中国安全科学学报 ›› 2020, Vol. 30 ›› Issue (S1): 172-178.doi: 10.16265/j.cnki.issn1003-3033.2020.S1.030

• 公共安全 • 上一篇    下一篇

列车运行控制系统信息安全风险评估方法

张帆, 步兵 教授, 赵骏逸   

  1. 北京交通大学 轨道交通控制与安全国家重点实验室, 北京 100044
  • 收稿日期:2020-10-14 修回日期:2020-11-28 出版日期:2020-12-30 发布日期:2021-07-15
  • 作者简介:张 帆 (1997—),男,山西晋城人,硕士研究生,主要研究方向为城市轨道交通信息安全等。E-maill:19120272@bjtu.edu.cn。
  • 基金资助:
    城市轨道交通北京实验室项目(I18H100010);交控科技创新基金资助(9907006507);基本科研业务费项目(2020YJS199)。

Risk assessment method for information safety of train operation control system

ZHANG Fan, BU Bing, ZHAO Junyi   

  1. State Key Laboratory of Rail Traffic Control and Safety, Beijing Jiaotong University, Beijing 100004, China
  • Received:2020-10-14 Revised:2020-11-28 Online:2020-12-30 Published:2021-07-15

摘要: 为评估城市轨道交通列车运行控制系统的信息安全水平,提出风险管理建议,研究适用于列车运行控制系统的信息安全风险评估方法。首先,介绍基于通信的列车运行控制(CBTC)系统的设备组成和列车控制原理;然后,构建列控系统的复杂网络模型,并提出移动授权传输路径,分析网络攻击对列车控制的影响;其次,利用攻击树方法确定网络攻击事件的可能性;最后,给出列车运行控制系统信息安全风险评估方法,并通过半实物仿真平台进行仿真。研究表明:该方法可以发现系统中的薄弱环节,并反映系统的信息安全状态。

关键词: 基于通信的列车运行控制(CBTC), 信息安全, 风险评估, 复杂网络, 攻击树

Abstract: In order to evaluate information safety level of the train operation control system of urban rail transit, some suggestions on risk management were put forward, information safety risk assessment method for train operation control system was studied. Firstly, equipment composition and train control principle of train operation control system based on communication were introduced. Then, complex network model of train control system was constructed, and the mobile authorization transmission path was proposed to analyze the impact of network attack on train control. Secondly, the attack tree method was used to determine the possibility of network attack events. Finally, method of information safety risk assessment of train operation control system was given, and the simulation was carried out by the semi-physical simulation platform.The research shows that this method can find the weak links in the system and reflect information safety state of system.

Key words: communication-based train control(CBTC), cyber safety, risk assessment, complex network, attack tree

中图分类号: