Versions Compared

Version Old Version 4 New Version Current
Changes made by

Tino Pförtner

Tino Pförtner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To manage your attack paths, open the Global Attack Paths view View or a catalog in the RM-folder TARA Project Catalogs and click the grafik-20240827-061715.png - icon in the top right to add a new row.

...

Identifying Attack Paths

...

Attack paths can be added to a threat scenario by creating row in a nested table below a threat scenario. Right-click on a threat scenario and select Add Attack Path from the context menu.

...

To select an Attack Path, double-click the input field and make your selection from the drop-down menu or drag-and-drop an attack path from the catalogThis will create a nested table containing your threat scenarios. The table can be populated from the Project- and Global Atack Path view via drag-and-drop or by selecting one from drop-down menu in column Attack Path. Adding an Attack Path from a Global Catalog via drag-and-drop or via the drop-down-menu (indicated by the -icon) will create a copy in the Project Catalogs folder.

...

For each rating parameter or metric select the level from drop-down menu as needed. You may declare a textual Justification.

...

Project-specific Attack Paths, in common with other resources, are administrated in the context of your project’s RM folder. The screenshot below highlights the RM folder and shows both global and project Attack Paths.

...

A possible working method involves copying Attack Paths from the global catalog to the project catalog by dragging and dropping. The Attack Paths will then be available for use within your project context.The next figure shows an example outcome with three attack paths added to a threat scenario. Attack potential method is applied for AF rating.

...

The Attack Feasibility is derived from processing the relevant input. Note that the The highest value, in this case, “High”, propagates is propagated to the Threat Scenario:.

...

Identifying Attack Steps

Attack paths can be characterized in more detail by adding one or more attack steps Attack Steps. The attack steps of an attack path can be derived from an attack tree analysis Attack Tree Analysis (ATA). Alternatively, attack steps can be created directly in the TARA.

An attack step provides a variety of attributes allowing a detailed characterization of the underlying attack activity. Attack Steps are sourced from their associated catalog Catalog in the RM folder. TARA Project Catalogs folder or in the respective Global Catalog. Adding an Attack step from a Global Catalog creates a copy in the respective Project Catalog.

...

Add content as needed:

  • A text field is provided to assign a Name(optional)

  • A Vulnerability can be selected from the drop-down menu if known.

  • Select a Cybersecurity Property and Attack Class from the drop-down menu as required.

  • Preceding Step provides a drop-down menu listing all attack steps in the project to define the order of action.

...

To add an attack step in the TARA, right-click an attack path column and select Add Attack Step from the context menu. A nested table will be created in which the Attack steps from the RM folder can be added.

...