TARA approaches are separated into two types in this section: formula-based methods and model-based methods. Formula-based approaches are those that use tables, texts, or formulae to analyze and assess a system's hazard and risk. Asset-based techniques, vulnerability-based methods, and attacker-based methods are the three categories of formula-based approaches based on their respective concerns.
Graph-Based Methods:
Graph-based methods use nodes and directional edges to link them. Graph-based approaches may represent each node module's direct mathematical quantitative link, making quantitative threat analysis of the system easier.
STRIDE:
Spoofing (S), tampering (T), repudiation (R), information disclosure (I), denial of service (D), and elevation of privilege (E) are all part of the STRIDE concept (E). The STRIDE approach is extensively utilized in the IT sector, and it is useful in identifying and analyzing dangers in the system, lowering the chance of the system being attacked. The STRIDE approach is progressively being implemented in different sectors due to its remarkable result.
PASTA method:
In addition to the STRIDE approach, PASTA (Process for Attack Simulation and Threat Analysis) was established as a seven-stage threat analysis method. Data flow diagrams are used by PASTA at the application decomposition layer. The (i.eLinkability, identifiability, nonrepudiation, detectability, data disclosure, unawareness, and noncompliance) technique uses a six-step analysis to offer data security and privacy protection