Attack Trees with Sequential Conjunction

Ravi Jhawar, Barbara Kordy (Lead / Corresponding author), Sjouke Mauw, Saša Radomirović, Rolando Trujillo-Rasua

Research output: Chapter in Book/Report/Conference proceedingConference contribution

82 Citations (Scopus)

Abstract

We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND attack tree formalism increases the expressivity of attack trees by introducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection
Subtitle of host publication30th IFIP TC 11 International Conference, SEC 2015 Hamburg, Germany, May 26–28, 2015 Proceedings
EditorsHannes Federrath, Dieter Gollmann
Place of PublicationSwitzerland
PublisherSpringer International Publishing
Pages339-353
Number of pages15
ISBN (Electronic)9783319184678
ISBN (Print)9783319184661
DOIs
Publication statusPublished - 2015
Event30th International Conference on ICT Systems Security and Privacy Protection - University of Hamburg, ESA Campus, Hamburg, Germany
Duration: 26 May 201528 May 2015
https://www.ifipsec.org/2015/ (Link to Conference website)

Publication series

NameIFIP Advances in Information and Communication Technology
Volume455
ISSN (Print)1868-4238
ISSN (Electronic)1868-422X

Conference

Conference30th International Conference on ICT Systems Security and Privacy Protection
Abbreviated titleIFIP SEC 2015
Country/TerritoryGermany
CityHamburg
Period26/05/1528/05/15
Internet address

Keywords

  • Attack trees
  • SAND
  • Security modeling
  • Sequential operators

ASJC Scopus subject areas

  • Information Systems and Management

Fingerprint

Dive into the research topics of 'Attack Trees with Sequential Conjunction'. Together they form a unique fingerprint.

Cite this