On Linear Logic, Functional Programming, and Attack Trees

  • Harley Eades IIIEmail author
  • Jiaming Jiang
  • Aubrey Bryant
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11086)


This paper has two main contributions. The first is a new linear logical semantics of causal attack trees in four-valued truth tables. Our semantics is very simple and expressive, supporting specializations, and supports the ideal semantics of causal attack trees, and partially supporting the filter semantics of causal attack trees. Our second contribution is Lina, a new embedded, in Haskell, domain specific functional programming language for conducting threat analysis using attack trees. Lina has many benefits over existing tools; for example, Lina allows one to specify attack trees very abstractly, which provides the ability to develop libraries of attack trees, furthermore, Lina is compositional, allowing one to break down complex attack trees into smaller ones that can be reasoned about and analyzed incrementally. Furthermore, Lina supports automatically proving properties of attack trees, such as equivalences and specializations, using Maude and the semantics introduced in this paper.



This work was supported by NSF award #1565557. We thank Clément Aubert for helpful discussions and feedback on previous drafts of this paper, and the anonymous reviewers whose recommendations made this a better paper.

Supplementary material


  1. 1.
    Camtepe, S.A., Yener, B.: Modeling and detection of complex attacks. In: Security and Privacy in Communications Networks, pp. 234–243, September 2007Google Scholar
  2. 2.
    Claessen, K., Hughes, J.: Quickcheck: a lightweight tool for random testing of haskell programs. SIGPLAN Not. 46(4), 53–64 (2011)CrossRefGoogle Scholar
  3. 3.
    Clavel, M., Durán, F., Eker, S., Lincoln, P., Martı-Oliet, N., Meseguer, J., Talcott, C.: Maude manual (version 2.1). SRI International, Menlo Park (2005)Google Scholar
  4. 4.
    Gadyatskaya, O., Trujillo-Rasua, R.: New directions in attack tree research: catching up with industrial needs. In: Liu, P., Mauw, S., Stølen, K. (eds.) GraMSec 2017. LNCS, vol. 10744, pp. 115–126. Springer, Cham (2018). Scholar
  5. 5.
    Horne, R., Mauw, S., Tiu, A.: Semantics for specialising attack trees based on linear logic. Fundam. Inform. 153(1–2), 57–86 (2017)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D. (eds.) SEC 2015. IAICT, vol. 455, pp. 339–353. Springer, Cham (2015). Scholar
  7. 7.
    Jones, S.P.: Haskell 98 Language and Libraries: The Revised Report. Cambridge University Press, Cambridge (2003)zbMATHGoogle Scholar
  8. 8.
    Kordy, B., Kordy, P., van den Boom, Y.: SPTool - equivalence checker for SAND attack trees. In: Cuppens, F., Cuppens, N., Lanet, J.-L., Legay, A. (eds.) CRiSIS 2016. LNCS, vol. 10158, pp. 105–113. Springer, Cham (2017). Scholar
  9. 9.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Foundations of attack–defense trees. In: Degano, P., Etalle, S., Guttman, J. (eds.) FAST 2010. LNCS, vol. 6561, pp. 80–95. Springer, Heidelberg (2011). Scholar
  10. 10.
    Kordy, B., Pouly, M., Schweitzer, P.: Computational aspects of attack–defense trees. In: Bouvry, P., Kłopotek, M.A., Leprévost, F., Marciniak, M., Mykowiecka, A., Rybiński, H. (eds.) SIIS 2011. LNCS, vol. 7053, pp. 103–116. Springer, Heidelberg (2012). Scholar
  11. 11.
    Kordy, B., Pouly, M., Schweitzer, P.: A probabilistic framework for security scenarios with dependent actions. In: Albert, E., Sekerinski, E. (eds.) IFM 2014. LNCS, vol. 8739, pp. 256–271. Springer, Cham (2014). Scholar
  12. 12.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006). Scholar
  13. 13.
    McDermott, J.P.: Attack net penetration testing. In: Proceedings of the 2000 Workshop on New Security Paradigms, NSPW 2000, pp. 15–21. ACM, New York (2000)Google Scholar
  14. 14.
    Norell, U.: Dependently typed programming in AGDA. In: Proceedings of the 4th International Workshop on Types in Language Design and Implementation, TLDI 2009, pp. 1–2. ACM, New York (2009)Google Scholar
  15. 15.
    Piètre-Cambacédès, L., ouissou, M.: Beyond attack trees: dynamic security modeling with Boolean logic driven Markov processes (BDMP). In: 2010 European on Dependable Computing Conference (EDCC), pp. 199–208, April 2010Google Scholar
  16. 16.
    Schneier, B.: Attack trees: modeling security threats. Dr. Dobb’s J. 24, 21–29 (1999)Google Scholar
  17. 17.
    Vazou, N., Seidel, E.L., Jhala, R., Vytiniotis, D., Peyton-Jones, S.: Refinement types for haskell. SIGPLAN Not. 49(9), 269–282 (2014)MathSciNetCrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Harley Eades III
    • 1
    Email author
  • Jiaming Jiang
    • 2
  • Aubrey Bryant
    • 1
  1. 1.Computer ScienceAugusta UniversityAugustaUSA
  2. 2.Computer ScienceNorth Carolina State UniversityRaleighUSA

Personalised recommendations