基于贝叶斯攻击图的CBTC系统安全风险评估
|
摘要
先进的无线通信技术、计算机技术在城市轨道交通中的应用,在促使列控系统快速发展的同时,也使得其面临的信息安全风险日益严峻。目前,应用于传统IT和工控领域的信息安全分析方法不能很好地满足基于通信的列车自动控制系统(Communication Based Train Control System, CBTC)对信息安全分析的需求。为了提出对CBTC系统安全进行评估的方法,在分析传统工控系统信息安全标准后,从资产、脆弱性、威胁源三个角度分析CBTC系统的信息安全风险,将贝叶斯攻击图(Bayesian Attack Graph, BAG)应用到CBTC系统风险评估建模中,并以ATS子系统为例,从入侵的攻击路径和对组件脆弱性的利用方式两个方面进行考虑,构建攻击模型,通过扩充BAG模型的节点来更好地描述系统特点。最终得到ATS子系统最易发生的信息安全事件以及在考虑黑客和内部恶意工作人员的入侵时,CBTC系统的风险等级。从构建的模型可以看出,CBTC系统处于安全状态。
The application of advanced wireless communication technology and computer technology in urban rail transit not only promotes the rapid development of train control system, but also brings increasingly serious information security risks. At present, the information security analysis method of traditional IT and industrial control system cannot meet the need of information security analysis for CBTC system. In order to propose a method to evaluate the security of CBTC system, this paper analyzes the information security risk of CBTC system from three aspects of assets, vulnerability and threat source after analyzing the information security standard of traditional industrial control system, and applies Bayesian Attack Graph(BAG) to the risk assessment modeling of CBTC system. Taking ATS subsystem as an example, an attack model is constructed considering the attack path and the vulnerability of components, and the characteristics of the system are better described by extending the nodes of BAG model. Finally, the information security events that are most likely to happen in the ATS subsystem and the risk level of CBTC system when considering the intrusion of hackers and malicious workers are obtained.
The application of advanced wireless communication technology and computer technology in urban rail transit not only promotes the rapid development of train control system, but also brings increasingly serious information security risks. At present, the information security analysis method of traditional IT and industrial control system cannot meet the need of information security analysis for CBTC system. In order to propose a method to evaluate the security of CBTC system, this paper analyzes the information security risk of CBTC system from three aspects of assets, vulnerability and threat source after analyzing the information security standard of traditional industrial control system, and applies Bayesian Attack Graph(BAG) to the risk assessment modeling of CBTC system. Taking ATS subsystem as an example, an attack model is constructed considering the attack path and the vulnerability of components, and the characteristics of the system are better described by extending the nodes of BAG model. Finally, the information security events that are most likely to happen in the ATS subsystem and the risk level of CBTC system when considering the intrusion of hackers and malicious workers are obtained.
引文
[1] 中国城市轨道交通协会.城市轨道交通2016年度统计和分析报告[J].都市快轨交通,2017(1):1-3.
[2] 唐涛.列车运行控制系统[M].北京:中国铁道出版社,2012:1-5.
[3] 张敏,张五一,韩桂芬,等.国内外工业控制系统信息安全标准研究[C]//市场践行标准化——第十一届中国标准化论坛论文集,2014-08,中国四川成都:中国标准化协会,2014:986-990.
[4] Poolsappasit N,Dewri R,Ray I.Dynamic Security Risk Management Using Bayesian Attack Graphs[J].IEEE Transactions on Dependable & Secure Computing,2012,9(1):61-74.
[5] Hardman D K,Ayton P.Arguments for Qualitative Risk Assessment:The StAR Risk Adviser[J].Expert Systems,2010,14(1):24-36.
[6] IEEE.1474.1-1999-IEEE Standard for Communications-Based Train Control (CBTC) Performance and Functional Requirements[S].IEEE,1999:i.
[7] 凌从礼.工业控制系统脆弱性分析与建模研究[D].杭州:浙江大学,2013:17-55.
[8] 陈卓.矩阵法在信息安全风险值定量计算中的应用研究[J].网络安全技术与应用,2016(11):82-83.
[9] 卢慧康.工业控制系统脆弱性测试与风险评估研究[D].上海:华东理工大学,2014:2-16.
[10] 全宏宇.CTCS-3级列控系统地车安全信息传输子系统的建模与分析[D].北京:北京交通大学,2014:9-62.
[11] 许汉清.地铁CBTC信号系统的wifi风险防范[J].数字通信世界,2015(9):53-54.
[12] 张建明.城轨交通CBTC年-地无线通信的分析与思考[J].现代城市轨道交通,2014(1):47-51.
