抄録
We introduce a case study of IT security analysis for the wireless transmission system of JRTC-W, a communication based train control system. We used the "attack tree" method together with an IT security risk evaluation procedure of IEC15408 (CC) to assess potential threats to the wireless transmission system of JRTC-W in conformity with the lifecycle safety management process of IEC62278 (RAMS). Attack Tree is an FTA-like purpose-oriented tree-form analysis method of hierarchical decomposition of complex attack scenarios into simple and non-divisible (assets). We identified 43 attack methods for individual wireless communication (from Zone controller to On-board controller) for instance, and classified 10 different kinds of assets. We report how the analysis has been done.
