Attack Trees with Sequential Conjunction

Ravi Jhawar; Barbara Kordy; Sjouke Mauw; Sasa Radomirovic; Rolando; Trujillo-Rasua

arXiv:1503.02261·cs.CR·March 10, 2015

Attack Trees with Sequential Conjunction

Ravi Jhawar, Barbara Kordy, Sjouke Mauw, Sasa Radomirovic, Rolando, Trujillo-Rasua

PDF

Open Access

TL;DR

This paper introduces a formal foundation for SAND attack trees, enhancing attack tree expressivity with sequential operators, and provides semantics, axioms, normal forms, and quantitative analysis methods.

Contribution

It is the first to formalize SAND attack trees, defining semantics, axiomatization, normal forms, and attribute-based quantitative analysis.

Findings

01

Semantics as sets of series-parallel graphs

02

Complete axiomatization of SAND attack trees

03

Method for quantitative attribute analysis

Abstract

We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND attack tree formalism increases the expressivity of attack trees by introducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsNetwork Security and Intrusion Detection · Information and Cyber Security · Advanced Malware Detection Techniques