Abstract
The secure integration of model-based, safety-critical applications implemented in the programming suite Ansys SCADE is explained with the help of a demonstrator. The interoperability between the embedded devices of the demonstrator is achieved using the new TRDP middleware. Remote connections are secured using the WireGuard secure network channel. The demonstrator security concept addresses the different life cycles of its heterogeneous components by adoption of the robust MILS separation architecture. The goal of this open demonstrator is to show how these essential technologies can be composed to a secure safety-critical system.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ETCS, European Train Control System. OpenETCS was a research project fostering an open reference implementation.
References
CENELEC: Electronic railway equipment – train communication network (TCN) – part 2-3: TCN communication profile (IEC 61375-2-3:2016). Technical report, IEC (2017)
Donenfeld, J.A.: Wireguard: next generation kernel network tunnel. In: NDSS Symposium (2017). https://www.wireguard.com/papers/wireguard.pdf
Donenfeld, J.A., Milner, K.: Formal verification of the wireguard protocol. Technical report, Oxford University (2018). https://www.wireguard.com/papers/wireguard-formal-verification.pdf
Erbsen, A., Philipoom, J., Gross, J., Sloan, R., Chlipala, A.: Systematic generation of fast elliptic curve cryptography implementations. Technical report, MIT, Cambridge, MA, USA (2017)
Ferguson, N., Schneier, B.: A cryptographic evaluation of IPsec. Counterpane Internet Security, Inc. (2000). http://www.cs.fsu.edu/~yasinsac/Papers/ipsec.pdf
Gorski, P., Özer, M., Schulz, T., Golatowski, F.: A modular train control system through the use of certified COTS HW/SW and qualified tools. Elektronik 18, 42–49 (2016)
Hametner, R., Resch, S.: A platform approach for fusing safety and security on a solid foundation. In: 4th International Workshop on MILS. Zenodo (2018). https://doi.org/10.5281/zenodo.1306081
Hirschler, B., Jakovljevic, M.: Secure deterministic L2/L3 ethernet networking for integrated architectures. resreport, SAE Technical Paper (2017)
IEC TC65 WG10: IEC TS 62443-2-4 Industrial communication networks - Network and system security - Part 2-4: Requirements for IACS solution suppliers (2015)
Rescorla, E.: The transport layer security (TLS) protocol version 1.3. Technical report, IETF (2018). https://datatracker.ietf.org/doc/rfc8446/
Rushby, J.: A trusted computing base for embedded systems. In: Proceedings of the 7th D/NBS Computer Security Conference (1984)
Schulz, T., Golatowski, F., Timmermann, D.: Evaluation of a formalized encryption library for safety-critical embedded systems. In: IEEE International Conference on Industrial Technology (ICIT) (2017). https://doi.org/10.1109/ICIT.2017.7915525
Schulz, T., Griest, C., Golatowski, F., Timmermann, D.: Strategy for security certification of high assurance industrial automation and control systems. In: IEEE 13th International Symposium on Industrial Embedded Systems (SIES) (2018). https://doi.org/10.1109/SIES.2018.8442081
Tverdyshev, S.: Security by design: introduction to mils. In: MILS Workshop Embedded World Conference (2017). https://doi.org/10.5281/zenodo.571164
UNISIG: SUBSET-026 - System Requirements Specif. SRS 3.3.0, ERA (2012)
Victors, J.: TLS 1.3 and the future of cryptographic protocols. Technical report, Synopsys (2016). https://www.synopsys.com/blogs/software-security/tls-1-3/
Walz, A., Sikora, A.: Exploiting dissent: towards fuzzing-based differential black box testing of TLS implementations. IEEE Trans. Dependable Secure Comput. 1 (2017). https://doi.org/10.1109/TDSC.2017.2763947
Zinzindohoué, J.K., Bhargavan, K., Protzenko, J., Beurdouche, B.: HACL*: a verified modern cryptographic library. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, CCS 2017 (2017). https://doi.org/10.1145/3133956.3134043
Acknowledgments
This work is part of the certMILS project, funded by the European Union’s Horizon 2020 research and innovation programme under grant agreement No. 731456.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Schulz, T., Golatowski, F., Timmermann, D. (2019). Integration Approach for Communications-Based Train Control Applications in a High Assurance Security Architecture. In: Collart-Dutilleul, S., Lecomte, T., Romanovsky, A. (eds) Reliability, Safety, and Security of Railway Systems. Modelling, Analysis, Verification, and Certification. RSSRail 2019. Lecture Notes in Computer Science(), vol 11495. Springer, Cham. https://doi.org/10.1007/978-3-030-18744-6_18
Download citation
DOI: https://doi.org/10.1007/978-3-030-18744-6_18
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-18743-9
Online ISBN: 978-3-030-18744-6
eBook Packages: Computer ScienceComputer Science (R0)