Final published version
Licence: CC BY: Creative Commons Attribution 4.0 International License
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - Security Requirements Engineering in Safety-Critical Railway Signalling Networks.
AU - Heinrich, Markus
AU - Vateva-Gurova, Tsvetoslava
AU - Arul, Tolga
AU - Katzenbeisser, Stefan
AU - Suri, Neeraj
AU - Birkholz, Henk
AU - Fuchs, Andreas
AU - Krauß, Christoph
AU - Zhdanova, Maria
AU - Kuzhiyelil, Don
AU - Tverdyshev, Sergey
AU - Schlehuber, Christian
PY - 2019/7/14
Y1 - 2019/7/14
N2 - Securing a safety-critical system is a challenging task, because safety requirements have to be considered alongside security controls. We report on our experience to develop a security architecture for railway signalling systems starting from the bare safety-critical system that requires protection. We use a threat-based approach to determine security risk acceptance criteria and derive security requirements. We discuss the executed process and make suggestions for improvements. Based on the security requirements, we develop a security architecture. The architecture is based on a hardware platform that provides the resources required for safety as well as security applications and is able to run these applications of mixed-criticality (safety-critical applications and other applications run on the same device). To achieve this, we apply the MILS approach, a separation-based high-assurance security architecture to simplify the safety case and security case of our approach. We describe the assurance requirements of the separation kernel subcomponent, which represents the key component of the MILS architecture. We further discuss the security measures of our architecture that are included to protect the safety-critical application from cyberattacks.
AB - Securing a safety-critical system is a challenging task, because safety requirements have to be considered alongside security controls. We report on our experience to develop a security architecture for railway signalling systems starting from the bare safety-critical system that requires protection. We use a threat-based approach to determine security risk acceptance criteria and derive security requirements. We discuss the executed process and make suggestions for improvements. Based on the security requirements, we develop a security architecture. The architecture is based on a hardware platform that provides the resources required for safety as well as security applications and is able to run these applications of mixed-criticality (safety-critical applications and other applications run on the same device). To achieve this, we apply the MILS approach, a separation-based high-assurance security architecture to simplify the safety case and security case of our approach. We describe the assurance requirements of the separation kernel subcomponent, which represents the key component of the MILS architecture. We further discuss the security measures of our architecture that are included to protect the safety-critical application from cyberattacks.
U2 - 10.1155/2019/8348925
DO - 10.1155/2019/8348925
M3 - Journal article
VL - 2019
JO - Security and Communication Networks
JF - Security and Communication Networks
SN - 1939-0114
M1 - 8348925
ER -