Abstract: Multi-layer STAMP and its corresponding method of safety analysis combined with system theoretic accident model and processes(STAMP) were proposed based on the design scheme of CTCS-1 train control system. The interaction process between internal components of train control system was presented by using UML language, and it was transformed into multi-layer STAMP model and fault analyze model in order to analyze the causes of risk events, finally implement the security analysis of the system function. Taking the scenes of train pulling in station as an example, multi-layer STAMP model was established and used to analyze the system function security of potential risks. The result showed that the proposed model and method were suitable for function safety analysis of CTCS-1 train control system.