A Unified Compositional View of Attack Tree Metrics
By: Benedikt Peterseim, Milan Lopuhaä-Zwakenberg
Potential Business Impact:
Makes computer security plans easier to understand.
Attack trees (ATs) are popular graphical models for reasoning about the security of complex systems, allowing for the quantification of risk through so-called AT metrics. A large variety of different such AT metrics have been proposed, and despite their wide-spread practical use, no systematic treatment of attack tree metrics so far is fully satisfactory. Existing approaches either fail to include important metrics, or they are too general to provide a useful systematic way for defining concrete AT metrics, giving only an abstract characterisation of their behaviour. We solve this problem by developing a compositional theory of ATs and their functorial semantics based on gs-monoidal categories. Viewing attack trees as string diagrams, we show that components of ATs form a channel category, a particular type of gs-monoidal category. AT metrics then correspond to functors of channel categories. This characterisation is both general enough to include all common AT metrics, and concrete enough to define AT metrics by their logical structure.
Similar Papers
Attack-Defense Trees with Offensive and Defensive Attributes (with Appendix)
Cryptography and Security
Helps protect computers by balancing attack and defense.
Empirical assessment of the perception of graphical threat model acceptability
Cryptography and Security
Helps people understand computer security risks better.
Attack Tree Distance: a practical examination of tree difference measurement within cyber security
Cryptography and Security
Compares computer attack plans to find similar threats.