Security analysis of urban railway systems: The need for a cyber-physical perspective

Binbin Chen; Christoph Schmittner; Zhendong Ma; William G. Temple; Xinshu Dong; Douglas L. Jones; William H. Sanders

doi:10.1007/978-3-319-24249-1_24

Security analysis of urban railway systems: The need for a cyber-physical perspective

Binbin Chen, Christoph Schmittner, Zhendong Ma, William G. Temple, Xinshu Dong, Douglas L. Jones, William H. Sanders

Electrical and Computer Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

Original language	English (US)
Title of host publication	Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings
Editors	Coen van Gulijk, Floor Koornneef
Publisher	Springer
Pages	277-290
Number of pages	14
ISBN (Print)	9783319242484
DOIs	https://doi.org/10.1007/978-3-319-24249-1_24
State	Published - 2015
Event	International Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015 - Delft, Netherlands Duration: Sep 22 2015 → Sep 22 2015

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9338
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	International Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015
Country/Territory	Netherlands
City	Delft
Period	9/22/15 → 9/22/15

Keywords

Cyber-physical systems
Security analysis
Urban railway systems

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Online availability

10.1007/978-3-319-24249-1_24

Library availability

Discover UIUC Full Text

Cite this

Chen, B., Schmittner, C., Ma, Z., Temple, W. G., Dong, X., Jones, D. L., & Sanders, W. H. (2015). Security analysis of urban railway systems: The need for a cyber-physical perspective. In C. van Gulijk, & F. Koornneef (Eds.), Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings (pp. 277-290). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9338). Springer. https://doi.org/10.1007/978-3-319-24249-1_24

Security analysis of urban railway systems: The need for a cyber-physical perspective. / Chen, Binbin; Schmittner, Christoph; Ma, Zhendong et al.
Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. ed. / Coen van Gulijk; Floor Koornneef. Springer, 2015. p. 277-290 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9338).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chen, B, Schmittner, C, Ma, Z, Temple, WG, Dong, X, Jones, DL & Sanders, WH 2015, Security analysis of urban railway systems: The need for a cyber-physical perspective. in C van Gulijk & F Koornneef (eds), Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9338, Springer, pp. 277-290, International Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015, Delft, Netherlands, 9/22/15. https://doi.org/10.1007/978-3-319-24249-1_24

Chen B, Schmittner C, Ma Z, Temple WG, Dong X, Jones DL et al. Security analysis of urban railway systems: The need for a cyber-physical perspective. In van Gulijk C, Koornneef F, editors, Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. Springer. 2015. p. 277-290. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-24249-1_24

Chen, Binbin ; Schmittner, Christoph ; Ma, Zhendong et al. / Security analysis of urban railway systems : The need for a cyber-physical perspective. Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. editor / Coen van Gulijk ; Floor Koornneef. Springer, 2015. pp. 277-290 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5d5fa6f8b269423a95139a901ce9575c,

title = "Security analysis of urban railway systems: The need for a cyber-physical perspective",

abstract = "Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.",

keywords = "Cyber-physical systems, Security analysis, Urban railway systems",

author = "Binbin Chen and Christoph Schmittner and Zhendong Ma and Temple, {William G.} and Xinshu Dong and Jones, {Douglas L.} and Sanders, {William H.}",

note = "Funding Information: This work was supported in part by the National Research Foundation (NRF), Prime Minister{\textquoteright}s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate, and supported in part by Singapore{\textquoteright}s Agency for Science, Technology, and Research (A*STAR) under the Human Sixth Sense Programme (HSSP). The work of Schmittner and Ma was partially funded by the European Commission through the project Creating an Agenda for Research ON Transportation sEcurity (CARONTE) Publisher Copyright: {\textcopyright} Springer International Publishing Switzerland 2015.; International Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015 ; Conference date: 22-09-2015 Through 22-09-2015",

year = "2015",

doi = "10.1007/978-3-319-24249-1_24",

language = "English (US)",

isbn = "9783319242484",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "277--290",

editor = "{van Gulijk}, Coen and Floor Koornneef",

booktitle = "Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings",

address = "Germany",

}

TY - GEN

T1 - Security analysis of urban railway systems

T2 - International Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015

AU - Chen, Binbin

AU - Schmittner, Christoph

AU - Ma, Zhendong

AU - Temple, William G.

AU - Dong, Xinshu

AU - Jones, Douglas L.

AU - Sanders, William H.

N1 - Funding Information: This work was supported in part by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate, and supported in part by Singapore’s Agency for Science, Technology, and Research (A*STAR) under the Human Sixth Sense Programme (HSSP). The work of Schmittner and Ma was partially funded by the European Commission through the project Creating an Agenda for Research ON Transportation sEcurity (CARONTE) Publisher Copyright: © Springer International Publishing Switzerland 2015.

PY - 2015

Y1 - 2015

N2 - Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

AB - Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

KW - Cyber-physical systems

KW - Security analysis

KW - Urban railway systems

UR - http://www.scopus.com/inward/record.url?scp=84969790733&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84969790733&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24249-1_24

DO - 10.1007/978-3-319-24249-1_24

M3 - Conference contribution

AN - SCOPUS:84969790733

SN - 9783319242484

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 277

EP - 290

BT - Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings

A2 - van Gulijk, Coen

A2 - Koornneef, Floor

PB - Springer

Y2 - 22 September 2015 through 22 September 2015

ER -

Security analysis of urban railway systems: The need for a cyber-physical perspective

Abstract

Publication series

Other

Keywords

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this