English

Quantitative Questions on Attack-Defense Trees

Cryptography and Security 2012-10-31 v1

Abstract

Attack-defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes visual, intuitive tree models whose analysis is supported by a rigorous mathematical formalism. Both, the intuitive and the formal components of the approach can be used for quantitative analysis of attack-defense scenarios. In practice, we use intuitive questions to ask about aspects of scenarios we are interested in. Formally, a computational procedure, defined with the help of attribute domains and a bottom-up algorithm, is applied to derive the corresponding numerical values. This paper bridges the gap between the intuitive and the formal way of quantitatively assessing attack-defense scenarios. We discuss how to properly specify a question, so that it can be answered unambiguously. Given a well specified question, we then show how to derive an appropriate attribute domain which constitutes the corresponding formal model. Since any attack tree is in particular an attack-defense tree, our analysis is also an advancement of the attack tree methodology.

Keywords

Cite

@article{arxiv.1210.8092,
  title  = {Quantitative Questions on Attack-Defense Trees},
  author = {Barbara Kordy and Sjouke Mauw and Patrick Schweitzer},
  journal= {arXiv preprint arXiv:1210.8092},
  year   = {2012}
}

Comments

technical report including formal pruning and additional figures

R2 v1 2026-06-21T22:30:14.889Z