Attack trees provide a formal, methodical way of describing the security of systems, based on varying attacks. Attack trees can be generated over time by multiple participants who are each experts for a subset of the possible attacks. Attack trees for specific technologies such as public-key encryption could be a public resource. The formal representation of attacks also enables tools to both create and analyze the threats for a specific system. Such tool support may be required for large or complex attack trees. Attack trees capture attacks that are sequence events, but may not be appropriate for attacks that involve concurrent actions.
[1]
Andrew P. Moore,et al.
Attack Modeling for Information Security and Survivability
,
2001
.
[2]
Nancy G. Leveson,et al.
A systems-theoretic approach to safety in software-intensive systems
,
2004,
IEEE Transactions on Dependable and Secure Computing.
[3]
Paul Jones,et al.
Secrets and Lies: Digital Security in a Networked World
,
2002
.
[4]
D. Pinto.
Secrets and Lies: Digital Security in a Networked World
,
2003
.
[5]
Peter Neumann,et al.
Safeware: System Safety and Computers
,
1995,
SOEN.