Skip to content

Attack Vectors

Attack vectors define specific methods or pathways that threat sources use to exploit vulnerabilities in a system. Predefined attack vectors can be configured to provide detailed context and enable automatic attack scenario and countermeasure generation.

Basic Settings

Each attack vector includes:

  1. Name: A descriptive identifier (e.g., "SQL Injection", "Man-in-the-Middle", "Physical Tampering")
  2. Description: Detailed explanation of the attack method and how it works
  3. Adversaries: Threat sources typically capable of executing this attack
  4. Protection Goals: Which security goals are affected (e.g. confidentiality, integrity, availability)
  5. Threat Categories: Classification tags for organizing attacks
  6. Lifecycle Infos: When the vulnerability is introduced and when it becomes exploitable
  7. Related Threat Libraries: MITRE CAPEC, CWE, and EMB3D mappings for standardized references
  8. Risk Assessment: Predefined exploitability, impact, and likelihood ratings, additionally severity and CVSS score
  9. Controls: Linked countermeasures that mitigate this attack vector
  10. Checklist Requirements: Associated compliance requirements (e.g., IEC 62443-4-2)

Lifecycle Information

Attack vectors can be characterized by their relationship to the system lifecycle:

  • Introduced: The lifecycle phase where the vulnerability is typically introduced (e.g., Design, Implementation, Distribution)
  • Exploitable: The lifecycle phase where the attack can be executed (e.g., Operation, Maintenance, Decommissioning)

This information helps identify when security measures should be applied and when threats become relevant.

Threat Library Mapping

Attack vectors can be mapped to standardized threat libraries for industry alignment:

  • CAPEC (Common Attack Pattern Enumeration and Classification): Links to standardized attack patterns and methodologies
  • CWE (Common Weakness Enumeration): Connects attacks to underlying code weaknesses and vulnerabilities
  • EMB3D: Associates with embedded device threats

These mappings provide traceability to industry-standard security frameworks and enhance reporting with recognized classifications.

Risk Assessment

The risk assessment parameters can be predefined for each attack vector. The definition depends on the configured risk methods (see Risk Assessment). Furthermore, the severity and CVSS score can be configured.

When attack scenarios reference attack vectors, these predefined values can be automatically inherited, ensuring consistent risk assessment across your threat model.

Controls

Attack vectors can be linked to specific controls that mitigate the attack method. When a threat rule references an attack vector, the associated controls are automatically inherited and used to generate countermeasures. This ensures that standard mitigation strategies are consistently applied.

Checklist Requirements

Attack vectors can be mapped to specific checklist requirements from security standards. When attack scenarios are generated from threat rules referencing attack vectors, the linked checklist requirements are automatically associated with the scenarios, enabling automatic traceability and streamlined compliance documentation.

Usage in Threat Modeling

Attack vectors can be referenced by attack scenarios and may be referenced by threat rules. When a threat rule applies to elements in your model, the attack vector's properties (protection goals, risk parameters, controls, and checklist requirements) are inherited by the generated attack scenarios. This provides rich context and automatic generation of countermeasures without manual configuration.