Security Requirements Engineering in Safety-Critical Railway Signalling Networks
Open Access
- 14 July 2019
- journal article
- research article
- Published by Hindawi Limited in Security and Communication Networks
- Vol. 2019, 1-14
- https://doi.org/10.1155/2019/8348925
Abstract
Securing a safety-critical system is a challenging task, because safety requirements have to be considered alongside security controls. We report on our experience to develop a security architecture for railway signalling systems starting from the bare safety-critical system that requires protection. We use a threat-based approach to determine security risk acceptance criteria and derive security requirements. We discuss the executed process and make suggestions for improvements. Based on the security requirements, we develop a security architecture. The architecture is based on a hardware platform that provides the resources required for safety as well as security applications and is able to run these applications of mixed-criticality (safety-critical applications and other applications run on the same device). To achieve this, we apply the MILS approach, a separation-based high-assurance security architecture to simplify the safety case and security case of our approach. We describe the assurance requirements of the separation kernel subcomponent, which represents the key component of the MILS architecture. We further discuss the security measures of our architecture that are included to protect the safety-critical application from cyberattacks.This publication has 16 references indexed in Scilit:
- Challenges and Approaches in Securing Safety-Relevant Railway SignallingPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2017
- L4 MicrokernelsACM Transactions on Computer Systems, 2016
- A survey of approaches combining safety and security for industrial control systemsReliability Engineering & System Safety, 2015
- Comprehensive formal verification of an OS microkernelACM Transactions on Computer Systems, 2014
- Mils Architecture2013
- Towards an IT Security Protection Profile for Safety-Related Communication in Railway AutomationLecture Notes in Computer Science, 2012
- Towards the Design of Certifiable Mixed-criticality SystemsPublished by Institute of Electrical and Electronics Engineers (IEEE) ,2010
- An optimization based design for integrated dependable real-time embedded systemsDesign Automation for Embedded Systems, 2009
- The MILS architecture for high-assurance embedded systemsInternational Journal of Embedded Systems, 2006
- Design and verification of secure systemsPublished by Association for Computing Machinery (ACM) ,1981