Formalizing Attack Trees To Support Economic Analysis
- 1. University of Oxford
- 2. University of Innsbuck
- 3. Edinburgh University
Description
Attack trees and attack graphs are both examples of what one might term attack modelling techniques. The primary purpose of such techniques is to help establish and enumerate the ways in which a system could be compromised; as such, they play a key role in the (security) risk analysis process. Given their role and the consequent need to ensure that they are correct, there are good reasons for capturing such artefacts in a formal manner. We describe such a formal approach, which has been motivated by a desire to model attacks from the perspectives of attackers, to support economic analysis. As an illustration, we consider exploitation cost.
Files
CEMDAT_DW.pdf
Files
(431.0 kB)
Name | Size | Download all |
---|---|---|
md5:4e81b3e701aea23a8e740b13d5315ccd
|
431.0 kB | Preview Download |