---
id: wiki-2026-0508-tara
title: TARA (Threat Analysis and Risk Assessment)
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Threat Analysis Risk Assessment, ISO 21434 TARA, Automotive Threat Modeling]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [security, threat-modeling, automotive, iso-21434]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
  language: methodology
  framework: iso-21434
---

# TARA (Threat Analysis and Risk Assessment)

## 매 한 줄
> **"매 automotive cybersecurity 의 mandatory threat modeling"**. 매 ISO/SAE 21434 의 core process — 매 vehicle E/E system 의 cybersecurity risk 의 systematic 의 identify + assess + treat. 2026 의 UNECE R155 type-approval 의 prerequisite.

## 매 핵심

### 매 7 steps (ISO 21434 §15)
1. **Asset identification**: 매 cybersecurity property (CIAA) 의 정의.
2. **Threat scenario identification**: STRIDE/EVITA 의 적용.
3. **Impact rating**: Safety, Financial, Operational, Privacy (SFOP).
4. **Attack path analysis**: 매 attack tree / kill chain.
5. **Attack feasibility rating**: time, expertise, knowledge, opportunity, equipment.
6. **Risk determination**: Impact × Feasibility → 1-5 risk value.
7. **Risk treatment**: avoid, reduce, share, retain.

### 매 STRIDE for automotive
- **S**poofing — 매 ECU identity forgery (CAN ID).
- **T**ampering — 매 firmware mod, OTA hijack.
- **R**epudiation — 매 audit log absence.
- **I**nfo disclosure — 매 GPS/PII leak.
- **D**oS — 매 CAN bus flood.
- **E**oP — 매 infotainment → drive ECU pivot.

### 매 vs IT threat modeling
- **Lifecycle**: 매 15 yr vehicle 의 — 매 long-term update.
- **Safety coupling**: 매 cyber → physical harm (브레이크).
- **Supply chain**: 매 multi-tier (OEM ← T1 ← T2).
- **Standards**: 매 ISO 21434 + UNECE R155 의 mandatory.

### 매 응용
1. New vehicle development (concept phase).
2. CSMS audit evidence.
3. Post-incident re-assessment.

## 💻 패턴

### Asset table (YAML)
```yaml
assets:
  - id: ASSET-01
    name: Brake control message
    properties: [integrity, availability]
    rationale: Loss → safety-critical
  - id: ASSET-02
    name: GPS trajectory log
    properties: [confidentiality]
    rationale: PII / GDPR
  - id: ASSET-03
    name: ECU firmware
    properties: [integrity, authenticity]
```

### Damage scenario × impact rating
```yaml
damage_scenarios:
  - id: DS-01
    asset: ASSET-01
    description: Attacker injects fake brake-release message
    impact:
      safety: severe       # S3 (life-threatening)
      financial: moderate
      operational: major
      privacy: negligible
    overall: severe
```

### Threat scenario (STRIDE)
```yaml
threats:
  - id: TS-01
    target: ASSET-01
    stride: tampering
    description: Spoof brake CAN frame from compromised infotainment
    leads_to: DS-01
```

### Attack path
```
Internet → Telematics gateway (CVE-X) → Internal CAN gw bypass → 
Body CAN → Inject 0x100 brake frame
```

### Feasibility rating (ISO 21434 Annex G)
```yaml
attack_path: AP-01
factors:
  elapsed_time: 1_to_6_months   # 4 pts
  expertise: expert             # 6 pts
  knowledge: restricted         # 3 pts
  window: easy                  # 1 pts
  equipment: specialized        # 4 pts
total: 18                       # → Medium feasibility
```

### Risk matrix
```
              Feasibility →
Impact ↓    VeryLow Low  Med  High
Severe        2     3    4    5
Major         1     2    3    4
Moderate      1     1    2    3
Negligible    1     1    1    2
```

### Treatment plan
```yaml
risk: R-01 (severe × medium = 4)
treatment: reduce
controls:
  - C-01: Message Authentication Code (MAC) on brake CAN
  - C-02: Secure boot on telematics gateway
  - C-03: Firewall rules between domains
residual_risk: 2  # acceptable
```

## 매 결정 기준
| 상황 | Approach |
|---|---|
| Automotive E/E (mandatory) | TARA per ISO 21434 |
| IT system | STRIDE / PASTA |
| Industrial control (ICS) | IEC 62443 ZCR |
| Generic risk | NIST 800-30 |

**기본값**: 매 ISO 21434 TARA — 매 OEM type approval (UNECE R155) 의 required.

## 🔗 Graph
- 변형: [[STRIDE]] · [[OCTAVE]]

## 🤖 LLM 활용
**언제**: threat scenario brainstorming, attack tree generation, control gap analysis.
**언제 X**: final risk decision (human cybersecurity engineer 의 sign-off).

## ❌ 안티패턴
- **One-shot TARA**: 매 lifecycle 의 update 의 — 매 vuln/incident 의 trigger.
- **Generic STRIDE only**: 매 automotive-specific 의 EVITA 의 augment.
- **Skipping feasibility**: 매 impact-only 의 risk 의 inflated.
- **Doc theater**: 매 controls 의 implement 의 X — 매 evidence 의 X.

## 🧪 검증 / 중복
- Verified (ISO/SAE 21434:2021, UNECE WP.29 R155, EVITA project).
- 신뢰도 A.

## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — ISO 21434 7-step TARA, automotive STRIDE |