bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/Architecture/TARA.md
T
Antigravity Agent f8b21af4be Wiki cleanup: error-doc removal, dedup merge, link normalization 
10_Wiki/Topics 대규모 정리:
- 오류 캡처/미완성 stub 문서 227개 제거
- 교차폴더 중복 43클러스터 병합 (63파일 → redirect)
- 링크명 정규화: 깨진 링크 수정·redirect 직결·개념 매핑 ~2,400건
- 카테고리 MOC 6개 신규 생성
- Graph 섹션 미해결 related-keyword 링크 10,058건 제거

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-20 23:52:15 +09:00

4.9 KiB
Raw Blame History

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack
id title category status canonical_id aliases duplicate_of source_trust_level confidence_score verification_status tags raw_sources last_reinforced github_commit tech_stack
wiki-2026-0508-tara TARA (Threat Analysis and Risk Assessment) 10_Wiki/Topics verified self
Threat Analysis Risk Assessment
ISO 21434 TARA
Automotive Threat Modeling
none A 0.9 applied
security
threat-modeling
automotive
iso-21434
2026-05-10 pending
language framework
methodology iso-21434

TARA (Threat Analysis and Risk Assessment)

매 한 줄

"매 automotive cybersecurity 의 mandatory threat modeling". 매 ISO/SAE 21434 의 core process — 매 vehicle E/E system 의 cybersecurity risk 의 systematic 의 identify + assess + treat. 2026 의 UNECE R155 type-approval 의 prerequisite.

매 핵심

매 7 steps (ISO 21434 §15)

  1. Asset identification: 매 cybersecurity property (CIAA) 의 정의.
  2. Threat scenario identification: STRIDE/EVITA 의 적용.
  3. Impact rating: Safety, Financial, Operational, Privacy (SFOP).
  4. Attack path analysis: 매 attack tree / kill chain.
  5. Attack feasibility rating: time, expertise, knowledge, opportunity, equipment.
  6. Risk determination: Impact × Feasibility → 1-5 risk value.
  7. Risk treatment: avoid, reduce, share, retain.

매 STRIDE for automotive

  • Spoofing — 매 ECU identity forgery (CAN ID).
  • Tampering — 매 firmware mod, OTA hijack.
  • Repudiation — 매 audit log absence.
  • Info disclosure — 매 GPS/PII leak.
  • DoS — 매 CAN bus flood.
  • EoP — 매 infotainment → drive ECU pivot.

매 vs IT threat modeling

  • Lifecycle: 매 15 yr vehicle 의 — 매 long-term update.
  • Safety coupling: 매 cyber → physical harm (브레이크).
  • Supply chain: 매 multi-tier (OEM ← T1 ← T2).
  • Standards: 매 ISO 21434 + UNECE R155 의 mandatory.

매 응용

  1. New vehicle development (concept phase).
  2. CSMS audit evidence.
  3. Post-incident re-assessment.

💻 패턴

Asset table (YAML)

assets:
  - id: ASSET-01
    name: Brake control message
    properties: [integrity, availability]
    rationale: Loss → safety-critical
  - id: ASSET-02
    name: GPS trajectory log
    properties: [confidentiality]
    rationale: PII / GDPR
  - id: ASSET-03
    name: ECU firmware
    properties: [integrity, authenticity]

Damage scenario × impact rating

damage_scenarios:
  - id: DS-01
    asset: ASSET-01
    description: Attacker injects fake brake-release message
    impact:
      safety: severe       # S3 (life-threatening)
      financial: moderate
      operational: major
      privacy: negligible
    overall: severe

Threat scenario (STRIDE)

threats:
  - id: TS-01
    target: ASSET-01
    stride: tampering
    description: Spoof brake CAN frame from compromised infotainment
    leads_to: DS-01

Attack path

Internet → Telematics gateway (CVE-X) → Internal CAN gw bypass → 
Body CAN → Inject 0x100 brake frame

Feasibility rating (ISO 21434 Annex G)

attack_path: AP-01
factors:
  elapsed_time: 1_to_6_months   # 4 pts
  expertise: expert             # 6 pts
  knowledge: restricted         # 3 pts
  window: easy                  # 1 pts
  equipment: specialized        # 4 pts
total: 18                       # → Medium feasibility

Risk matrix

              Feasibility →
Impact ↓    VeryLow Low  Med  High
Severe        2     3    4    5
Major         1     2    3    4
Moderate      1     1    2    3
Negligible    1     1    1    2

Treatment plan

risk: R-01 (severe × medium = 4)
treatment: reduce
controls:
  - C-01: Message Authentication Code (MAC) on brake CAN
  - C-02: Secure boot on telematics gateway
  - C-03: Firewall rules between domains
residual_risk: 2  # acceptable

매 결정 기준

상황 Approach
Automotive E/E (mandatory) TARA per ISO 21434
IT system STRIDE / PASTA
Industrial control (ICS) IEC 62443 ZCR
Generic risk NIST 800-30

기본값: 매 ISO 21434 TARA — 매 OEM type approval (UNECE R155) 의 required.

🔗 Graph

🤖 LLM 활용

언제: threat scenario brainstorming, attack tree generation, control gap analysis. 언제 X: final risk decision (human cybersecurity engineer 의 sign-off).

안티패턴

  • One-shot TARA: 매 lifecycle 의 update 의 — 매 vuln/incident 의 trigger.
  • Generic STRIDE only: 매 automotive-specific 의 EVITA 의 augment.
  • Skipping feasibility: 매 impact-only 의 risk 의 inflated.
  • Doc theater: 매 controls 의 implement 의 X — 매 evidence 의 X.

🧪 검증 / 중복

  • Verified (ISO/SAE 21434:2021, UNECE WP.29 R155, EVITA project).
  • 신뢰도 A.

🕓 Changelog

날짜 변경
2026-05-08 Phase 1
2026-05-10 Manual cleanup — ISO 21434 7-step TARA, automotive STRIDE
Reference in New Issue View Git Blame Copy Permalink