Propagating Attack Feasibility

Owned by Tino Pförtner
Last updated: Jan 10, 2025
2 min read

To derive the feasibility level of a threat scenario, the feasibility of the elements (asset attacks) needs to be propagated to the root element, i.e. the threat scenario. The threat scenario is the connecting element between TARA and ATA. Thus, if the threat is used in TARA the result of propagation is displayed in the ATA table.

The propagation only takes the calculated feasibility level and compares it for the propagation. It depends on the gate type, if the higher or the lower feasibility level will be propagated to the next higher-level element in the attack tree. If the next higher-level element is assigned to an AND gate, the lower feasibility rating is propagated. If it is an OR Gate, the higher feasibility rating is propagated.

Propagating attack feasibility

  1. Select the element that should get the propagated feasibility level.

  2. Open the context menu of the ATA element.

  3. Select “Propagate Likelihood/Feasibility”.

 

The identified critical path in the attack tree is highlighted with a color corresponding to the attack feasibility rating derived for the threat scenario.

 

Attack tree showing critical path

For any element selected in the editor the propagated feasibility level is shown in the tab “ATA Node” of the Properties view.

If the threat scenario evaluated in ATA is used in column “Threat Scenario” of the TARA the attack feasibility rating is adopted in TARA.
Note: It is possible to manually overwrite the propagated feasibility level at each gate. If doing so, the feasibility needs to be propagated again.