Attack Trees with Sequential Conjunction

TitleAttack Trees with Sequential Conjunction
Publication TypeConference Paper
Year of Publication2015
AuthorsJhawar R., Kordy B., Mauw S., Radomirović S., Trujillo-Rasua R.
Conference NameInternational Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany
Date PublishedMay
PublisherIFIP
Abstract

We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.