tivities or states can be deduced. This approach has found many reformulations and among them opacity (see [BKR04,BKMR06]) could be considered as the ⋆ Work supported by the grant VEGA 1/0778/18.