Attack Trees - ATREES
Coordinating Institution:
Université du Luxembourg
Other Partner(s):
Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg
From: 01/04/2009
To: 31/03/2012
Budget: 299,000.00€
Contact(s):
Mauw Sjouke
Summary
Attack trees are a well-known methodology to describe the possible security weaknesses of a system. An attack tree basically consists of a description of an attacker’s goals and their refinement into sub-goals. We believe that attack trees provide an ideal systematic approach for security assessment. Due to their intuitive nature, attack trees are already one of several tools in security assessment. However, significant development of the methodology is needed before all potential benefits can be taken advantage of. The aim of this project is to produce a systematic, fully-fledged, and practical security assessment tool based on the attack tree approach.
We start by integrating defense nodes into attack tree formalism and developing the formal semantics for the obtained attack-defense trees. Such trees allow us to model possible security weaknesses, as well as countermeasures needed to protect a given system. Next, we will extend the obtained formalism with attributes, libraries, cycles, generic and parameterized attack-defense tree patterns. We will also study how to analyze the attack-defense trees by using methodology from game theory. The proposed research is expected to result in state-of-the-art security assessment tool. The tool should offer a significantly higher degree of security assertion compared to today's tools. Finally, in order to ensure the usability of our approach, the developed methodology and tool will be tested and validated by means of case studies.
Project Website: