Abstract
We formally define three notions of soundness of an attack tree w.r.t. the system it refers to: admissibility, consistency, and completeness. The system is modeled as a labeled transition system and the attack is provided with semantics in terms of paths of the transition system. We show complexity results on the three notions of soundness, and the influence of the operators that are in the attack tree (see the recap in Fig. 5).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
The children of the internal node.
- 2.
See further for details.
- 3.
That is the negative instances of the decision problem, i.e. those for which the answer is “no”, are fully characterized by a polynomial-time non-deterministic algorithm.
- 4.
Which is classically called an oracle.
- 5.
The answer is “Yes/No”.
- 6.
The answers “Yes/No” are swapped.
- 7.
Which is classically called an oracle.
- 8.
This is classic and it is no loss of generality.
- 9.
Namely that the answer is “no”.
- 10.
By Proposition 4 it is enough to consider paths whose size is polynomial in
.
.References
Clarke, E.M., Emerson, A.E.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1981)
Cook, S.A.: The complexity of theorem-proving procedures. In: Conference Record of Third Annual ACM Symposium on Theory of Computing, Shaker Heights, Ohio, 3–5 May 1971, pp. 151–158 (1971)
Garey, M.R., Johnson, D.S.: Computers and Intractability. A Guide to the Theory of NP-Completeness. Freeman, New York (1979)
Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D., Chakravarthy, S.R. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 339–353. Springer, Heidelberg (2015). doi:10.1007/978-3-319-18467-8_23
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)
Lenzini, G., Mauw, S., Ouchani, S.: Security analysis of socio-technical physical systems. Comput. Electr. Eng. 47, 258–274 (2015)
Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Heidelberg (2016). doi:10.1007/978-3-319-29968-6_7
Schneier, B.: Attack trees. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)
Schnoebelen, P.: The complexity of temporal logic model checking. Adv. Modal Logic 4(393–436), 35 (2002)
Stockmeyer, L.J.: The polynomial-time hierarchy. Theoret. Comput. Sci. 3(1), 1–22 (1976)
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Audinot, M., Pinchinat, S. (2016). On the Soundness of Attack Trees. In: Kordy, B., Ekstedt, M., Kim, D. (eds) Graphical Models for Security. GraMSec 2016. Lecture Notes in Computer Science(), vol 9987. Springer, Cham. https://doi.org/10.1007/978-3-319-46263-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-319-46263-9_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46262-2
Online ISBN: 978-3-319-46263-9
eBook Packages: Computer ScienceComputer Science (R0)