We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND at- tack tree formalism increases the expressivity of attack trees by intro- ducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events.
We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.
|Name||IFIP Advances in Information and Communication Technology|
|Conference||International Conference on ICT Systems Security and Privacy Protection, IFIPSEC 2015|
|Period||26/05/15 → 28/05/15|
|Other||26-28 May 2015|
- EC Grant Agreement nr.: FP7/2007-2013
- EC Grant Agreement nr.: FP7/318003