Attack Trees with Sequential Conjunction
|Title||Attack Trees with Sequential Conjunction|
|Publication Type||Conference Paper|
|Year of Publication||2015|
|Authors||Jhawar R., Kordy B., Mauw S., Radomirović S., Trujillo-Rasua R.|
|Conference Name||International Conference on ICT Systems Security and Privacy Protection (IFIPSEC), Hamburg, Germany|
We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.