'Institute of Electrical and Electronics Engineers (IEEE)'
Abstract
In this paper we discuss the methodology we used for a security audit of the European Railway Traffic Management System (ERTMS) specifications. ERTMS is a major industrial project that aims at replacing the many different national train control and command systems in Europe. We discuss the stages of the audit, threat model used, and the output of each stage of the audit