[en] The railway sector has been a source of inspiration for generations of researchers challenged to develop models and tools to analyze safety and reliability. Threats were coming mainly from within, due to occasionally faults in hardware components. With the advent of smart trains, the railway industry is venturing into cybersecurity and the railway sector will become more and more compelled to protect assets from threats against information & communication technology. We discuss this revolution at large, while speculating that instruments developed for security requirements engineering can then come in support of in the railway sector. And we explore the use of one of them: the Controlled Natural Language for Data Sharing Agreement (CNL4DSA). We use it to formalize a few exemplifying signal management system requirements. Since CNL4DSA enables the automatic generation of enforceable access control policies, our exercise is preparatory to implementing the security-by design principle in railway signalling management engineering.
Centre de recherche :
Interdisciplinary Centre for Security, Reliability and Trust (SnT) > Applied Security and Information Assurance Group (APSIA)
Disciplines :
Sciences informatiques
Auteur, co-auteur :
LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)
Petrocchi, Marinella
Co-auteurs externes :
yes
Langue du document :
Anglais
Titre :
Modelling of Railways Signalling System Requirements by Controlled Natural Languages: A Case Study
Date de publication/diffusion :
09 octobre 2019
Titre de l'ouvrage principal :
From Software Engineering to Formal Methods and Tools, and Back
Bartolini, C., Lenzini, G., Santos, C.: An agile approach to validate a formal representation of the GDPR. In: New Frontiers in Artificial Intellingence. New Frontiers in Artificial Intelligence. Springer (2019, in press)
Basile, D., ter Beek, M.H., Ciancia, V.: Statistical model checking of a moving block railway signalling scenario with Uppaal SMC-experience and outlook. In: Leveraging Applications of Formal Methods, Verification and Validation. Verification-8th International Symposium, ISoLA 2018, Limassol, Cyprus, 5–9 November 2018, Proceedings, Part II, pp. 372–391 (2018). https://doi.org/10.1007/978-3-030-03421-4 24
Basile, D., ter Beek, M.H., Ferrari, A., Legay, A.: Modelling and analysing ERTMS L3 moving block railway signalling with simulink and Uppaal SMC. In: Formal Methods for Industrial Critical Systems-24th International Conference, FMICS 2019, Amsterdam, The Netherlands, 30–31 August 2019, Proceedings (2019). https://doi.org/10.1007/978-3-030-27008-7 1
Caimi, C., Gambardella, C., Manea, M., Petrocchi, M., Stella, D.: Legal and technical perspectives in data sharing agreements definition. In: Privacy Technologies and Policy-Third Annual Privacy Forum, APF 2015, Luxembourg, 7–8 October 2015, Revised Selected Papers, pp. 178–192 (2015). https://doi.org/10.1007/978-3-319-31456-3 10
Coco Cloud Consortium-Confidential and Compliant Clouds: Deliverable 4.2: First DSA management infrastructure (2015). http://www.coco-cloud.eu/deliverables
Coco Cloud Consortium-Confidential and Compliant Clouds: Deliverable 4.3: Final DSA management infrastructure (2016). http://www.coco-cloud.eu/deliverables
Coco Cloud Consortium-Confidential and Compliant Clouds: Deliverable 5.3: Final version of the enforcement infrastructure (2016). http://www.coco-cloud. eu/deliverables
Costantino, G., Martinelli, F., Matteucci, I., Petrocchi, M.: Analysis of data sharing agreements. In: Information Systems Security and Privacy, pp. 167–178 (2017)
Costantino, G., Martinelli, F., Matteucci, I., Petrocchi, M.: Efficient detection of conflicts in data sharing agreements. In: Mori, P., Furnell, S., Camp, O. (eds.) ICISSP 2017. CCIS, vol. 867, pp. 148–172. Springer, Cham (2018). https://doi. org/10.1007/978-3-319-93354-2 8
Cregan, A., Schwitter, R., Meyer, T., et al.: Sydney OWL syntax-towards a controlled natural language syntax for OWL 1.1. In: OWL: Experiences and Directions, vol. 258. CEURs Workshop Proceedings (2007)
