Attack Potential based method is supported by the ISO/IEC 18045 standard.
Creating an Attack Potential Based Attack Path
To create an Attack Potential Based Attack Path
- In the Containment tree, right-click Attack Paths and Feasibility Ratings and select Create Element.
- Do one of the following:
- In the dialog, expand ISO 21434 and select Attack Potential Based Attack Path.
- In the search tab, type the keyword attack and then select Attack Potential Based Attack Path.
- In the dialog, expand ISO 21434 and select Attack Potential Based Attack Path.
- Name the created Attack Potential Based Attack Path in the Containment tree and press Enter. The Attack Potential Based Attack Path has the prefix AP, which denotes that the created element is an an Attack Path (Manual or Potential-Based); the number 1 indicates that it is the first Attack Path (Manual or Potential-Based) created.
Creating an Attack Potential Based Attack Path Table
If you create a new project using the ISO 21434 Project template, then a Attack Potential Based Attack Path table already exists in the 1.3 Attack Paths and Feasibility Ratings package.
To create an Attack Potential Based Attack Path Table
- In the Containment tree, right-click Attack Paths and Feasibility Ratings and select Create Diagram.
- Do one of the following:
- In the dialog, expand ISO 21434 and select Attack Potential Based Attack Path Table.
- In the search tab, type the keyword attack and then select Attack Potential Based Attack Path Table.
The Attack Potential Based Attack Path Table is displayed in the diagram pane of the modeling tool.
- In the dialog, expand ISO 21434 and select Attack Potential Based Attack Path Table.
Adding an Attack Potential Based Attack Path to the Attack Potential Based Attack Path Table
Adding a new or existing Attack Potential Based Attack Path to the Attack Potential Based Attack Path Table is the same as adding a new or existing Manual Attack Path to the Manual Attack Path Table. To learn more about adding a Manual Attack Path to the Manual Attack Path Table, refer to Manual Attack Path.
Adding Attack Path Steps
Attack path steps in an Attack Based Potential Attack Path table are added in the same as they are added in a Simple Attack Path table. To learn more about adding attack path steps in a Simple Attack Path table, refer to Manual Attack Path.
Rating the Potential Attack core parameters
To rate the Potential Attack core parameters
- Double-click each cell's column namely Elapsed Time, Specialist Expertise, Knowledge of Item/Component, Window of Opportunity, and Equipment in the Attack Based Potential Attack Path's row and select the required option from the drop-down list.
The Attack Feasibility Rating is calculated with help of core parameters viz. Elapsed Time, Specialist Expertise, Knowledge of Item/Component, Window of Opportunity, and Equipment. Each parameter has different grading system which has a numerical value assigned to it. These numerical values are based on the ISO/IEC 18045 standard.
The following table shows the assigned numerical values to each parameter.
The numerical values are added together to calculate the Attack Feasibility Rating. Following is the formula used to calculate the Attack Feasibility Rating.
- Attack Feasibility Rating = Elapsed Time + Specialist Expertise+ Knowledge of Item/Component+ Window of Opportunity+ Equipment
The following table shows the numerical values assigned to the Attack Feasibility Rating.
