Options
On the meaning and purpose of attack trees
Publikationstyp
Conference Paper
Date Issued
2019-06-25
Sprache
English
Author(s)
Mantel, Heiko
Start Page
184
End Page
199
Article Number
8823696
Citation
32nd IEEE Computer Security Foundations Symposium (CSF 2019)
Contribution to Conference
Publisher DOI
Scopus ID
Publisher
IEEE
Attack trees are a popular notation for describing threats to systems, both in academia and industry. Originally, attack trees lacked a formal semantics, but formal semantics for different variants of attack trees were proposed later. These semantics focus on the attacker's actions defined in the leaves and the logical structure defined by the inner nodes of an attack tree. Surprisingly, they do not clarify the connection to the goal defined at the root node in a satisfactory fashion. In this article, we aim at a better clarification of this connection between the attacks and the attacker goal specified by an attack tree. We argue that there are multiple sensible success criteria for attacks wrt. a given attacker goal and develop a framework for defining such criteria. We exploit our framework to identify similarities and differences between automatic attack-tree generation techniques. Finally, we propose a novel variant of attack trees that allows one to express exploits in an explicit fashion.
Subjects
Attack trees
Security engineering
Threat modeling
DDC Class
004: Informatik