[13] 包正堂.列控系统信息安全风险主动防御研究[D].北京:北京交通大学,2017:52-54.
[14] 郁舒雅.城市轨道交通列控系统信息安全检测技术研究[D].北京:北京交通大学,2017:2-8.
[15] 中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会.信息安全技术信息安全风险评估实施指南:GB/T 31509—2015[S].北京:中国标准出版社,2016:20-37.
[16] Weiss J,Weiss J.Protecting Industrial Control Systems from Electronic Threats[M].America:Momentum Press,2010.
[17] Stouffer K A,Falco J A,Scarfone K A.SP 800-82.Guide to Industrial Control Systems (ICS) Security:Supervisory Control and Data Acquisition (SCADA) systems,Distributed Control Systems (DCS),and other control system configurations such as Programmable Logic Controllers (PLC)[M].National Institute of Standards & Technology,2011.
[18] 闫峰.基于攻击图的网络安全风险评估技术研究[D].长春:吉林大学,2014:59-66.
[19] 戴方芳.基于攻击图理论的网络安全风险评估技术研究[D].北京:北京邮电大学,2015:59-81.
[20] 赵冬梅.信息安全风险评估量化方法研究[D].西安:西安电子科技大学,2007:19-31.
[21] 龚斯谛.基于AHP和攻击图的工控系统信息安全风险评估研究[D].南昌:南昌航空大学,2017:1-15.
[2] 唐涛.列车运行控制系统[M].北京:中国铁道出版社,2012:1-5.
[3] 张敏,张五一,韩桂芬,等.国内外工业控制系统信息安全标准研究[C]//市场践行标准化——第十一届中国标准化论坛论文集,2014-08,中国四川成都:中国标准化协会,2014:986-990.
[4] Poolsappasit N,Dewri R,Ray I.Dynamic Security Risk Management Using Bayesian Attack Graphs[J].IEEE Transactions on Dependable & Secure Computing,2012,9(1):61-74.
[5] Hardman D K,Ayton P.Arguments for Qualitative Risk Assessment:The StAR Risk Adviser[J].Expert Systems,2010,14(1):24-36.
[6] IEEE.1474.1-1999-IEEE Standard for Communications-Based Train Control (CBTC) Performance and Functional Requirements[S].IEEE,1999:i.
[7] 凌从礼.工业控制系统脆弱性分析与建模研究[D].杭州:浙江大学,2013:17-55.
[8] 陈卓.矩阵法在信息安全风险值定量计算中的应用研究[J].网络安全技术与应用,2016(11):82-83.
[9] 卢慧康.工业控制系统脆弱性测试与风险评估研究[D].上海:华东理工大学,2014:2-16.
[10] 全宏宇.CTCS-3级列控系统地车安全信息传输子系统的建模与分析[D].北京:北京交通大学,2014:9-62.
[11] 许汉清.地铁CBTC信号系统的wifi风险防范[J].数字通信世界,2015(9):53-54.
[12] 张建明.城轨交通CBTC年-地无线通信的分析与思考[J].现代城市轨道交通,2014(1):47-51.
[13] 包正堂.列控系统信息安全风险主动防御研究[D].北京:北京交通大学,2017:52-54.
[14] 郁舒雅.城市轨道交通列控系统信息安全检测技术研究[D].北京:北京交通大学,2017:2-8.
[15] 中华人民共和国国家质量监督检验检疫总局,中国国家标准化管理委员会.信息安全技术信息安全风险评估实施指南:GB/T 31509—2015[S].北京:中国标准出版社,2016:20-37.
[16] Weiss J,Weiss J.Protecting Industrial Control Systems from Electronic Threats[M].America:Momentum Press,2010.
[17] Stouffer K A,Falco J A,Scarfone K A.SP 800-82.Guide to Industrial Control Systems (ICS) Security:Supervisory Control and Data Acquisition (SCADA) systems,Distributed Control Systems (DCS),and other control system configurations such as Programmable Logic Controllers (PLC)[M].National Institute of Standards & Technology,2011.
[18] 闫峰.基于攻击图的网络安全风险评估技术研究[D].长春:吉林大学,2014:59-66.
[19] 戴方芳.基于攻击图理论的网络安全风险评估技术研究[D].北京:北京邮电大学,2015:59-81.
[20] 赵冬梅.信息安全风险评估量化方法研究[D].西安:西安电子科技大学,2007:19-31.
[21] 龚斯谛.基于AHP和攻击图的工控系统信息安全风险评估研究[D].南昌:南昌航空大学,2017:1-15.