Attack Trees (C08/IS/26)
Description
The aim of this project is to produce a systematic, fully-fledged, and practical security assessment tool based on the attack tree approach. Attack trees are a well-known methodology to describe the possible security weaknesses of a system. An attack tree basically consists of a description of an attacker’s goals and their refinement into sub-goals. We believe that attack trees provide an ideal systematic approach for security assessment.
Due to their intuitive nature, attack trees are already one of several tools in security assessment. However, significant development of the methodology is needed before all potential benefits can be taken advantage of.
Team members
The following members are involved in the project:
- Prof. Sjouke Mauw (principal investigator)
- Barbara Kordy (leading researcher)
- Patrick Schweitzer
- Saša Radomirović
Conference Proceedings
| [1] | Barbara Kordy, Marc Pouly, and Patrick Schweitzer. Computational Aspects of Attack-Defense Trees. In Security & Intelligent Information Systems, volume 7053 of LNCS, pages 103-116. Springer, 2011. [ bib | .pdf ] |
| [2] | Barbara Kordy, Sjouke Mauw, Saša Radomirović, and Patrick Schweitzer. Foundations of attack-defense trees. In Pierpaolo Degano, Sandro Etalle, and Joshua Guttman, editors, Proceedings of the 7th international Workshop on Formal Aspects in Security and Trust (FAST 2010), volume 6561 of LNCS, pages 80-95. Springer-Verlag, 2011. [ bib | DOI | .pdf ] |
| [3] | Barbara Kordy, Sjouke Mauw, Matthijs Melissen, and Patrick Schweitzer. Attack-defense trees and two-player binary zero-sum extensive form games are equivalent. In Proceedings of the Conference on Decision and Game Theory for Security (GameSec 2010), volume 6442 of LNCS, pages 245-256. Springer, 2010. [ bib | http ] |
Financial support
The project is funded by the National Research Fund Luxembourg (FNR), through the following grants:
- CORE grant No. C08/IS/26.
- AFR grant No. PHD-09-167.