Transactions of Tianjin University

, Volume 15, Issue 3, pp 162–167 | Cite as

Threat modeling-oriented attack path evaluating algorithm

  • Xiaohong Li (李晓红)Email author
  • Ran Liu (刘 然)
  • Zhiyong Feng (冯志勇)
  • Ke He (何 可)


In order to evaluate all attack paths in a threat tree, based on threat modeling theory, a weight distribution algorithm of the root node in a threat tree is designed, which computes threat coefficients of leaf nodes in two ways including threat occurring possibility and the degree of damage. Besides, an algorithm of searching attack path was also obtained in accordence with its definition. Finally, an attack path evaluation system was implemented which can output the threat coefficients of the leaf nodes in a target threat tree, the weight distribution information, and the attack paths. An example threat tree is given to verify the effectiveness of the algorithms.


attack tree attack path threat modeling threat coefficient attack path evaluation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    Viega J, Messier M. Security is harder than you think [J]. ACM Queue, 2004, 2(5): 60–65.CrossRefGoogle Scholar
  2. [2]
    McGraw G. Software security [J]. IEEE Security and Privacy, 2004, 2(2): 80–83.CrossRefGoogle Scholar
  3. [3]
    Anderson R. Software security: State of the art [J]. IEEE Security and Privacy, 2007, 5(1): 8.CrossRefGoogle Scholar
  4. [4]
    Redwine S T. Workshop on secure software engineering education and training [C]. In: Proceedings of Software Engineering Education and Training. Hawaii, USA, 2006. 245.Google Scholar
  5. [5]
    Peine H. Rules of thumb for secure software engineering [C]. In: Proceedings of the 27th International Conference on Software Engineering. St. Louis, USA, 2005. 702–703.Google Scholar
  6. [6]
    Davis N. Secure Software Development Life Cycle Processes: A Technology Scouting Report [R]. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, 2005.Google Scholar
  7. [7]
    Schenier B. Attack trees: Modeling security threats [J]. Dr. Dobb’s Journal, 1999, 12(24): 21–29.Google Scholar
  8. [8]
    Mauw S. Foundations of Attack Trees [EB/OL]., 2005-06-11.
  9. [9]
    Moore A P, Ellison R J, Linger R C. Attack Modeling for Information Security and Survivability [R]. Software Engineering Institute, Carnegie Mellon University, Pittsburgh, 2001.Google Scholar
  10. [10]
    Dalton G C, Mills R F, Colombi J M et al. Analyzing attack trees using generalized stochastic Petri nets [C]. In: Proceedings of IEEE Workshop on Information Assurance. USA, 2006. 116–123.Google Scholar
  11. [11]
    Amenaza Technologies Limited. Hostile Risk Decisions and Capability-based Analysis [EB/OL]., 2005-04-12.
  12. [12]
    Microsoft ACE Team. Microsoft Threat Analysis and Modeling [EB/OL]., 2006-01-05.
  13. [13]
    Michael Howard, David LeBlanc. Writing Secure Code [M]. 2nd Ed. Microsoft Press, Washington DC, 2002. 43–53.Google Scholar
  14. [14]
    Li X H, He K. A unified threat model for assessing threat in web application [C]. In: Proceedings of the Second International Conference on Information Security and Assurance. Korea, 2008. 142–145Google Scholar
  15. [15]
    Filev D P, Yager R R. On the issue of obtaining OWA operator weights [J]. Fuzzy Sets and Systems, 1998, 94(2): 157–169.CrossRefMathSciNetGoogle Scholar

Copyright information

© Tianjin University and Springer-Verlag GmbH 2009

Authors and Affiliations

  • Xiaohong Li (李晓红)
    • 1
    Email author
  • Ran Liu (刘 然)
    • 1
  • Zhiyong Feng (冯志勇)
    • 1
  • Ke He (何 可)
    • 1
  1. 1.School of Computer Science and TechnologyTianjin UniversityTianjinChina

Personalised recommendations