TARA (Threat Analysis and Risk Assessment) 流程總覽
是什麼?
定義
Systematic approach to identify and assess cybersecurity-related risks.
簡言之:「找出威脅 + 評估風險 + 決定處置」的系統化方法。
Important
TARA 是 ISO 21434 中最被考的章節之一。八步驟需牢記。
為什麼 TARA 是核心?
TARA 結果
├── 決定 Cybersecurity Goals
├── 決定 Cybersecurity Concept
├── 決定 CS Requirements
├── 決定 CAL(保證等級)
├── 影響架構設計
└── 影響 Validation 範圍
→ TARA 不對,後續全錯
TARA 八步驟(必背)
1. Asset Identification ← 資產識別
↓
2. Threat Scenario Identification ← 威脅情境識別
↓
3. Impact Rating ← 衝擊評等 (SFOP)
↓
4. Attack Path Analysis ← 攻擊路徑分析
↓
5. Attack Feasibility Rating ← 攻擊可行性評等
↓
6. Risk Value Determination ← 風險值判定
↓
7. Risk Treatment Decision ← 風險處置決策
↓
8. (持續監控 + 更新) ← 非顯式步驟,但實務必要
記憶法
Asset → Threat → Impact → Attack Path → Feasibility → Risk → Treatment
縮寫:「ATIA-FRT」或記成:
「找資產 → 想威脅 → 看後果 → 畫路徑 → 算難度 → 算風險 → 決定處置」
各步驟對應筆記
| 步驟 | 中文 | 對應筆記 |
|---|---|---|
| 1 | 資產識別 | 12-TARA-Methods/02-Asset-Identification |
| 2 | 威脅情境 | 12-TARA-Methods/03-Threat-Scenario |
| 3 | 衝擊評等 | 12-TARA-Methods/04-Impact-Rating |
| 4 | 攻擊路徑 | 12-TARA-Methods/05-Attack-Path-Analysis |
| 5 | 可行性評等 | 12-TARA-Methods/06-Attack-Feasibility-Rating |
| 6 | 風險判定 | 12-TARA-Methods/07-Risk-Determination |
| 7 | 風險處置 | 12-TARA-Methods/08-Risk-Treatment |
TARA 輸入
Item Definition ← Concept Phase 提供
├── Scope, Boundaries
├── Functions, Assets
├── Interfaces
└── Operational Environment
業界威脅情報 ← Clause 8 Monitoring
├── CVE
├── Auto-ISAC alerts
└── 歷史事件
組織政策 ← CSMS
├── 風險容忍度
├── 處置政策
└── CAL 對應規則
TARA 輸出
TARA Report 含:
├── Asset 清單
├── Threat Scenarios 清單
├── Damage Scenarios 清單
├── Impact Rating(SFOP)
├── Attack Paths 清單
├── Attack Feasibility Rating
├── Risk Value 矩陣
├── Risk Treatment 決策
├── 殘餘風險
└── 對 CS Goals / Requirements 的影響
TARA 工具
| 工具 | 廠商 | 特色 |
|---|---|---|
| Medini Analyze | ANSYS | 業界廣泛使用,含 26262 整合 |
| PREEvision | Vector | E/E 架構整合 |
| ITEM ToolKit | ITEM | TARA + FMEA |
| ThreatModeler | ThreatModeler Inc. | 雲端、跨產業 |
| MS Threat Modeling Tool | Microsoft | 免費、STRIDE |
| OWASP Threat Dragon | OWASP | 開源 |
| 自製 Excel | — | 小型專案常用 |
TARA 在生命週期中的時機
Item Definition 完成 ────────→ 首次完整 TARA
↓
Architecture 變更 ─────────────→ TARA 更新(focus changed areas)
↓
Verification 發現新攻擊路徑 ────→ TARA 更新
↓
Clause 8 新威脅出現 ────────────→ TARA 更新
↓
事件發生 ─────────────────→ TARA 更新
↓
Reuse / 新車型 ────────────────→ Delta TARA
↓
EoS ───────────────────────→ TARA 凍結
TARA 報告範本(high-level)
tara_report:
metadata:
item: "TCU-2026"
version: 3.1
date: 2026-09-15
performed_by: "CS Engineer Team"
reviewed_by: "Project CS Manager"
approved_by: "VP Engineering"
item_reference: "Item Definition v1.5"
step_1_assets:
- id: A-001
name: "TCU Firmware"
properties: [Integrity, Authenticity]
# ...
step_2_threats:
- id: TS-001
asset: A-001
threat: "Remote firmware tampering"
damage_scenario: "Vehicle compromised remotely"
# ...
step_3_impact:
- id: TS-001
sfop:
safety: Severe
financial: Major
operational: Severe
privacy: Major
overall: Severe
step_4_attack_paths:
- id: AP-001
threat: TS-001
path:
- "Compromise OTA server"
- "Sign malicious firmware"
- "Push to fleet"
step_5_feasibility:
- id: AP-001
elapsed_time: 13
expertise: 6
knowledge: 3
window: 4
equipment: 4
total: 30
rating: Low
step_6_risk:
- id: TS-001
impact: Severe
feasibility: Low
risk_value: 3
level: Medium
step_7_treatment:
- id: TS-001
decision: Reduce
goals_addressed: ["CG-001", "CG-005"]
controls:
- "Code signing"
- "Anti-rollback"
residual_risk: Low
summary:
total_threats: 47
risk_distribution:
very_high: 0
high: 2
medium: 15
low: 30
treatments:
reduce: 17
avoid: 1
transfer: 4
retain: 25
TARA 的常見錯誤
Warning
- 跳過 Item Definition 直接做:基礎不全
- Asset 識別不全:威脅就找不到
- Damage 與 Threat 混淆
- Impact 只考慮 Safety:忘記 FOP
- Attack Feasibility 分數方向錯:高分=難,低分=易
- Risk Treatment 沒文件化理由
- 不更新 TARA:當作一次性工作
證照考點
高頻考點
- 八步驟順序(必背)
- TARA 是 Clause 15
- TARA 是橫貫方法,不專屬某階段
- Damage Scenario ≠ Threat Scenario
- TARA 結果驅動 CS Goals + Concept + Requirements
- TARA 是 Living Document
- TARA 是 CS Case 的核心證據
Related Notes
- 12-TARA-Methods/02-Asset-Identification
- 12-TARA-Methods/03-Threat-Scenario
- 12-TARA-Methods/04-Impact-Rating
- 12-TARA-Methods/05-Attack-Path-Analysis
- 12-TARA-Methods/06-Attack-Feasibility-Rating
- 12-TARA-Methods/07-Risk-Determination
- 12-TARA-Methods/08-Risk-Treatment
- 00-Dashboard/Quick-Reference#二、TARA 八步驟(Clause 15)