Attack Path

Set of deliberate actions to realize a threat scenario.

Attack Path Steps

Enumerate each step needed to perform the threat scenario.

Attack Feasibility Rating

An attribute of an attack path describes the ease of successfully carrying out the corresponding set of actions. By default, the ISO/SAE 21434:2021 rating scale is used.

Creating a Manual Attack Path

A Manual Attack Path refers to the manual way of describing and rating the feasibility of attack paths. It does not refer to potential based attacks or CVSS methodologies.

To create a Manual Attack Path

  1. In the Containment tree, right-click Attack Paths and Feasibility Ratings and select Create Element.



  2. Do one of the following:
    • In the dialog, expand ISO 21434 and select Manual Attack Path.



    • In the search tab, type the keyword attack and then select Manual Attack Path.



  3. Name the created Manual Attack Path in the Containment tree and press Enter. The Manual Attack Path has the prefix AP, which denotes that the created element is a Manual Attack Path; the number 1 indicates that it is the first Manual Attack Path created.


Creating a Manual Attack Path Table

If you create a new project using the ISO 21434 Project template, then a Manual Attack Paths table already exists in the 1.3 Attack Paths and Feasibility Ratings package.


To create a Manual Attack Path Table

  1. In the Containment tree, right-click Attack Paths and Feasibility Ratings and select Create Diagram.



  2. Do one of the following:
    • In the dialog, expand ISO 21434 and select Manual Attack Path Table.



    • In the search tab, type the keyword attack and then select Manual Attack Path Table.



      The Manual Attack Table is displayed in the diagram pane of the modeling tool.

Adding a Manual Attack Path to Manual Attack Path Table

To add a new Manual Attack Path to the Manual Attack Path Table

  1. In the Manual Attack Path Table, click Add New. A row is added in the Manual Attack Path Table, which shows the new Manual Attack Path.



  2. In the newly created Manual Attack Path's row and the Name column, double-click the designated cell to name the Manual Attack Path.



To add an existing Manual Attack Path to the Manual Attack Path Table

  1. In the Manual Attack Path Table, click Add Existing.



  2. From the Select Attack Path dialog, select the required Manual Attack Path. A row is added to the Manual Attack Path Table, which shows the existing Manual Attack Path.



  3. In the existing Manual Attack Path's row and the Name column, double-click the designated cell to rename the Manual Attack Path.


Adding Attack Path Steps

To add Attack Path Steps to the Manual Attack Path Table

  1. Double-click the designated cell in the Attack Path Steps column and the required Manual Attack Path's row and click .



  2. From the Select Situation dialog, select Attack Path Steps.



    The Attack Path Steps now shown in the Manual Attack Path Table.


  • You can also drag and drop the Attack Path Step from the Containment tree to the Threat Scenario Table.
  • You can move the Attack Path Steps in the Select Situation dialog by clicking Up or Down.

 

Adding an Attack Feasibility Rating

To rate the Attack Feasibility

  • Double-click the cell in the Manual Attack Path's row and from the drop-down list, select Attack Feasibility Rating.



    The Attack Feasibility Rating is now shown in the Manual Attack Path Table.


Manual Attack Path Table Example

ISO/SAE 21434:2021 Road vehicles-Cybersecurity engineer