Abstract :
[en] Attack trees provide a systematic way of characterizing diverse
system threats. Their strengths arise from the combination of an intuitive
representation of possible attacks and availability of formal mathematical
frameworks for analyzing them in a qualitative or a quantitative
manner. Indeed, the mathematical frameworks have become a large focus
of attack tree research. However, practical applications of attack trees in
industry largely remain a tedious and error-prone exercise.
Recent research directions in attack trees, such as attack tree generation,
attempt to close this gap and to improve the attack tree state-of-thepractice.
In this position paper we outline the recurrent challenges in
manual tree design within industry, and we overview the recent research
results in attack trees that help the practitioners. For the challenges
that have not yet been addressed by the community, we propose new
promising research directions.
Scopus citations®
without self-citations
8