Security Requirements Engineering in Safety-Critical Railway Signalling Networks

Heinrich, Markus; Vateva-Gurova, Tsvetoslava; Arul, Tolga; Katzenbeisser, Stefan; Suri, Neeraj; Birkholz, Henk; Fuchs, Andreas; Krauß, Christoph; Zhdanova, Maria; Kuzhiyelil, Don; Tverdyshev, Sergey; Schlehuber, Christian

doi:10.1155/2019/8348925

Cited by 13 publications

(14 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These risk assessments are generally focused on attacks that could impact safety, as defined in the functional safety standards. 10,11,[15][16][17][18][19][20][21] In rail the most common scenario modelled is a hacker compromising the ICS so as to cause: a loss of safe distance, an over-speed event or collision via disrupting signals. This bias of considering only the most catastrophic hazard and framing cybersecurity controls to make this as difficult as possible, may not do justice to the intelligence of hackers.…”

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

See 1 more Smart Citation

Railway cyber safety: An intelligent threat perspective

Unwin

Sanzogni

2021

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

Cybersecurity threats to railways are increasing, both due to improvements in the techniques of hackers and the increasing merger of cyber and physical spheres. Accepted approaches to safety can be extended to consider the risks from cyber, however the nature of railways as complex cyber-physical systems of systems may require a broader approach beyond functional safety. This paper explores some of the cybersecurity hazards using a war gaming approach. The authors find that, while standard engineering approaches are effective in building new rail control system components, a broader and more creative consideration of attacks has benefits. In particular they identify the ability to cause mass disruption by targeting the fail-safes designed to ensure safety or auxiliary systems that are not directly classified within the scope of the ICS.

show abstract

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

“…• MILS-Based secure-platform for ICS, 19 • Domain-specific and cross-organisational intrusion detection and monitoring, 23 and • Advanced honeypot and deception solutions 24 )…”

Section: Existential Threats To Rail Operationsmentioning

confidence: 99%

Railway cyber safety: An intelligent threat perspective

Unwin

Sanzogni

2021

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

show abstract

“…With the shell concept, security and safety functionality is separated such that security can be updated independently from safety, and security does not interfere negatively with the safety functionality. Heinrich et al [6] propose a hardware platform according to the shell concept that allows the execution of safety and security functionality on the same hardware without interference by the help of a separation kernel. The rule-based anomaly detection proposed in this article can be one of the security measures deployed on this platform that interacts with the safety functionality which controls the railway signalling field elements.…”

Section: Related Workmentioning

confidence: 99%

“…We investigate anomaly detection on the controllers of railway signalling as one building block among many of a defence in depth concept. Other security measures should cover communication integrity and authentication, hardware integrity against physical tampering with devices, a separation kernel to isolate different pieces of software, and health monitoring during runtime as discussed by Heinrich et al [6]. We study sophisticated semantic attacks that make use of licit control commands to set railway signals and points to a state that may cause train accidents.…”

Section: Introductionmentioning

confidence: 99%

Rule-based Anomaly Detection for Railway Signalling Networks

Heinrich¹,

Gölz²,

Arul³

et al. 2020

Preprint

Self Cite

View full text Add to dashboard Cite

We propose a rule-based anomaly detection system for railway signalling that mitigates attacks by a Dolev-Yao attacker who is able to inject control commands and to perform semantic attacks. The system as well mitigates the effects of a compromised signal box that an attacker uses to issue licit but mistimed control messages. We consider an attacker that could cause train derailments and collisions, if our countermeasure is not employed. We apply safety principles of railway operation to a distributed anomaly detection system that inspects incoming commands on the signals and points. The proposed anomaly detection system detects all attacks of our model without producing false positives, while it requires only a small amount of overhead in terms of network communication and latency compared to normal train operation.

show abstract

“…With the increase of phenomena like cyber-terrorism and malevolent attacks in general, FMs can be used to create fully secure architectures that allow the proper function of the railway network, while in the same time they enable the developers to make sure that security requirements are not violated across the engineering and development processes. Reports can be found on such cases, such as the one by Heinrich et al [37], who propose several security requirements that architectures, such as the one proposed in this article, should cover.…”

Section: Security Of Railway Signaling Systemsmentioning

confidence: 99%

Research Directions Regarding the Adoption of Formal Methods in the Railway Signaling Sector: Determinants and Next Steps for Future-Proof Railways

Rizopoulos

Olsson

Lindahl

et al. 2020

WIT Transactions on the Built Environment

View full text Add to dashboard Cite

The terms Formal Methods (FMs) refer to a set of techniques and software toolkits that, based on mathematical rigor, can enhance safety, security, and the efficient operation of a wide range of systems. Considering that several innovative FMs applications have been performed over the last few decades, the utility of toolkits that are based on FMs has already been showcased in several industrial settings, such as the avionics and automotive industries, medical devices, computer software, and hardware systems, and finally, the railways and the railway-signalling sector. The current article focuses on the last of the aforementioned sectors, that of railway signalling, and aims to analyse research directions that regard the adoption of FMs in signalling. Despite the benefits and the availability of reports on the topic, the implementation of the adoption of FMs can be considered yet to be successful in most organizations that develop related systems. The authors have observed that this implementation lag in the adoption of FMs may stem from the absence of systematic approaches to the study of adoption. In that regard, a set of five Research Questions (RQs) is introduced in this article for the adoption of FMs in railway signalling systems. Furthermore, answers regarding two of those questions are given within the current article regarding: (i) studies on the adoption of FMs, and (ii) successful applications and benefits of FMs. The remaining three RQs are intended to point out issues for future research. By providing answers to all five RQs, it is expected that a map for the demand of FMs applications in railway signalling is introduced in the following years, as well as the role of the potential stakeholders in those applications.

show abstract

Security Requirements Engineering in Safety-Critical Railway Signalling Networks

Cited by 13 publications

References 17 publications

Railway cyber safety: An intelligent threat perspective

Railway cyber safety: An intelligent threat perspective

Rule-based Anomaly Detection for Railway Signalling Networks

Research Directions Regarding the Adoption of Formal Methods in the Railway Signaling Sector: Determinants and Next Steps for Future-Proof Railways

Contact Info

Product

Resources

About