Attack Tags
Each attack in an Attack Tree contains a list of <b>Tags</b> (similar to UML tagged values) which are properties of the model element of the attack that express various characteristics of the attack such as the dangerousness and the likelihood of the attack (See Figure 1).
List of Attack Tags
There are Default Tags that are predefined by Attack Tree Designer and there are Custom Tags that can be added and modified by users (See Figure 1). Here is the list of tags that can be found in an attack
-
Severity : it represents how dangerous and how much damage could an attack inflict.
-
Probability : it reflect how likely can the attack happened.
-
Security related : it means if the event is related to malicious attacks (with bad intent from a person).
-
Safety related : it means if the event is related to unintentional failures)
-
Out of Scope : it means taht the event is out of scope
-
Custom Tags : represent customized properties created for specific needs of the designers.
Figure 1 : Attack Tags
Update Attack Tags
Attacks contain a list of tags that can be updated via the property page (See Figure 2).
Figure 2 : Update Attack Tags
The risk level is calculated based on "Severity" and "Probability" tags of an attack (See Table 1).
Probability / Severity |Low|Medium|High ---|---|---|--- Low|Very Low|Low|Medium Medium|Low|High|Very High High|Medium|Very High|Catastrophic Table 1 : Risk Level calculation rules
When you update Severity and Probability tags of an attack, it changes the constraints of these tags for their parents and can modify their content according to the following rules :
A parent connected with AND connection to its children has a minimum Severity value equal to the maximum value of Severity of its children because the event of the attack cannot be happening unless all of its children events have happened and thus the Severity will be at least equal to the maximum severity value of its children. On the other hand, A parent connected with OR connection to its children has a minimum Severity value equal to the minimum value of Severity of its children because at least one of its children event has happened (See Figure 3). If the Severity tag is updated, the Severity tag of its parent will be updated if it is inferior to the minimum required Severity value.
Figure 3 : Propagating Severity Tags to parents
A parent connected with AND connection to its children has a maximum Probability value inferior to the minimum value of <b>Probability</b> of its children. On the other hand, A parent connected with OR connection to its children has a minimum Probability value superior to the maximum value of Probability of its children (See Figure 4). If the Probability tag is updated, the Probability tag of its parent will be updated if it is inferior to the minimum required or if it is superior to the maximum required Probability value.
Figure 4 : Propagating Probability Tags to parents
Attack Custom Tags
You can add your own Custom Tag property to your attack by clicking the button "Add a new Custom Tag" in the property page of the selected attack (See Figure 5), specify the name and the value of your custom tag and click OK (See Figure 6). The new created Custom Tag is then displayed in the property page of the selected attack and can be modified from the property page as well.
Figure 5 : Add new Custom Tag Button
Figure 6 : Add new Custom Tag Dialog
You can remove a Custom Tag property from a selected attack by clicking the button "Remove a Custom Tag" in the property page (See Figure 7), select the custom tags you want to remove from the displayed list and click OK (See Figure 8).
Figure 7 : Remove a Custom Tag Button
Figure 8 : Remove a Custom Tag Dialog