Risk Assessment Method of High-Speed Railway Signal Systems Based on Threat Analysis
-
摘要:
高速铁路信号系统是实现列车安全运行的关键基础设施,一旦发生设备或系统功能性故障极易导致安全事故. 为此,提出了一种功能安全视角下用于高速铁路信号系统风险评估的模糊综合评价方法. 该方法在改进模糊综合评判和层次分析法(analytic hierarchy process,AHP)的基础上,加强系统威胁场景分析,并建立各场景下风险因素耦合关系. 首先,分析高速铁路信号系统中影响行车安全的5类44个威胁场景,以系统功能安全事故为分析准则层、威胁类别为因素层,构建递阶层次结构;然后,根据主观评价确定结构中各要素权重,结合评语集对风险进行综合评估,并根据各场景风险值变化动态调整各层级和因素的权重,使评估结果更为真实,且能在安全风险和信号业务间建立映射关系. 最后,通过评估某客专真实安全数据,得到信号系统风险等级较低的结果,与其他方法测评结果基本一致,验证了该方法的有效性.
Abstract:High-speed railway signal system is a key infrastructure to ensure the safety operation of trains. Once the equipment or system functional failure happens, it could easily lead to safety accidents. To this end, a fuzzy comprehensive evaluation method is proposed for risk assessment of the high-speed railway signal system from the perspective of functional safety. Based on the improvement of fuzzy comprehensive evaluation and analytic hierarchy process (AHP), this method strengthens the system in terms of threat scenario analysis, and establishes the coupling relationship of risk factors in respective scenarios. Firstly, forty-four threat scenarios of five categories are analyzed, which affects traffic safety in railway signal systems. A hierarchical structure is constructed with system functional safety accidents as the analysis criterion layer and threat classification as the factor layer. Then the weight of each element in the structure is determined according to the subjective evaluation, and a comprehensive risk assessment is performed with the expert system. In addition, the weights of each level and factor can be adjusted dynamically according to the change of risk value of each scenario, making the evaluation result more practical and forming a mapping relation between security risks and signal services. In the evaluation of real operation data of a certain passenger dedicated line, the signal system risk level is relatively low, and evaluation results are basically consistent with other method, which verifies the effectiveness of the proposed method.
-
表 1 威胁场景分类
Table 1. Threat scenario classification
分类 说明 数量/个 系统运算输出错误 故障-安全平台运算输出错误 程序、数据和配置文件等被篡改或伪造,造成系统运算错误 5 非故障-安全单元运算输出错误 6 列控信息网络传输错误 信息在网络中被篡改和伪造 消息在网络传输的过程中被篡改、伪造、破坏和阻断 6 信息在网络中被破坏和阻断 9 人员越权操作 恶意人员越权操作或发送消息 3 信号系统基础数据错误 设备计算所需要的静态基础数据被攻击者篡改、伪造和破坏 3 设备、系统或程序损坏 恶意人员实施破坏和拒绝服务为目的的攻击 12 表 2 CVSS漏洞评分方法
Table 2. Common vulnerability scoring system
评价方向 指标 威胁程度 分值 影响度 机密性(C) 不受影响/部分/完全 0/0.7/1.0 完整性(I) 不受影响/部分/完全 0/0.7/1.0 可用性(A) 不受影响/部分/完全 0/0.7/1.0 可利
用度攻击途径(AV) 本地/远程 0.7/1.0 攻击复杂度(AC) 高/中/低 0.6/0.8/1.0 权限要求(PR) 需要/不需要 0.6/1.0 表 3 漏洞严重程度分级
Table 3. Vulnerability severity rating
分值区间 [0,2) [2,4) [4,6) [6,8) [8,10] 风险等级 较低 低 中等 高 较高 -
[1] 李赛飞,闫连山,李洪赭,等. 铁路通信网络安全的分析测试与可信防御研究[J]. 西南交通大学学报,2018,53(6): 1130-1136,1149. doi: 10.3969/j.issn.0258-2724.2018.06.006LI Saifei, YAN Lianshan, LI Hongzhe, et al. Analysis and testing of network security for China railway communication networks and proposed architecture based on trusted computing[J]. Journal of Southwest Jiaotong University, 2018, 53(6): 1130-1136,1149. doi: 10.3969/j.issn.0258-2724.2018.06.006 [2] SCAIFE N, TRAYNOR P, BUTLER K. Making sense of the ransomware mess (and planning a sensible path forward)[J]. IEEE Potentials, 2017, 36(6): 28-31. doi: 10.1109/MPOT.2017.2737201 [3] PARASKEVAS A. Cybersecurity in travel and