nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Security Analysis of Urban Railway Systems: The Need for a Cyber-Physical Perspective

verfasst von : Binbin Chen, Christoph Schmittner, Zhendong Ma, William G. Temple, Xinshu Dong, Douglas L. Jones, William H. Sanders

Erschienen in: Computer Safety, Reliability, and Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel Combining MILS with Contract-Based Design for Safety and Security Requirements

Nächstes Kapitel Sequential and Parallel Attack Tree Modelling

Ansaldo STS, “CBTC Communication Based Train Control”. http://www.ansaldo-sts.com/sites/ansaldosts.message-asp.com/files/imce/cbtc.pdf

Siemens, A.G.: Trainguard sirius CBTC (2013). http://www.mobility.siemens.com/mobility/global/SiteCollectionDocuments/en/rail-solutions/rail-automation/train-control-systems/trainguard-sirius-cbtc-en.pdf

MyTransport.SG App. http://www.mytransport.sg/mobile/mytransport_mobile.html

Massachusetts Bay Transportation Authority Apps. http://www.mbta.com/rider_tools/

Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014)

Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)

IEEE Vehicular Technology Society, “IEEE Standard for Communications-Based Train Control (CBTC) Performance and Functional Requirements (1474.1-2004)” (2004)

Thales, INOV, “Secur-ed cyber-security roadmap for ptos”. http://www.secur-ed.eu/wp-content/uploads/2014/11/SECUR-ED_Cyber_security_roadmap_v3.pdf

EN 50129, Railway applications–Communication, signalling and processing systems–Safety related electronic systems for signalling (2010)

10.

Chudleigh, M., Catmur, J.: Safety assessment of computer systems using hazop and audit techniques. In: Proceedings of the Conference on Computer Safety, Reliability and Security (SAFECOMP) (1992)

11.

IEC 60812, Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA) (2006)

12.

Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, p. 14. Springer, Heidelberg (2001) CrossRef

13.

Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)

14.

Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2006)

15.

LeMay, E., Ford, M., Keefe, K., Sanders, W.H., Muehrke, C.: Model-based security metrics using ADversary VIew Security Evaluation (ADVISE). In: Proceedings of the Conference on Quantitative Evaluation of SysTems (QEST) (2011)

16.

Chen, B., Kalbarczyk, Z., Nicol, D.M., Sanders, W.H., Tan, R., Temple, W.G., Tippenhauer, N.O., Vu, A.H., Yau, D.K.: Go with the flow: toward workflow-oriented security assessment. In: Proceedings of the New Security Paradigms Workshop (NSPW) (2013)

17.

APTA Standards Development Program, Securing Control and Communications Systems in Rail Transit Environments: Part IIIa (2014). http://www.apta.com/resources/standards/public-comment/Documents/APTA SS_CC_WPSecuringCandCSystemsinRailTransitEnvironmentsPartIIIaPC4Q2014.doc

18.

Vu, A.H., Tippenhauer, N.O., Chen, B., Nicol, D.M., Kalbarczyk, Z.: CyberSAGE: a tool for automatic security assessment of cyber-physical systems. In: Norman, G., Sanders, W. (eds.) QEST 2014. LNCS, vol. 8657, pp. 384–387. Springer, Heidelberg (2014)

19.

Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011) CrossRef

20.

ISO 26262, Road vehicles - Functional safety (2011)

21.

Bowtie Method. http://www.caa.co.uk/bowtie

22.

Legara, E.F., Monterola, C., Lee, K.K., Hung, G.G.: Critical capacity, travel time delays and travel time distribution of rapid mass transit systems. Physica A Stat. Mech. Appl. 406, 100–106 (2014)CrossRef

Titel: Security Analysis of Urban Railway Systems: The Need for a Cyber-Physical Perspective
verfasst von: Binbin Chen
Christoph Schmittner
Zhendong Ma
William G. Temple
Xinshu Dong
Douglas L. Jones
William H. Sanders
Verlag: Springer International Publishing
Buch: Computer Safety, Reliability, and Security
Print ISBN: 978-3-319-24248-4

Electronic ISBN: 978-3-319-24249-1

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-24249-1_24

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"