Computational Aspects of Attack–Defense Trees

Kordy, Barbara; Pouly, Marc; Schweitzer, Patrick

doi:10.1007/978-3-642-25261-7_8

Computational Aspects of Attack–Defense Trees

Barbara Kordy¹⁶,
Marc Pouly¹⁶ &
Patrick Schweitzer¹⁶

Conference paper

924 Accesses
13 Citations

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 7053))

Abstract

Attack–defense trees extend attack trees with defense nodes. This richer formalism allows for a more precise modeling of a system’s vulnerabilities, by representing interactions between possible attacks and corresponding defensive measures. In this paper we compare the computational complexity of both formalisms. We identify semantics for which extending attack trees with defense nodes does not increase the computational complexity. This implies that, for these semantics, every query that can be solved efficiently on attack trees can also be solved efficiently on attack–defense trees. Furthermore, every algorithm for attack trees can directly be used to process attack–defense trees.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Schneier, B.: Attack Trees. Dr. Dobb’s Journal of Software Tools 24(12), 21–29 (1999)
Google Scholar
Weiss, J.D.: A system security engineering process. In: 14th Nat. Comp. Sec. Conf., pp. 572–581 (1991)
Google Scholar
Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice-Hall, Inc., Upper Saddle River (1994)
MATH Google Scholar
Vesely, W.E., Goldberg, F.F., Roberts, N., Haasl, D.: Fault Tree Handbook. Technical Report NUREG-0492, U.S. Regulatory Commission (1981)
Google Scholar
Mauw, S., Oostdijk, M.: Foundations of Attack Trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)
Chapter Google Scholar
Cervesato, I., Meadows, C.: One Picture Is Worth a Dozen Connectives: A Fault-Tree Representation of NPATRL Security Requirements. IEEE TDSC 4, 216–227 (2007)
Google Scholar
Edge, K.S., Dalton II, G.C., Raines, R.A., Mills, R.F.: Using Attack and Protection Trees to Analyze Threats and Defenses to Homeland Security. In: MILCOM, IEEE, pp. 1–7 (2006)
Google Scholar
Morais, A.N.P., Martins, E., Cavalli, A.R., Jimenez, W.: Security Protocol Testing Using Attack Trees. In: CSE (2), pp. 690–697. IEEE Computer Society (2009)
Google Scholar
Jürgenson, A., Willemson, J.: Serial Model for Attack Tree Computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010)
Chapter Google Scholar
Bistarelli, S., Peretti, P., Trubitsyna, I.: Analyzing Security Scenarios Using Defence Trees and Answer Set Programming. ENTCS 197(2), 121–129 (2008)
Google Scholar
Yager, R.R.: OWA trees and their role in security modeling using attack trees. Inf. Sci. 176(20), 2933–2959 (2006)
Article MathSciNet MATH Google Scholar
Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of Attack–Defense Trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011)
Chapter Google Scholar
Kordy, B., Mauw, S., Melissen, M., Schweitzer, P.: Attack–Defense Trees and Two-Player Binary Zero-Sum Extensive Form Games Are Equivalent. In: Alpcan, T., Buttyán, L., Baras, J.S. (eds.) GameSec 2010. LNCS, vol. 6442, pp. 245–256. Springer, Heidelberg (2010)
Chapter Google Scholar
Kohlas, J.: Information Algebras: Generic Structures for Inference. Springer, Heidelberg (2003)
Book MATH Google Scholar
Davey, B., Priestley, H.: Introduction to Lattices and Order. Cambridge University Press (1990)
Google Scholar
Pouly, M., Kohlas, J.: Generic Inference: A Unifying Theory for Automated Reasoning. John Wiley & Sons, Inc. (2011)
Google Scholar
Crama, Y., Hammer, P.: Boolean Functions: Theory, Algorithms and Applications. Cambridge University Press (2011)
Google Scholar
Wachter, M., Haenni, R.: Multi-state Directed Acyclic Graphs. In: Kobti, Z., Wu, D. (eds.) Canadian AI 2007. LNCS (LNAI), vol. 4509, pp. 464–475. Springer, Heidelberg (2007)
Chapter Google Scholar
Darwiche, A., Marquis, P.: A Knowledge Compilation Map. J. Artif. Intell. Res. 17, 229–264 (2002)
MathSciNet MATH Google Scholar

Download references

Author information

Authors and Affiliations

CSC and SnT, University of Luxembourg, 6, rue Coudenhove-Kalergi, L-1359, Luxembourg
Barbara Kordy, Marc Pouly & Patrick Schweitzer

Authors

Barbara Kordy
View author publications
You can also search for this author in PubMed Google Scholar
Marc Pouly
View author publications
You can also search for this author in PubMed Google Scholar
Patrick Schweitzer
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Pascal Bouvry Mieczysław A. Kłopotek Franck Leprévost Małgorzata Marciniak Agnieszka Mykowiecka Henryk Rybiński

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kordy, B., Pouly, M., Schweitzer, P. (2012). Computational Aspects of Attack–Defense Trees. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds) Security and Intelligent Information Systems. SIIS 2011. Lecture Notes in Computer Science, vol 7053. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25261-7_8

Download citation

DOI: https://doi.org/10.1007/978-3-642-25261-7_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25260-0
Online ISBN: 978-3-642-25261-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics