Abstract
Attack trees have found their way to practice because they have proved to be an intuitive aid in threat analysis. Despite, or perhaps thanks to, their apparent simplicity, they have not yet been provided with an unambiguous semantics. We argue that such a formal interpretation is indispensable to precisely understand how attack trees can be manipulated during construction and analysis. We provide a denotational semantics, based on a mapping to attack suites, which abstracts from the internal structure of an attack tree, we study transformations between attack trees, and we study the attribution and projection of an attack tree.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
TANAT – Threat ANd Attack Tree Modeling plus Simulation (2004), http://www13.informatik.tu-muenchen.de:8080/tanat/
ARES corporation. Risk techniques, fault trees. Technical report, Available from: http://www.arescorporation.com/
Einarsson, S., Rausand, M.: An approach to vulnerability analysis of complex industrial systems. Risk Analysis 18(5), 535–545 (1998)
Landwehr, C.E.: Formal models for computer security. Computing Surveys 13(3), 247–277 (1981)
Amaneza Technologies Limited. A quick tour of attack tree based risk analysis using SecurITree. Technical report (2002)
McDermott, J.P.: Attack net penetration testing. In: Proc. 2000 workshop on New Security Paradigm, pp. 15–20. ACM, New York (2001)
Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: DARPA Information Survivability Conference & Exposition, vol. 1, pp. 237–250 (2000)
Opel, A.: Design and implementation of a support tool for attack trees (2005)
Phillips, C., Swiler, L.P.: A graph-based system for network-vulnerability analysis. In: Proc. New Security Paradigms Workshop, pp. 71–79 (1998)
Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s journal (December 1999)
Schneier, B.: Secrets & Lies: Digital Security in a Networked World. Wiley, Chichester (2000)
Stefan, J., Schumacher, M.: Collaborative attack modeling. In: SAC 2002, pp. 253–259. ACM, New York (2002)
Swiler, L.P., Philips, C., Ellis, D., Chakarian, S.: Computer-attack graph generation tool. In: Proc. DARPA Information Survivability Conference and Exposition, June 2001, vol. 2, pp. 307–321 (2001)
Terese: Term Rewriting Systems. Cambridge Tracts in Theoretical Computer Science, vol. 55. Cambridge University Press, Cambridge (2003)
Tidwell, T., Larson, R., Fitch, K., Hale, J.: Modeling internet attacks. In: Proc. of the 2001 IEEE Workshop on Information Assurance and Security (2001)
Vesely, W.E., et al.: Fault tree handbook. Technical Report NUREG-0492, U.S. Nuclear Regulatory Commission (January 1981)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mauw, S., Oostdijk, M. (2006). Foundations of Attack Trees. In: Won, D.H., Kim, S. (eds) Information Security and Cryptology - ICISC 2005. ICISC 2005. Lecture Notes in Computer Science, vol 3935. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11734727_17
Download citation
DOI: https://doi.org/10.1007/11734727_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33354-8
Online ISBN: 978-3-540-33355-5
eBook Packages: Computer ScienceComputer Science (R0)