This paper presents an action-based methodology for securing railway signalling systems, building upon the TS 50701 framework. In TS 50701, zones represent groups of assets that share common security requirements, while conduits denote controlled communication channels that interconnect zones and enforce defined security policies. Railway systems described within this framework comprise wayside and onboard components, interconnected by a Data Communication System (DCS). We propose an attacker model centred on inter-zone conduits that specifies enforceable rule templates for each conduit. These templates define requirements for source authentication, integrity, freshness, and semantic consistency, thereby constraining permissible behaviours that can be implemented at boundary monitors. Through qualitative security analysis, we demonstrate how these rules address specific threats and trace how security degradations may propagate to safety-critical effects. By formalising zones and conduits as terms in a process description language, system properties can be expressed as sequences of observable actions. This formalisation enables the use of Action-Based Temporal Logic (ACTL) to verify whether security properties are guaranteed, which constitutes our long-term research goal.
Action-based security rules for railway control systems / De Nicola, Rocco; Soderi, Simone. - 16470:(2026), pp. 314-332. [10.1007/978-3-032-12484-5_17]
Action-based security rules for railway control systems
De Nicola Rocco
;Soderi Simone
2026
Abstract
This paper presents an action-based methodology for securing railway signalling systems, building upon the TS 50701 framework. In TS 50701, zones represent groups of assets that share common security requirements, while conduits denote controlled communication channels that interconnect zones and enforce defined security policies. Railway systems described within this framework comprise wayside and onboard components, interconnected by a Data Communication System (DCS). We propose an attacker model centred on inter-zone conduits that specifies enforceable rule templates for each conduit. These templates define requirements for source authentication, integrity, freshness, and semantic consistency, thereby constraining permissible behaviours that can be implemented at boundary monitors. Through qualitative security analysis, we demonstrate how these rules address specific threats and trace how security degradations may propagate to safety-critical effects. By formalising zones and conduits as terms in a process description language, system properties can be expressed as sequences of observable actions. This formalisation enables the use of Action-Based Temporal Logic (ACTL) to verify whether security properties are guaranteed, which constitutes our long-term research goal.| File | Dimensione | Formato | |
|---|---|---|---|
|
Action_Based_Security_Rules_for_Railway_Control_Systems__RSSRail2025_.pdf
accesso aperto
Descrizione: Action-Based Security Rules for Railway Control Systems
Tipologia:
Documento in Pre-print
Licenza:
Creative commons
Dimensione
1.46 MB
Formato
Adobe PDF
|
1.46 MB | Adobe PDF | Visualizza/Apri |
|
978-3-032-12484-5_17.pdf
non disponibili
Descrizione: Action-Based Security Rules for Railway Control Systems
Tipologia:
Versione Editoriale (PDF)
Licenza:
Copyright dell'editore
Dimensione
977.35 kB
Formato
Adobe PDF
|
977.35 kB | Adobe PDF | Visualizza/Apri Richiedi una copia |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
