Rational Choice of Security Measures Via Multi-parameter Attack Trees

  • Ahto Buldas
  • Peeter Laud
  • Jaan Priisalu
  • Märt Saarepera
  • Jan Willemson
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4347)


We present a simple risk-analysis based method for studying the security of institutions against rational (gain-oriented) attacks. Our method uses a certain refined form of attack-trees that are used to estimate the cost and the success probability of attacks. We use elementary game theory to decide whether the system under protection is a realistic target for gain-oriented attackers. Attacks are considered unlikely if their cost is not worth their benefits for the attackers. We also show how to decide whether the investments into security are economically justified. We outline the new method and show how it can be used in practice by going through a realistic example.


Rational Choice Success Probability Information Security Child Node Security Measure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Geer, D., Hoo, K.S., Jaquith, A.: Information security: Why the future belongs to the quants. IEEE Security and Privacy 1(4), 24–32 (2003)CrossRefGoogle Scholar
  2. 2.
    Sonnenreich, W., Albanese, J., Stout, B.: Return On Security Investment (ROSI) – A practical quantitative model. Journal of Research and Practice in Information Technology 38(1), 55–66 (2006)Google Scholar
  3. 3.
    Desmedt, Y.: Potential impacts of a growing gap between theory and practice in information security. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 532–536. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Meritt, J.W.: A method for quantitative risk analysis. In: Proceedings of the 22nd National Information Systems Security Conference (1999)Google Scholar
  5. 5.
    Vesely, W.E., Goldberg, F.F., Roberts, N.H., Haasl, D.F.: Fault Tree Handbook. US Government Printing Office. Systems and Reliability Research, Office of Nuclear Regulatory Research, U.S. Nuclear Regulatory Commission (January 1981)Google Scholar
  6. 6.
    Viega, J., McGraw, G.: Building Secure Software: How to Avoid Security Problems the Right Way. Addison Wesley Professional, Reading (2001)Google Scholar
  7. 7.
    Moore, A.P., Ellison, R.J., Linger, R.C.: Attack modeling for information security and survivability. Technical Report CMU/SEI-2001-TN-001, Software Engineering Institute (2001)Google Scholar
  8. 8.
    Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal 24(12), 21–29 (1999)Google Scholar
  9. 9.
    Schneier, B.: Secrets & Lies. Digital Security in a Networked World. John Wiley & Sons, Chichester (2000)Google Scholar
  10. 10.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Opel, A.: Design and implementation of a support tool for attack trees. Technical report, Otto-von-Guericke University. Internship Thesis (March 2005)Google Scholar
  12. 12.
    Liu, P., Zang, W., Yu, M.: Incentive-Based Modeling and Inference of Attacker Intent, Objectives and Strategies. ACM Transactions on Information and Systems Security 8(1), 78–118 (2005)CrossRefGoogle Scholar
  13. 13.
    Schechter, S.E.: Computer Security Strength & Risk: A Quantitative Approach. PhD thesis, Harvard University (2004)Google Scholar
  14. 14.
    2004 E-CrimeWatch Survey. Summary of Findings. Conducted by CSO magazine in cooperation with the U.S. Secret Service & CERT Coordination Center (2004), Available at:
  15. 15.
    Cohen, G.: The role of attack simulation in automating security risk management. Information Systems Control Journal 1, 51–54 (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
    • 3
  • Peeter Laud
    • 1
    • 2
  • Jaan Priisalu
    • 4
  • Märt Saarepera
    • 5
  • Jan Willemson
    • 1
    • 2
  1. 1.CyberneticaTallinnEstonia
  2. 2.University of TartuTartuEstonia
  3. 3.Tallinn University of TechnologyTallinnEstonia
  4. 4.HansapankTallinnEstonia
  5. 5.Independent researcher 

Personalised recommendations