Abstract
Attack Trees (ATs) are a widely used tool for security analysis. ATs can be employed in quantitative security analysis through metrics, which assign a security value to an AT. Many different AT metrics exist, and there exist multiple general definitions that aim to study a wide variety of AT metrics at once. However, these all have drawbacks: they do not capture all metrics, and they do not easily generalize to extensions of ATs. In this paper, we introduce a definition of AT metrics based on category theory, specifically operad algebras. This encompasses all previous definitions of AT metrics, and is easily generalized to extensions of ATs. Furthermore, we show that under easily expressed operad-theoretic conditions, existing metric calculation algorithms can be extended in considerable generality.
| Original language | English |
|---|---|
| Title of host publication | Proceedings - 2024 IEEE 37th Computer Security Foundations Symposium, CSF 2024 |
| Publisher | IEEE |
| Pages | 665-679 |
| Number of pages | 15 |
| ISBN (Electronic) | 9798350362039 |
| DOIs | |
| Publication status | Published - 20 Sept 2024 |
| Event | 37th IEEE Computer Security Foundations Symposium, CSF 2024 - Enschede, Netherlands Duration: 8 Jul 2024 → 12 Jul 2024 Conference number: 37 |
Publication series
| Name | Proceedings - IEEE Computer Security Foundations Symposium |
|---|---|
| ISSN (Print) | 1940-1434 |
Conference
| Conference | 37th IEEE Computer Security Foundations Symposium, CSF 2024 |
|---|---|
| Abbreviated title | CSF 2024 |
| Country/Territory | Netherlands |
| City | Enschede |
| Period | 8/07/24 → 12/07/24 |
Keywords
- 2025 OA procedure
- category theory
- operads
- security analysis
- Attack trees