AutoTARA (Automated Threat Analysis and Risk Assessment) is a web-based framework that supports the ISO/SAE 21434 TARA process for the automotive industry. By integrating the MITRE TARA (CTSA/CRRA) methodology, Meta Attack Language (MAL), and LLMs, AutoTARA provides scalable and quantitative prioritization of security countermeasures.
AutoTARA is a tool that implements the methodology proposed in the following paper, which is scheduled to be presented at VehicleSec'26 (4th USENIX Symposium on Vehicle Security and Privacy):
Bridging Two TARAs: Integrating MITRE CTSA/CRRA Prioritization into ISO/SAE 21434 for Automotive Security
Minhyuk Park, Yejun Kim, and Seungjoo Kim
VehicleSec'26, August 10-11, 2026, Baltimore, MD, USA
- Visual Threat Modeling: Build and edit complex system diagrams using an intuitive graph editor powered by AntV X6.
- Detailed Property Management: Configure specific properties for each component and connection within the system.
- Threat Management: Systematically identify, categorize, and manage cybersecurity threats associated with system elements.
- Attack Simulation: Simulate potential attack paths to discover vulnerabilities and validate security assumptions.
- Risk Assessment Modules: Built-in support for standardized assessment methodologies, including CTSA (Cyber Threat Susceptibility Analysis) and CRRA (Cyber Risk Remediation Assessment).
- TARA Results Dashboard: Provides dashboards for generated attack paths, including damage/threat scenarios and attack paths.
This project is built on a modern full-stack architecture.
- Core Framework: Vue 3
- Build Tool: Vite
- State Management: Pinia
- Diagram Engine: AntV X6
- UI Framework: Bootstrap 5 and FontAwesome
- Runtime: Node.js
- Framework: Express.js (v5)
- Architecture: Layered architecture (Controllers, Services, Repositories)
- Database: PostgreSQL 17
- Containerization: Docker and Docker Compose
- Driver: node-postgres (pg)
- Node.js (v20.19.0 or later recommended)
- npm
- Docker Desktop or Docker Engine + Docker Compose
This project consists of four services:
- db: PostgreSQL 17
- mal-simulator: FastAPI-based MAL simulation server
- tara-server: Node.js/Express backend
- tara-vue: Vue 3 + Vite frontend
The recommended way to run the full stack is to use the root docker-compose.yml.
docker compose up -d --buildThis starts:
- Frontend:
http://localhost:8080 - Backend API:
http://localhost:3000/api - MAL Simulator API:
http://localhost:8000 - PostgreSQL:
localhost:5432
docker compose downThe backend service loads environment variables from tara.server/.env, including Gemini-related settings.
Database and simulator connection values are overridden by Docker Compose so that containers can communicate over the internal Docker network.
If needed, you can still run each service individually without Docker.
Database only:
cd db
docker compose up -dBackend:
cd tara.server
npm clean-install
npm run devFrontend:
cd tara.vue
npm clean-install
npm run devMAL simulator:
cd simulator.server
pip install -r requirements.txt
python api_server.pyThe full stack is managed through the root docker-compose.yml.
- Database User:
user - Database Name:
tara_db - Database Volume:
pgdata - Database Init Scripts:
db/init - MITRE Data Files:
db/data
This project incorporates code and concepts from OWASP Threat Dragon. We thank the OWASP community for its significant contributions to open-source threat modeling tools. Threat Dragon is licensed under the Apache License 2.0. We also thank KTH for the Meta Attack Language (MAL), which informed the MAL-based modeling and simulation capabilities in AutoTARA.