206
5.2.9.3 Risk Assessment
Identified risks were assessed using the DREAD methodology based on
(simplified) metrics. DREAD, defines scoring methodology and metrics that help
to evaluate the criticality of an identified threat. DREAD stands for Damage
potential, Reproducibility, Exploitability, Affected users, and Discoverability. It
defines the criteria according to which a threat is evaluated. Each criterion is
quantified at levels between 0 and 10. Eventually, the threat can be globally
rated (sum of D, R, E, A, D ratings), or the threat can be described along with its
individual ratings. The latter approach allows, obviously, for a more precise
analysis. A simpler scheme for DREAD, used in what follows, consists of only
three levels, viz. L (low), M (medium) and H (high) for each DREAD rating.
Note that a 'High' rating for Exploitability means that it is easy for an attacker to
carry out an attack leading to the identified threat, whereas a 'High' rating in
Discoverability means that it is difficult to discover the threat. This is to ensure a
coherent approach, in which 'Low' ratings decrease the overall criticality of a
risk, whereas 'High' ratings increase it.
The DREAD methodology and metric are used in Table 15 Error! Reference
source not found., for evaluating the risks identified in Table 14. In addition to
the DREAD rating, the Table 15 also provides initial information on specific
threats that may lead to the occurrence of the identified risk. In addition to this
information, initial steps toward threat mitigation are provided. Furthermore, it
links mitigation scenarios to the design choices (noted DCx.y) elaborated on in
Section 5.2.10.