tourism: a risk-based approach[M]//Handbook of e-Tourism. Blacksburg: Print ISBN, 2020. [4] LYONS K. 10,000 UK railway users had details leaked by free Wi-Fi provider[EB/OL]. (2020-03-02) [2020-03-02]. https://www.theverge.com/2020/3/2/21161387/ uk-railway-stations-free-wi-fi-exposed-london-bridge. [5] DENG X H, WANG R, XU T. Risk assessment of tunnel portals in the construction stage based on fuzzy analytic hierarchy process[J]. Archives of Civil Engineering, 2018, 64(4): 69-87. doi: 10.2478/ace-2018-0045 [6] SPANIDIS P M, ROUMPOS C, PAVLOUDAKIS F. A fuzzy-AHP methodology for planning the risk management of natural hazards in surface mining projects[J]. Sustainability, 2021, 13(4): 1-23. [7] AYYILDIZ E, TASKIN GUMUS A. Pythagorean fuzzy AHP based risk assessment methodology for hazardous material transportation:an application in istanbul[J]. Environmental Science and Pollution Research, 2021, 28(27): 35798-35810. doi: 10.1007/s11356-021-13223-y [8] WU X P, FU Y, WANG J S. Information systems security risk assessment on improved fuzzy AHP[C]//2009 ISECS International Colloquium on Computing, Communication, Control, and Management. Sanya: IEEE, 2009: 365-369. [9] 龚斯谛,王磊. 基于AHP与信息熵的工控系统信息安全风险评估研究[J]. 工业控制计算机,2017,30(4): 11-12,15. doi: 10.3969/j.issn.1001-182X.2017.04.005GONG Sidi, WANG Lei. Cyber security risk assessment for industrial control system based on AHP and information entropy[J]. Industrial Control Computer, 2017, 30(4): 11-12,15. doi: 10.3969/j.issn.1001-182X.2017.04.005 [10] 郑晓波. 基于AHP的铁路信息系统风险评价指标体系[J]. 中国安全科学学报,2020,30(增1): 139-145.ZHENG Xiaobo. Research on risk evaluation index system of railway information system based on AHP[J]. China Safety Science Journal, 2020, 30(S1): 139-145. [11] WANG H W, NI M M, GAO S G, et al. A resilience-based security assessment approach for railway signalling systems[C]//Proceedings of the Chinese Control Conference. Wuhan: [s.n.], 2018: 25-27. [12] YI S W, WANG H W, MA Y Y, et al. A safety-security assessment approach for communication-based train control (CBTC) systems based on the extended fault tree[C]//2018 27th International Conference on Computer Communication and Networks (ICCCN). Hangzhou: IEEE, 2018: 1-5. [13] 付淳川,王小敏,张文芳,等. 基于组件安全属性的列控中心信息安全风险评估方法[J]. 铁道学报,2017,39(8): 77-84. doi: 10.3969/j.issn.1001-8360.2017.08.011FU Chunchuan, WANG Xiaomin, ZHANG Wenfang, et al. A component security attribute model driven information security risk assessment approach for train control center[J]. Journal of the China Railway Society, 2017, 39(8): 77-84. doi: 10.3969/j.issn.1001-8360.2017.08.011 [14] 张曙光. CTCS-3级列控系统总体技术方案[M]. 北京: 中国铁道出版社, 2008. [15] 孙宏才, 田平, 王莲芬. 网络层次分析法与决策科学[M]. 北京: 国防工业出版社, 2011. [16] 国家市场监督管理总局, 中国国家标准化管理委员会. 信息安全技术 网络安全等级保护测评要求: GB/T 28448—2019[S]. 北京: 中国标准出版社, 2019. [17] MELL P, SCARFONE K, ROMANOSKY S. Common vulnerability scoring system[J]. IEEE Security & Privacy, 2006, 4(6): 85-89. [18] 李赛飞,闫连山,郭伟,等. 高速铁路信号系统网络安全与统一管控[J]. 西南交通大学学报,2015,50(3): 478-484,503. doi: 10.3969/j.issn.0258-2724.2015.03.015LI Saifei, YAN Lianshan, GUO Wei, et al. Analysis of network security for Chinese high-speed railway signal systems and proposal of unified security control[J]. Journal of Southwest Jiaotong University, 2015, 50(3): 478-484,503. doi: 10.3969/j.issn.0258-2724.2015.03.015 [19] 闫连山, 郭伟, 崔允贺, 等. 一种提高RSSP-II协议安全性的改进方案: 中国, CN104135469A[P]. 2014-11-05.