kth.sePublications
EnglishSvenskaNorsk
Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Formal Modelling of the Impact of Cyber Attacks on Railway Safety
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-5259-8839
KTH, School of Electrical Engineering and Computer Science (EECS).ORCID iD: 0009-0000-3916-1707
KTH, School of Electrical Engineering and Computer Science (EECS), Computer Science, Network and Systems Engineering.ORCID iD: 0000-0002-4876-0223
2021 (English)In: Computer Safety, Reliability, And Security (SAFECOMP 2021) / [ed] Habli, I Sujan, M Gerasimou, S Schoitsch, E Bitsch, F, SPRINGER INTERNATIONAL PUBLISHING AG , 2021, Vol. 12853, p. 117-127Conference paper, Published paper (Refereed)
Abstract [en]

Modern railway signaling extensively relies on wireless communication technologies for efficient operation. The communication infrastructures that they rely on are increasingly based on standardized protocols and are shared with other users. As a result, it has an increased attack surface and is more likely to become the target of cyber attacks that can result in loss of availability and, in the worst case, in safety incidents. While formal modeling of safety properties has a well-established methodology in the railway domain, the consideration of security vulnerabilities and the related threats lacks a framework that would allow a formal treatment. In this paper, we develop a modeling framework for the analysis of the potential of security vulnerabilities to jeopardize safety in communications-based train control for railway signaling, focusing on the recently introduced moving block system. We propose a refinement-based approach enabling a structured and rigorous analysis of the impact of security on system safety.
Place, publisher, year, edition, pages
SPRINGER INTERNATIONAL PUBLISHING AG , 2021. Vol. 12853, p. 117-127
Series
Lecture Notes in Computer Science, ISSN 0302-9743
Keywords [en]
Railway safety, Formal modelling, Event-B
National Category
Computer Systems
Identifiers
URN: urn:nbn:se:kth:diva-303515DOI: 10.1007/978-3-030-83906-2_9ISI: 000694725200009Scopus ID: 2-s2.0-85115170088OAI: oai:DiVA.org:kth-303515DiVA, id: diva2:1603499
Conference
SAFECOMP Conference, SEP 07, 2021, ELECTR NETWORK
Note

Part of proceedings: ISBN 978-3-030-83906-2, ISBN 978-3-030-83905-5

QC 20211015

Available from: 2021-10-15 Created: 2021-10-15 Last updated: 2025-04-17Bibliographically approved
In thesis
1. Formal Modelling of the Impact of Cyberattacks on Safety of Networked Control Systems
Open this publication in new window or tab >>Formal Modelling of the Impact of Cyberattacks on Safety of Networked Control Systems
2025 (English)Doctoral thesis, comprehensive summary (Other academic)
Abstract [en]

Modern control systems provide services that are indispensable for society, e.g., transportation, energy production, healthcare etc. Hence, it is important to guarantee safe and reliable functioning of such systems. However, they are increasingly relying on networking technologies, which makes them susceptible to cyberattacks that could potentially jeopardise their safety. Moreover, such systems typically have a complex distributed architecture and dynamic behaviour. Hence, it is hard to ensure correctness and safety of their design. Formal methods are used to tackle system complexity and guarantee correctness of the design via abstract mathematical modelling and rigorous verification. Various formal modelling techniques have been successfully used in the design of safety-critical systems in different domains. However, they primarily focused on modelling and verification of system safety. Since modern safety-critical systems are increasingly becoming the subject of cyberattacks, formal modelling techniques should be extended to address the emerging problem of safety-security interactions. In this thesis, we propose a rigorous approach to modelling the impact of cyberattacks on safety of networked control systems. Our approach integrates graphical modelling in Systems Modelling Language – SysML and formal specification and verification in the Event-B framework. Graphical models provide support in visualising system architecture and interactions between the components as well as facilitate the analysis of safety and security interactions by the interdisciplinary teams. Modelling and proof- based verification in Event-B allows us to formally identify the cyberattacks that jeopardise system safety. To bridge the gap between the graphical and formal modelling, we developed software automatically translating graphical system models into formal specifications in Event-B. We believe that this thesis makes both theoretical and practical contributions towards an integration of safety and security engineering, which is necessary for the development of modern trustworthy networked control systems.
Abstract [sv]

Moderna reglersystem tillhandahåller tjänster som är oumbärliga för samhället, t.ex. transport, energiproduktion, hälso- och sjukvård etc. Därför är det viktigt att garantera att sådana system fungerar säkert och tillförlitligt. De använder dock i allt högre grad nätverksteknik, vilket gör dem mottagliga för cyberattacker som potentiellt kan äventyra deras säkerhet. Dessutom har sådana system vanligtvis komplex distribuerad arkitektur och dynamiskt beteende. Därför är det svårt att säkerställa att deras design är korrekt och säker. Formella metoder används för att hantera systemkomplexitet och garantera att designen är korrekt via abstrakt matematisk modellering och rigorös verifiering. Olika formella modelleringstekniker har framgångsrikt använts vid design av trygghet-kritiska system inom olika domäner. För närvarande kräver användningen av nätverksteknik en utvidgning av denna teknik för att ta itu med det framväxande problemet med interaktion mellan trygghet och säkerhet. I den här avhandlingen föreslår vi ett rigoröst tillvägagångssätt för modellering av effekterna av cyberattacker på trygghet i nätverksanslutna styrsystem. Vårt tillvägagångssätt integrerar grafisk modellering i Systems Modelling Language – SysML och formell specifikation och verifiering i Event- B-ramverket. Grafiska modeller ger stöd för att visualisera systemarkitektur och interaktioner mellan komponenterna samt underlättar analysen av säkerhets- och trygghetsinteraktioner av de tvärvetenskapliga teamen. Modellering och bevisbaserad verifiering i Event-B gör det möjligt för oss att formellt identifiera de cyberattacker som äventyrar systems trygghet. För att överbrygga klyftan mellan den grafiska och formella modelleringen utvecklade vi en programvara som automatiskt översätter grafiska systemmodeller till formella specifikationer i Event-B. Vi tror att denna avhandling ger både teoretiska och praktiska bidrag till en integration av säkerhets- och trygghetsteknik, vilket är nödvändigt för utvecklingen av moderna pålitliga nätverksbaserade reglersystem.  
Place, publisher, year, edition, pages
Stockholm, Sweden: KTH Royal Institute of Technology, 2025. p. vii, 67
Series
TRITA-EECS-AVL ; 2025:39
Keywords
Cyberattacks, Safety, Networked Control Systems, Formal Methods, Event-B, SysML, Model-Based System Engineering, Model to Model Transformation, Formal Verification
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kth:diva-362568 (URN)978-91-8106-240-3 (ISBN)
Public defence
2025-05-08, F3 (Flodis), Lindstedtsvägen 26 & 28, KTH Campus, Stockholm, 14:00 (English)
Opponent
Supervisors
Note

QC 20250417

Available from: 2025-04-17 Created: 2025-04-17 Last updated: 2025-05-09Bibliographically approved

Open Access in DiVA

No full text in DiVA

Other links

Publisher's full textScopus

Authority records

Poorhadi, EhsanTroubitsyna, ElenaDán, György

Search in DiVA

By author/editor
Poorhadi, EhsanTroubitsyna, ElenaDán, György
By organisation
Network and Systems EngineeringSchool of Electrical Engineering and Computer Science (EECS)
Computer Systems

Search outside of DiVA

GoogleGoogle Scholar

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 237 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.47.0
|
WCAG
|
KTH Library
|
DiVA support
|
Register in DiVA
|
Posting your thesis
|
SwePub