A graph-based system for network-vulnerability analysis
Proceedings of the 1998 workshop on New security paradigms
Formal Models for Computer Security
ACM Computing Surveys (CSUR)
Attack net penetration testing
Proceedings of the 2000 workshop on New security paradigms
Proceedings of the 2002 ACM symposium on Applied computing
Secrets & Lies: Digital Security in a Networked World
Secrets & Lies: Digital Security in a Networked World
A risk-driven security analysis method and modelling language
BT Technology Journal
Computing Exact Outcomes of Multi-parameter Attack Trees
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Proceedings of the 46th Annual Southeast Regional Conference on XX
An Approach to Security Policy Configuration Using Semantic Threat Graphs
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
International Journal of Security and Networks
Processing multi-parameter attacktrees with estimated parameter values
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Application of the pagerank algorithm to alarm graphs
ICICS'07 Proceedings of the 9th international conference on Information and communications security
Unified modeling of attacks, vulnerabilities and security activities
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Cyber security analysis using attack countermeasure trees
Proceedings of the Sixth Annual Workshop on Cyber Security and Information Intelligence Research
Serial model for attack tree computations
ICISC'09 Proceedings of the 12th international conference on Information security and cryptology
Attack and defense modeling with BDMP
MMM-ACNS'10 Proceedings of the 5th international conference on Mathematical methods, models and architectures for computer network security
Optimal adversary behavior for the serial model of financial attack trees
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Analyzing the security in the GSM radio network using attack jungles
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part I
Attack-defense trees and two-player binary zero-sum extensive form games are equivalent
GameSec'10 Proceedings of the First international conference on Decision and game theory for security
Explanation and trust: what to tell the user in security and AI?
Ethics and Information Technology
Foundations of attack-defense trees
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
A simulation-driven approach for assessing risks of complex systems
EWDC '11 Proceedings of the 13th European Workshop on Dependable Computing
Modeling security attacks with statecharts
Proceedings of the joint ACM SIGSOFT conference -- QoSA and ACM SIGSOFT symposium -- ISARCS on Quality of software architectures -- QoSA and architecting critical systems -- ISARCS
Technical Communication: Attribution of attack trees
Computers and Electrical Engineering
Reducing normative conflicts in information security
Proceedings of the 2011 workshop on New security paradigms workshop
Rational choice of security measures via multi-parameter attack trees
CRITIS'06 Proceedings of the First international conference on Critical Information Infrastructures Security
Privacy analysis using ontologies
Proceedings of the second ACM conference on Data and Application Security and Privacy
On fast and approximate attack tree computations
ISPEC'10 Proceedings of the 6th international conference on Information Security Practice and Experience
Towards Trustworthy Elections
An analysis of cyclical interdependencies in critical infrastructures
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Attack modeling of SIP-Oriented SPIT
CRITIS'07 Proceedings of the Second international conference on Critical Information Infrastructures Security
Prioritizing countermeasures through the countermeasure method for software security (CM-Sec)
PROFES'10 Proceedings of the 11th international conference on Product-Focused Software Process Improvement
Computational aspects of attack---defense trees
SIIS'11 Proceedings of the 2011 international conference on Security and Intelligent Information Systems
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees
Security and Communication Networks
A move in the security measurement stalemate: elo-style ratings to quantify vulnerability
Proceedings of the 2012 workshop on New security paradigms
Point-and-shoot security design: can we build better tools for developers?
Proceedings of the 2012 workshop on New security paradigms
Attribute Decoration of Attack-Defense Trees
International Journal of Secure Software Engineering
Quantitative survivability evaluation of three virtual machine-based server architectures
Journal of Network and Computer Applications
Quantitative questions on attack: defense trees
ICISC'12 Proceedings of the 15th international conference on Information Security and Cryptology
Obligations to enforce prohibitions: on the adequacy of security policies
Proceedings of the 6th International Conference on Security of Information and Networks
ADTool: security analysis with attack---defense trees
QEST'13 Proceedings of the 10th international conference on Quantitative Evaluation of Systems
Go with the flow: toward workflow-oriented security assessment
Proceedings of the 2013 workshop on New security paradigms workshop
Constructing test cases for n-wise testing from tree-based test models
Proceedings of the Fourth Symposium on Information and Communication Technology
Hi-index | 0.00 |
Attack trees have found their way to practice because they have proved to be an intuitive aid in threat analysis. Despite, or perhaps thanks to, their apparent simplicity, they have not yet been provided with an unambiguous semantics. We argue that such a formal interpretation is indispensable to precisely understand how attack trees can be manipulated during construction and analysis. We provide a denotational semantics, based on a mapping to attack suites, which abstracts from the internal structure of an attack tree, we study transformations between attack trees, and we study the attribution and projection of an attack tree.