Attack Trees (C08/IS/26)


Attack trees are a well-known methodology to describe the possible security weaknesses of a system. An attack tree basically consists of a description of an attacker’s goals and their refinement into sub-goals. We believe that attack trees provide an ideal systematic approach for security assessment.

Due to their intuitive nature, attack trees are already one of several tools in security assessment. However, significant development of the methodology is needed before all potential benefits can be taken advantage of.


The aim of this project is to produce a systematic, fully-fledged, and practical security assessment tool based on the attack tree approach. The main objective is to provide a mature methodology for graphical security assessment and analysis, by extending attack trees with possibility of modeling not only the attacker's behavior but also the defender's actions and possible mitigating countermeasures.


The following researchers are involved in the project:

Financial Support

The project is funded by the Fonds National de la Recherche Luxembourg (FNR), through the following grants: