Attribute Decoration of Attack–Defense Trees

Type of pub: 
Paper - journal
Alessandra Bagnato
Barbara Kordy
Per Håkon Meland
and Patrick Schweitzer 1
Book title - Journal: 
International Journal of Secure Software Engineering (IJSSE), 3(2), 1-35, April-June 2012
IGI Global

Attack–defense trees can be used as part of threat and risk analysis for system development and maintenance. They are an extension of attack trees with defense measures. Moreover, tree nodes can be decorated with attributes, such as probability, impact, and penalty, to increase the expressiveness of the model. Attribute values are typically assigned based on cognitive estimations and historically recorded events. This paper presents a practical case study with attack's defense trees. First, the authors create an attack's defense tree for an RFID-based goods management system for a warehouse. Then, they explore how to use a rich set of attributes for attack and defense nodes and assign and aggregate values to obtain condensed information, such as performance indicators or other key security figures. The authors discuss different modeling choices and tradeoffs. The case study led them to define concrete guidelines that can be used by software developers, security analysts, and system owners when performing similar assessments

ANIKETOS newsletter

Stay informed on our latest news!


Only for users who has an user and a password sent by the administrator.