With over 30 years of experience in designing, manufacturing and maintaining on-board communication and control systems, Televic Rail is a leading, trusted partner for railway operators and train builders worldwide.
Our Passenger Information Systems and Control Systems are high quality, tailor-made solutions that offer the flexibility, user-friendliness and stability that our clients ask for. Our various types of on-board control systems such as our bogie monitoring systems are innovative yet reliable products which are designed specifically for the railway business.
Trains and trams all around the world are equipped with Televic Rail solutions, from New Zealand to Canada, from China to the United States, from India to Belgium, England and France.
Televic Rail wants to improve the security of embedded systems in train environments. Systems contain different sub-systems: hardware, operating system, software, etc.
Televic has improved a lot in the automation of the build process for Operating Systems and Software. Currently the build process (pipeline) is finished when a successful build is created.
To have a realistic view of the existing security issues, a staging environment which simulates the production environment is needed. This staging environment is accessible by the build server and should deploy software and Operating Systems towards the corresponding hardware (continuous delivery). Once everything in the staging environment is deployed, different tests can be executed (functional integration and security tests). Some examples of such security tests:
Portscan: scan the operating system of the embedded system to find open UDP/TCP ports
Dynamic Analysis Security Testing (DAST)
Fuzz testing which is a test in which random data is sent to system inputs (e.g. software interfaces) and monitor if the system can survive (no denial of service)
Web application testing: different tests to verify the security of a web application (OWASP Top 10 list for example)
Webinterface API tests: test to verify the security of an API (e.g. REST interface)
Network vulnerability scan: scan if the systems use open source components containing discovered known vulnerabilities (on exposed interfaces)
Other penetration testing tools …
The research part of this topic is to identity the weakest link in our system. The student will create software/ scripts which behave as a hacker which execute different security tests in the staging environment (fully automated). Study about risk analysis in a cybersecurity context will have to be executed to create a realistic set of security tests.
Next to this, each tool will generate reports, all results need to be collected and parsed to create a list of issues (and priorities). These results need to be presented on a dashboard which provide an overview of the maturity of the security in the system.
Level: Bachelor, Master
Type of work: Research: 30%, Implem.: 50%, Experim.: 20%
Location: Televic, University
Type of activities: Design, Implementation, Programming