中文摘要：

为评估列控中心TCC的信息安全风险,构建列控中心系统的组件安全属性,结合信息安全风险评估指标体系,提出一种基于组件安全属性模型CMOSA的列控中心风险评估方法.以组件的方式对列控中心系统进行划分,通过研究列控中心与其他子系统之间的信息交互过程,抽象出各组件的安全属性;结合AHP确定列控中心信息安全风险评估指标,以组件安全属性对风险评估指标的影响识别组件的风险值,利用改进VIKOR算 法评价系统的风险值,为列控中心的信息安全风险评估提供一种定量分析手段.结果表明,在列控中心系统中,外接集中监测系统的辅助维护单元模块、驱动与采集单元模块的风险值最大,作为风险管理者,应采取具体的防 护措施降低风险.

英文摘要：

In order to assess the information security risk of Train Control Center （TCC） , this paper gave firstly the component-based security attributes of T CC systems,and then proposed a TCC information security risk assessment model based on it in combination with the index system of information security risk assessment. The TCC system was divided as components, and the security attributes of each component were abstracted based on the study of the information interaction process between the T C C and other subsystems. During the security risk modeling,the Analytic Hierarchy Process （AHP ） method was adopted to create security attrib-utes and risk assessment indicators of TCC systems to determine the component risk values. Furthermore, a modified VIKOR algorithm was used to evaluate the TCC system risk values from these multiple risk indicators to provide a quantitative analysis means to assess the information security risk of TCC . The evaluation results show that the risk values of the auxiliary maintenance module and drive-acquisition module are relatively higher in the TCC system. As risk managers, specific precautions should be taken to mitigate the risks.