Refinement-Aware Generation of Attack Trees

  • Olga Gadyatskaya
  • Ravi Jhawar
  • Sjouke Mauw
  • Rolando Trujillo-RasuaEmail author
  • Tim A. C. Willemse
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10547)


Attack trees allow a security analyst to obtain an overview of the potential vulnerabilities of a system. Due to their refinement structure, attack trees support the analyst in understanding the system vulnerabilities at various levels of abstraction. However, contrary to manually synthesized attack trees, automatically generated attack trees are often not refinement-aware, making subsequent human processing much harder. The generation of attack trees in which the refined nodes correspond to semantically relevant levels of abstraction is still an open question. In this paper, we formulate the attack-tree generation problem and propose a methodology to, given a system model, generate attack trees with meaningful levels of abstraction.



The research leading to these results has received funding from the European Union Seventh Framework Programme under grant agreement number 318003 (TREsPASS) and from the Fonds National de la Recherche Luxembourg under grant C13/IS/5809105 (ADT2P).


  1. [DH04]
    Dawkins, J., Hale, J.: A systematic approach to multi-stage network attack analysis. In: Proceedings of the Information Assurance Workshop. IEEE (2004)Google Scholar
  2. [FFG+16]
    Fraile, M., Ford, M., Gadyatskaya, O., Kumar, R., Stoelinga, M., Trujillo-Rasua, R.: Using attack-defense trees to analyze threats and countermeasures in an ATM: a case study. In: Horkoff, J., Jeusfeld, M.A., Persson, A. (eds.) PoEM 2016. LNBIP, vol. 267, pp. 326–334. Springer, Cham (2016). doi: 10.1007/978-3-319-48393-1_24 CrossRefGoogle Scholar
  3. [Gad15]
    Gadyatskaya, O.: How to generate security cameras: towards defence generation for socio-technical systems. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 50–65. Springer, Cham (2016). doi: 10.1007/978-3-319-29968-6_4 CrossRefGoogle Scholar
  4. [GG14]
    Gillis, N., Glineur, F.: A continuous characterization of the maximum-edge biclique problem. J. Global Optim. 58(3), 439–464 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  5. [GJK+16]
    Gadyatskaya, O., Jhawar, R., Kordy, P., Lounis, K., Mauw, S., Trujillo-Rasua, R.: Attack trees for practical security assessment: ranking of attack scenarios with ADTool 2.0. In: Agha, G., Van Houdt, B. (eds.) QEST 2016. LNCS, vol. 9826, pp. 159–162. Springer, Cham (2016). doi: 10.1007/978-3-319-43425-4_10 CrossRefGoogle Scholar
  6. [GLPS14]
    Ghani, H., Luna Garcia, J., Petkov, I., Suri, N.: User-centric security assessment of software configurations: a case study. In: Jürjens, J., Piessens, F., Bielova, N. (eds.) ESSoS 2014. LNCS, vol. 8364, pp. 196–212. Springer, Cham (2014). doi: 10.1007/978-3-319-04897-0_13 CrossRefGoogle Scholar
  7. [HKT13]
    Hong, J.B., Kim, D.S., Takaoka, T.: Scalable attack representation model using logic reduction techniques. In: Proceedings of the TrustCom. IEEE (2013)Google Scholar
  8. [IPHK15]
    Ivanova, M.G., Probst, C.W., Hansen, R.R., Kammüller, F.: Transforming graphical system models to graphical attack models. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 82–96. Springer, Cham (2016). doi: 10.1007/978-3-319-29968-6_6 CrossRefGoogle Scholar
  9. [JKM+15]
    Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). doi: 10.1007/978-3-319-18467-8_23 CrossRefGoogle Scholar
  10. [KMRS14]
    Kordy, B., Mauw, S., Radomirovic, S., Schweitzer, P.: Attack-defense trees. Oxford Univ. Press J. Logic Comput. 24(1), 55–87 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  11. [LMO15]
    Lenzini, G., Mauw, S., Ouchani, S.: Security analysis of socio-technical physical systems. Elsevier Comput. Electr. Eng. 47, 258–274 (2015)CrossRefGoogle Scholar
  12. [MO05]
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). doi: 10.1007/11734727_17 CrossRefGoogle Scholar
  13. [PAV14]
    Pinchinat, S., Acher, M., Vojtisek, D.: Towards synthesis of attack trees for supporting computer-aided risk analysis. In: Canal, C., Idani, A. (eds.) SEFM 2014. LNCS, vol. 8938, pp. 363–375. Springer, Cham (2015). doi: 10.1007/978-3-319-15201-1_24 Google Scholar
  14. [PAV15]
    Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Cham (2016). doi: 10.1007/978-3-319-29968-6_7 CrossRefGoogle Scholar
  15. [Pee03]
    Peeters, R.: The maximum edge biclique problem is NP-complete. Discrete Appl. Math. 131(3), 651–654 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  16. [RA00]
    Ritchey, R.W., Ammann, P.: Using model checking to analyze network vulnerabilities. In: Proceedings of the S&P Symposium, pp. 156–165. IEEE (2000)Google Scholar
  17. [RKT12]
    Roy, A., Kim, D.S., Trivedi, K.: Attack countermeasure trees (ACT): towards unifying the constructs of attack and defense trees. Secur. Commun. Netw. 5(8), 929–943 (2012)CrossRefGoogle Scholar
  18. [Sch99]
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
  19. [SHJ+02]
    Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the S&P Symposium, pp. 273–284. IEEE (2002)Google Scholar
  20. [Sho14]
    Shostack, A.: Threat Modeling: Designing for Security. Wiley, Hoboken (2014)Google Scholar
  21. [VNN14]
    Vigo, R., Nielsen, F., Nielson, H.R.: Automated generation of attack trees. In: Proceedings of the CSF, pp. 337–350. IEEE (2014)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Olga Gadyatskaya
    • 1
  • Ravi Jhawar
    • 1
    • 2
  • Sjouke Mauw
    • 1
  • Rolando Trujillo-Rasua
    • 1
    Email author
  • Tim A. C. Willemse
    • 3
  1. 1.SnT and University of LuxembourgEsch-sur-AlzetteLuxembourg
  2. 2.ILNASEsch-sur-AlzetteLuxembourg
  3. 3.Eindhoven University of TechnologyEindhovenThe Netherlands

Personalised recommendations