Info: Zenodo’s user support line is staffed on regular business days between Dec 23 and Jan 5. Response times may be slightly longer than normal.

Published November 30, 2022 | Version Author copy
Journal article Open

Formalizing Attack Trees To Support Economic Analysis

  • 1. University of Oxford
  • 2. University of Innsbuck
  • 3. Edinburgh University

Description

Attack trees and attack graphs are both examples of what one might term attack modelling techniques. The primary purpose of such techniques is to help establish and enumerate the ways in which a system could be compromised; as such, they play a key role in the (security) risk analysis process. Given their role and the consequent need to ensure that they are correct, there are good reasons for capturing such artefacts in a formal manner. We describe such a formal approach, which has been motivated by a desire to model attacks from the perspectives of attackers, to support economic analysis. As an illustration, we consider exploitation cost.

Files

CEMDAT_DW.pdf

Files (431.0 kB)

Name Size Download all
md5:4e81b3e701aea23a8e740b13d5315ccd
431.0 kB Preview Download