An attack tree-based approach for vulnerability assessment of communication-based train control systems

Dong, Huiyu; Wang, Hongwei; Tang, Tao

doi:10.1109/cac.2017.8243932

Cited by 9 publications

(8 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These risk assessments are generally focused on attacks that could impact safety, as defined in the functional safety standards. 10,11,[15][16][17][18][19][20][21] In rail the most common scenario modelled is a hacker compromising the ICS so as to cause: a loss of safe distance, an over-speed event or collision via disrupting signals. This bias of considering only the most catastrophic hazard and framing cybersecurity controls to make this as difficult as possible, may not do justice to the intelligence of hackers.…”

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

“…There may also be complexity in modern rail control systems that makes it very difficult to understand all the components and their interactions under all circumstances. 18,22…”

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

“…This opinion is support by other researchers. 18 Domain-specific intrusion detection and message authentication were found to be the most effective means of detecting and rejecting fake messages. Use of secure MILS-based platforms makes it very difficult to modify the operation of track-side equipment, without causing the device to become non-responsive.…”

Section: Hacking the Train Icsmentioning

confidence: 99%

See 2 more Smart Citations

Railway cyber safety: An intelligent threat perspective

Unwin

Sanzogni

2021

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

Cybersecurity threats to railways are increasing, both due to improvements in the techniques of hackers and the increasing merger of cyber and physical spheres. Accepted approaches to safety can be extended to consider the risks from cyber, however the nature of railways as complex cyber-physical systems of systems may require a broader approach beyond functional safety. This paper explores some of the cybersecurity hazards using a war gaming approach. The authors find that, while standard engineering approaches are effective in building new rail control system components, a broader and more creative consideration of attacks has benefits. In particular they identify the ability to cause mass disruption by targeting the fail-safes designed to ensure safety or auxiliary systems that are not directly classified within the scope of the ICS.

show abstract

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

“…There may also be complexity in modern rail control systems that makes it very difficult to understand all the components and their interactions under all circumstances. 18,22…”

Section: Cognitive Bias In Threat and Risk Assessmentmentioning

confidence: 99%

Section: Hacking the Train Icsmentioning

confidence: 99%

See 1 more Smart Citation

Railway cyber safety: An intelligent threat perspective

Unwin

Sanzogni

2021

Proceedings of the Institution of Mechanical Engineers, Part F:

View full text Add to dashboard Cite

show abstract

“…Yeqi Ru et al [12] proposed an AHP quantitative risk assessment method based on attack tree model and AHP to assess the impact of cyber-attacks on the entire electronic physical system. Dong et al [13] established the CBTC system attack tree model to assess the rail transit control system. The above research results show that the attack tree is an effective mathematical model to judge the potential threats of the ICS system.…”

Section: Introductionmentioning

confidence: 99%

Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees

Shang

Gong

Chen

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

Information security risk assessment for industrial control system is usually influenced by uncertain factors. For effectively dealing with problem that the uncertainty and quantification difficulties are caused by subjective and objective factors in the assessment process, an information security risk assessment method based on attack tree model with fuzzy set theory and probability risk assessment technology is proposed, which is applied in a risk scenario of ship control system. Firstly, potential risks of the control system are analyzed and the attack tree model is established. Then triangular fuzzy numbers and expert knowledge are used to determine the factors that influence the probability of a leaf node and the leaf nodes are quantified to obtain the interval probability. Finally, the fuzzy arithmetic is used to determine the interval probability of the root node and the attack path. After defuzzification, the potential risks of the system and the probability of occurrence of each attack path are obtained. Compared with other methods, the proposed method can greatly reduce the impact of subjectivity on the risk assessment of industrial control systems and get more stable, reliable, and scientific evaluation results.

show abstract

“…This paper synthesized the safety and security features of the urban rail transit train control system, comprehensively considered the security threats and vulnerabilities and the hazard sources of the train control system, and analyzed the relationship between security risks and safety risks. Dong et al [9] used attack tree to evaluate the vulnerability of a CBTC system based on its network topology, redundant structure, and operation principles. Assessments covered the current security states, port auditing, password policies, and communication protocols of systems.…”

Section: Introductionmentioning

confidence: 99%

Security Analysis for CBTC Systems under Attack–Defense Confrontation

2019

Electronics

View full text Add to dashboard Cite

Communication-based train controls (CBTC) systems play a major role in urban rail transportation. As CBTC systems are no longer isolated from the outside world but use other networks to increase efficiency and improve productivity, they are exposed to huge cyber threats. This paper proposes a generalized stochastic Petri net (GSPN) model to capture dynamic interaction between the attacker and the defender to evaluate the security of CBTC systems. Depending on the characteristics of the system and attack–defense methods, we divided our model into two phases: penetration and disruption. In each phase, we provided effective means of attack and corresponding defensive measures, and the system state was determined correspondingly. Additionally, a semiphysical simulation platform and game model were proposed to assist the GSPN model parameterization. With the steady-state probability of the system output from the model, we propose several indicators for assessing system security. Finally, we compared the security of the system with single defensive measures and multiple defensive measures. Our evaluations indicated the significance of the defensive measures and the seriousness of the system security situation.

show abstract

An attack tree-based approach for vulnerability assessment of communication-based train control systems

Cited by 9 publications

References 7 publications

Railway cyber safety: An intelligent threat perspective

Railway cyber safety: An intelligent threat perspective

Information Security Risk Assessment Method for Ship Control System Based on Fuzzy Sets and Attack Trees

Security Analysis for CBTC Systems under Attack–Defense Confrontation

Contact Info

Product

Resources

About