Kordy, Barbara[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Mauw, Sjouke[University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC) >]
Radomirovic, Sasa[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
Schweitzer, Patrick[University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT) > >]
[en] Attack-Defense Trees ; Attack Trees ; Security Assessment ; Attributes ; Countermeasures ; Complete Set of Axioms ; Semantics
[en] Attack-defense trees are a novel methodology for graphical security modeling and assessment. They extend the well known formalism of attack trees by allowing nodes that represent defensive measures to appear at any level of the tree. This enlarges the modeling capabilities of
attack trees and makes the new formalism suitable for representing interactions between an attacker and a defender. Our formalization supports different semantical approaches for which we provide usage scenarios. We also formalize how to quantitatively analyze attack and defense scenarios using attributes.