Security Analysis of Urban Railway Systems: The Need for a Cyber-Physical Perspective

  • Binbin ChenEmail author
  • Christoph Schmittner
  • Zhendong Ma
  • William G. Temple
  • Xinshu Dong
  • Douglas L. JonesEmail author
  • William H. SandersEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9338)


Urban railway systems are increasingly relying on information and communications technologies (ICT). This evolution makes cybersecurity an important concern, in addition to the traditional focus on reliability, availability, maintainability and safety. In this paper, we examine two examples of cyber-intensive systems in urban railway environments—a communications-based train control system, and a mobile app that provides transit information to commuters—and use them to study the challenges for conducting security analysis in this domain. We show the need for a cyber-physical perspective in order to understand the cross-domain attack/defense and the complicated physical consequence of cyber breaches. We present security analysis results from two different methods that are used in the safety and ICT security engineering domains respectively, and use them as concrete references to discuss the way to move forward.


Security analysis Urban railway systems Cyber-physical systems 



This work was supported in part by the National Research Foundation (NRF), Prime Minister’s Office, Singapore, under its National Cybersecurity R&D Programme (Award No. NRF2014NCR-NCR001-31) and administered by the National Cybersecurity R&D Directorate, and supported in part by Singapore’s Agency for Science, Technology, and Research (A*STAR) under the Human Sixth Sense Programme (HSSP). The work of Schmittner and Ma was partially funded by the European Commission through the project Creating an Agenda for Research ON Transportation sEcurity (CARONTE).


  1. 1.
    Ansaldo STS, “CBTC Communication Based Train Control”.
  2. 2.
  3. 3.
  4. 4.
    Massachusetts Bay Transportation Authority Apps.
  5. 5.
    Schmittner, C., Gruber, T., Puschner, P., Schoitsch, E.: Security application of failure mode and effect analysis (FMEA). In: Bondavalli, A., Di Giandomenico, F. (eds.) SAFECOMP 2014. LNCS, vol. 8666, pp. 310–325. Springer, Heidelberg (2014) Google Scholar
  6. 6.
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. 24(12), 21–29 (1999)Google Scholar
  7. 7.
    IEEE Vehicular Technology Society, “IEEE Standard for Communications-Based Train Control (CBTC) Performance and Functional Requirements (1474.1-2004)” (2004)Google Scholar
  8. 8.
    Thales, INOV, “Secur-ed cyber-security roadmap for ptos”.
  9. 9.
    EN 50129, Railway applications–Communication, signalling and processing systems–Safety related electronic systems for signalling (2010)Google Scholar
  10. 10.
    Chudleigh, M., Catmur, J.: Safety assessment of computer systems using hazop and audit techniques. In: Proceedings of the Conference on Computer Safety, Reliability and Security (SAFECOMP) (1992)Google Scholar
  11. 11.
    IEC 60812, Analysis techniques for system reliability - procedure for failure mode and effects analysis (FMEA) (2006)Google Scholar
  12. 12.
    Winther, R., Johnsen, O.-A., Gran, B.A.: Security assessments of safety critical systems using HAZOPs. In: Voges, U. (ed.) SAFECOMP 2001. LNCS, vol. 2187, p. 14. Springer, Heidelberg (2001) CrossRefGoogle Scholar
  13. 13.
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.: Automated generation and analysis of attack graphs. In: Proceedings of the IEEE Symposium on Security and Privacy (2002)Google Scholar
  14. 14.
    Ou, X., Boyer, W., McQueen, M.: A scalable approach to attack graph generation. In: Proceedings of the ACM Conference on Computer and Communications Security (CCS) (2006)Google Scholar
  15. 15.
    LeMay, E., Ford, M., Keefe, K., Sanders, W.H., Muehrke, C.: Model-based security metrics using ADversary VIew Security Evaluation (ADVISE). In: Proceedings of the Conference on Quantitative Evaluation of SysTems (QEST) (2011)Google Scholar
  16. 16.
    Chen, B., Kalbarczyk, Z., Nicol, D.M., Sanders, W.H., Tan, R., Temple, W.G., Tippenhauer, N.O., Vu, A.H., Yau, D.K.: Go with the flow: toward workflow-oriented security assessment. In: Proceedings of the New Security Paradigms Workshop (NSPW) (2013)Google Scholar
  17. 17.
    APTA Standards Development Program, Securing Control and Communications Systems in Rail Transit Environments: Part IIIa (2014). SS_CC_WPSecuringCandCSystemsinRailTransitEnvironmentsPartIIIaPC4Q2014.doc
  18. 18.
    Vu, A.H., Tippenhauer, N.O., Chen, B., Nicol, D.M., Kalbarczyk, Z.: CyberSAGE: a tool for automatic security assessment of cyber-physical systems. In: Norman, G., Sanders, W. (eds.) QEST 2014. LNCS, vol. 8657, pp. 384–387. Springer, Heidelberg (2014) Google Scholar
  19. 19.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011) CrossRefGoogle Scholar
  20. 20.
    ISO 26262, Road vehicles - Functional safety (2011)Google Scholar
  21. 21.
  22. 22.
    Legara, E.F., Monterola, C., Lee, K.K., Hung, G.G.: Critical capacity, travel time delays and travel time distribution of rapid mass transit systems. Physica A Stat. Mech. Appl. 406, 100–106 (2014)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  1. 1.Advanced Digital Sciences CenterSingaporeSingapore
  2. 2.Austrian Institute of TechnologyViennaAustria
  3. 3.Electrical and Computer Engineering DeptartmentUniversity of Illinois at Urbana-ChampaignChampaignUSA

Personalised recommendations