A Unified Compositional View of Attack Tree Metrics

TL;DR

This paper introduces a unified, compositional framework for attack tree metrics using category theory, enabling systematic definition and analysis of various security risk metrics.

Contribution

It develops a functorial semantics for attack trees based on gs-monoidal categories, providing a comprehensive and systematic approach to defining and understanding AT metrics.

Findings

Includes all common AT metrics within the framework

Provides a systematic way to define new AT metrics

Models attack trees as string diagrams in category theory

Abstract

Attack trees (ATs) are popular graphical models for reasoning about the security of complex systems, allowing for the quantification of risk through so-called AT metrics. A large variety of different such AT metrics have been proposed, and despite their wide-spread practical use, no systematic treatment of attack tree metrics so far is fully satisfactory. Existing approaches either fail to include important metrics, or they are too general to provide a useful systematic way for defining concrete AT metrics, giving only an abstract characterisation of their behaviour. We solve this problem by developing a compositional theory of ATs and their functorial semantics based on gs-monoidal categories. Viewing attack trees as string diagrams, we show that components of ATs form a channel category, a particular type of gs-monoidal category. AT metrics then correspond to functors of channel categories. This characterisation is both general enough to include all common AT metrics, and concrete enough to define AT metrics by their logical structure.