An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability

Ítalo Oliveira; Stefano M. Nicoletti; Gal Engelberg; Mattia Fumagalli; Dan Klein; Giancarlo Guizzardi

doi:10.3233/FAIA250491

An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability

Ítalo Oliveira^*
, Stefano M. Nicoletti
, Gal Engelberg
, Mattia Fumagalli
, Dan Klein
, Giancarlo Guizzardi

^*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

1 Downloads (Pure)

Abstract

Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker’s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.

Original language	English
Title of host publication	Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025
Editors	Tiago Prince Sales, Claudio Masolo, C. Maria Keet
Place of Publication	Amsterdam
Publisher	IOS
Pages	151-165
Number of pages	15
ISBN (Electronic)	978-1-64368-617-2
DOIs	https://doi.org/10.3233/FAIA250491
Publication status	Published - 28 Aug 2025
Event	15th Formal Ontology in Information Systems Conference, FOIS 2025 - Catania, Italy Duration: 4 Sept 2025 → 12 Sept 2025

Publication series

Name	Frontiers in Artificial Intelligence and Applications
Volume	409
ISSN (Print)	0922-6389
ISSN (Electronic)	1879-8314

Conference

Conference	15th Formal Ontology in Information Systems Conference, FOIS 2025
Country/Territory	Italy
City	Catania
Period	4/09/25 → 12/09/25

Keywords

Code generation
Model transformations
Model-driven engineering
Ontology-driven software development
OntoUML

Access to Document

10.3233/FAIA250491Licence: CC BY-NC

ArticleFinal published version, 311 KBLicence: CC BY-NC

Cite this

Oliveira, Í., Nicoletti, S. M., Engelberg, G., Fumagalli, M., Klein, D., & Guizzardi, G. (2025). An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. In T. P. Sales, C. Masolo, & C. M. Keet (Eds.), Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025 (pp. 151-165). (Frontiers in Artificial Intelligence and Applications; Vol. 409). IOS. https://doi.org/10.3233/FAIA250491

Oliveira, Ítalo ; Nicoletti, Stefano M. ; Engelberg, Gal et al. / An Ontological Lens on Attack Trees : Toward Adequacy and Interoperability. Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. editor / Tiago Prince Sales ; Claudio Masolo ; C. Maria Keet. Amsterdam : IOS, 2025. pp. 151-165 (Frontiers in Artificial Intelligence and Applications).

@inproceedings{96314d8d151b4a41904201a0fdf2a6c8,

title = "An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability",

abstract = "Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker{\textquoteright}s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.",

keywords = "Code generation, Model transformations, Model-driven engineering, Ontology-driven software development, OntoUML",

author = "{\'I}talo Oliveira and Nicoletti, \{Stefano M.\} and Gal Engelberg and Mattia Fumagalli and Dan Klein and Giancarlo Guizzardi",

note = "Publisher Copyright: {\textcopyright} 2025 The Authors.; 15th Formal Ontology in Information Systems Conference, FOIS 2025 ; Conference date: 04-09-2025 Through 12-09-2025",

year = "2025",

month = aug,

day = "28",

doi = "10.3233/FAIA250491",

language = "English",

series = "Frontiers in Artificial Intelligence and Applications",

publisher = "IOS",

pages = "151--165",

editor = "Sales, \{Tiago Prince\} and Claudio Masolo and Keet, \{C. Maria\}",

booktitle = "Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025",

address = "Netherlands",

}

Oliveira, Í, Nicoletti, SM, Engelberg, G, Fumagalli, M, Klein, D & Guizzardi, G 2025, An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. in TP Sales, C Masolo & CM Keet (eds), Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. Frontiers in Artificial Intelligence and Applications, vol. 409, IOS, Amsterdam, pp. 151-165, 15th Formal Ontology in Information Systems Conference, FOIS 2025, Catania, Italy, 4/09/25. https://doi.org/10.3233/FAIA250491

An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. / Oliveira, Ítalo; Nicoletti, Stefano M.; Engelberg, Gal et al.
Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. ed. / Tiago Prince Sales; Claudio Masolo; C. Maria Keet. Amsterdam: IOS, 2025. p. 151-165 (Frontiers in Artificial Intelligence and Applications; Vol. 409).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - An Ontological Lens on Attack Trees

T2 - 15th Formal Ontology in Information Systems Conference, FOIS 2025

AU - Oliveira, Ítalo

AU - Nicoletti, Stefano M.

AU - Engelberg, Gal

AU - Fumagalli, Mattia

AU - Klein, Dan

AU - Guizzardi, Giancarlo

PY - 2025/8/28

Y1 - 2025/8/28

N2 - Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker’s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.

AB - Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker’s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.

KW - Code generation

KW - Model transformations

KW - Model-driven engineering

KW - Ontology-driven software development

KW - OntoUML

UR - https://www.scopus.com/pages/publications/105021218593

U2 - 10.3233/FAIA250491

DO - 10.3233/FAIA250491

M3 - Conference contribution

T3 - Frontiers in Artificial Intelligence and Applications

SP - 151

EP - 165

BT - Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025

A2 - Sales, Tiago Prince

A2 - Masolo, Claudio

A2 - Keet, C. Maria

PB - IOS

CY - Amsterdam

Y2 - 4 September 2025 through 12 September 2025

ER -

Oliveira Í, Nicoletti SM, Engelberg G, Fumagalli M, Klein D, Guizzardi G. An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. In Sales TP, Masolo C, Keet CM, editors, Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. Amsterdam: IOS. 2025. p. 151-165. (Frontiers in Artificial Intelligence and Applications). doi: 10.3233/FAIA250491

An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

An ontological lens on attack trees: Toward adequacy and interoperability

Cite this