CYRAIL: Safety and security requirements of rail transport system in multi-stakeholder environment. Technical report, EU, June 2017
CYRail: Recommendations on cybersecurity of rail signalling and communications systems. Technical report, CYRail, September 2018
ENISA: Cyber Security and Resilience of Intellingent Public Transport, Good Practices and Recommendations. Technical report, ENISA, December 2015
Ferrari, A., Lipari, G., Gnesi, S., Spagnolo, G.O.: Pragmatic ambiguity detection in natural language requirements. In: Proceedings of AIRE, pp. 1–8 (2014)
Ferrari, A., Spoletini, P., Gnesi, S.: Ambiguity cues in requirements elicitation interviews. In: Proceedings of RE, pp. 56–65 (2016)
Fuchs, N.E., Kaljurand, K., Kuhn, T.: Attempto controlled English for knowledge representation. In: Baroglio, C., Bonatti, P.A., Ma̷luszyński, J., Marchiori, M., Polleres, A., Schaffert, S. (eds.) Reasoning Web. LNCS, vol. 5224, pp. 104–124. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85658-0 3
Gnesi, S., Lenzini, G., Latella, D., Abbaneo, C., Amendola, A., Marmo, P.: An automatic SPIN validation of a safety critical railway control system. In: Proceedings of the International Conference on Dependable Systems and Networks (DSN 2000), 25–28 June 2000, New York, NY, USA, pp. 119–124 (2002)
Gnesi, S., Petrocchi, M.: Towards an executable algebra for product lines. In: 16th International Software Product Line Conference, SPLC 2012, Salvador, Brazil, 2–7 September 2012, vol. 2, pp. 66–73 (2012). https://doi.org/10.1145/2364412. 2364424
Hart, G., Dolbear, C., Goodwin, J.: Lege Feliciter: using structured English to represent a topographic hydrology ontology. In: OWL: Experiences and Directions (2007)
Kuhn, T.: A survey and classification of controlled natural languages. Comput. Linguist. 40(1), 121–170 (2014)
Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L.: A formal support for collaborative data sharing. In: Multidisciplinary Research and Practice for Information Systems-IFIP WG 8.4, 8.9/TC 5 International Cross-Domain Conference and Workshop on Availability, Reliability, and Security, CD-ARES 2012, Prague, Czech Republic, 20–24 August 2012, Proceedings, pp. 547–561 (2012). https://doi. org/10.1007/978-3-642-32498-7 42
Martinelli, F., Petrocchi, M.: A uniform framework for security and trust modeling and analysis with crypto-CCS. Electr. Notes Theor. Comput. Sci. 186, 85–99 (2007). https://doi.org/10.1016/j.entcs.2007.03.024
Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: Socio-Technical Aspects in Security and Trust (STAST), pp. 17–23. IEEE (2011)
Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: Symposium on Applied Computing, pp. 616–620. ACM (2010)
OASIS XACML Technical Committee: eXtensible Access Control Markup Language (XACML) Version 3.0 (2013)
Ruiz, J.F., et al.: A lifecycle for data sharing agreements: how it works out. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds.) APF 2016. LNCS, vol. 9857, pp. 3–20. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44760-5 1
Schwitter, R.: Controlled natural languages for knowledge representation. In: Proceedings of the 23rd International Conference on Computational Linguistics: Posters, pp. 1113–1121. Association for Computational Linguistics (2010)
Schwitter, R., Kaljurand, K., Cregan, A., Dolbear, C., Hart, G., et al.: A comparison of three controlled natural languages for OWL 1.1. In: OWL: Experiences and directions (2008)
Stanford Encyclopedia of Philosophy: Quantifiers and quantification (2018). https://plato.stanford.edu/entries/quantification/#SecOrdQua
Tanoli, I.K., Petrocchi, M., De Nicola, R.: Towards automatic translation of social network policies into controlled natural language. In: 12th International Conference on Research Challenges in Information Science, RCIS 2018, Nantes, France, 29–31 May 2018, pp. 1–12 (2018). https://doi.org/10.1109/RCIS.2018.8406683
