Security analysis of urban railway systems: The need for a cyber-physical perspective

Binbin Chen, Christoph Schmittner, Zhendong Ma, William G. Temple, Xinshu Dong, Douglas L. Jones, William H. Sanders

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume9338
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

OtherInternational Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015
CountryNetherlands
CityDelft
Period9/22/159/22/15

Fingerprint

Security Analysis
Railway
Information and Communication Technology
Communication
Safety
Maintainability
Application programs
Availability
Control System
Attack
Concretes
Engineering
Control systems

Keywords

  • Cyber-physical systems
  • Security analysis
  • Urban railway systems

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Chen, B., Schmittner, C., Ma, Z., Temple, W. G., Dong, X., Jones, D. L., & Sanders, W. H. (2015). Security analysis of urban railway systems: The need for a cyber-physical perspective. In C. van Gulijk, & F. Koornneef (Eds.), Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings (pp. 277-290). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9338). Springer-Verlag. https://doi.org/10.1007/978-3-319-24249-1_24

Security analysis of urban railway systems : The need for a cyber-physical perspective. / Chen, Binbin; Schmittner, Christoph; Ma, Zhendong; Temple, William G.; Dong, Xinshu; Jones, Douglas L.; Sanders, William H.

Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. ed. / Coen van Gulijk; Floor Koornneef. Springer-Verlag, 2015. p. 277-290 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9338).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Chen, B, Schmittner, C, Ma, Z, Temple, WG, Dong, X, Jones, DL & Sanders, WH 2015, Security analysis of urban railway systems: The need for a cyber-physical perspective. in C van Gulijk & F Koornneef (eds), Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9338, Springer-Verlag, pp. 277-290, International Conference on Computer Safety, Reliability, and Securitym, SAFECOMP 2015 and held 3rd International Workshop on Assurance Cases for Software-Intensive Systems ASSURE 2015, Workshop on Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems, DECSoS 2015, 2nd International Workshop on the Integration of Safety and Security Engineering, ISSE 2015, Workshop on Reliability and Security Aspects for Critical Infrastructure Protection, ReSA4CI 2015, and 4th InternationalWorkshop on NextGeneration of System Assurance Approaches for Safety-Critical Systems SASSUR, 2015, Delft, Netherlands, 9/22/15. https://doi.org/10.1007/978-3-319-24249-1_24
Chen B, Schmittner C, Ma Z, Temple WG, Dong X, Jones DL et al. Security analysis of urban railway systems: The need for a cyber-physical perspective. In van Gulijk C, Koornneef F, editors, Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. Springer-Verlag. 2015. p. 277-290. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-24249-1_24
Chen, Binbin ; Schmittner, Christoph ; Ma, Zhendong ; Temple, William G. ; Dong, Xinshu ; Jones, Douglas L. ; Sanders, William H. / Security analysis of urban railway systems : The need for a cyber-physical perspective. Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings. editor / Coen van Gulijk ; Floor Koornneef. Springer-Verlag, 2015. pp. 277-290 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{5d5fa6f8b269423a95139a901ce9575c,
title = "Security analysis of urban railway systems: The need for a cyber-physical perspective",
abstract = "Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.",
keywords = "Cyber-physical systems, Security analysis, Urban railway systems",
author = "Binbin Chen and Christoph Schmittner and Zhendong Ma and Temple, {William G.} and Xinshu Dong and Jones, {Douglas L.} and Sanders, {William H.}",
year = "2015",
month = "1",
day = "1",
doi = "10.1007/978-3-319-24249-1_24",
language = "English (US)",
isbn = "9783319242484",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer-Verlag",
pages = "277--290",
editor = "{van Gulijk}, Coen and Floor Koornneef",
booktitle = "Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings",

}

TY - GEN

T1 - Security analysis of urban railway systems

T2 - The need for a cyber-physical perspective

AU - Chen, Binbin

AU - Schmittner, Christoph

AU - Ma, Zhendong

AU - Temple, William G.

AU - Dong, Xinshu

AU - Jones, Douglas L.

AU - Sanders, William H.

PY - 2015/1/1

Y1 - 2015/1/1

N2 - Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

AB - Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.

KW - Cyber-physical systems

KW - Security analysis

KW - Urban railway systems

UR - http://www.scopus.com/inward/record.url?scp=84969790733&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84969790733&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-24249-1_24

DO - 10.1007/978-3-319-24249-1_24

M3 - Conference contribution

AN - SCOPUS:84969790733

SN - 9783319242484

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 277

EP - 290

BT - Computer Safety, Reliability, and Security - AFECOMP 2015 Workshops ASSURE, DECSoS, ISSE, ReSA4CI, and SASSUR, Proceedings

A2 - van Gulijk, Coen

A2 - Koornneef, Floor

PB - Springer-Verlag

ER -