Reference : Quantitative Questions on Attack-Defense Trees
Scientific congresses, symposiums and conference proceedings : Paper published in a book
Engineering, computing & technology : Computer science
Quantitative Questions on Attack-Defense Trees
Kordy, Barbara mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Mauw, Sjouke mailto [University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Schweitzer, Patrick mailto [University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Information Security and Cryptology - ICISC 2012 - 15th International Conference, Seoul, Korea, November 28-30, 2012, Revised Selected Papers
LNCS 7839
International Conference on Information Security and Cryptology
28-30 November, 2012
[en] Attack Trees ; Attack-Defense Trees ; Graphical Security Modeling ; Attributes
[en] Attack-defense trees are a novel methodology for graphical security modeling and assessment. The methodology includes intuitive and formal components that can be used for quantitative analysis of attack-defense scenarios. In practice, we use intuitive questions to ask about aspects of scenarios we are interested in. Formally, a computational procedure, using a bottom-up algorithm, is applied to derive the corresponding numerical values. This paper bridges the gap between the intuitive and the formal way of quantitatively assessing attack-defense scenarios. We discuss how to properly specify a question, so that it can be answered unambiguously. Given a well-specified question, we then show how to derive an appropriate attribute domain which constitutes the corresponding formal model.
Extended version available at

File(s) associated to this reference

Fulltext file(s):

Limited access
chp%3A10.1007%2F978-3-642-37682-5_5.pdfPublisher postprint298.37 kBRequest a copy

Bookmark and Share SFX Query

All documents in ORBilu are protected by a user license.