New Efficient Utility Upper Bounds for the Fully Adaptive Model of Attack Trees

  • Ahto Buldas
  • Aleksandr Lenin
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8252)


We present a new fully adaptive computational model for attack trees that allows attackers to repeat atomic attacks if they fail and to play on if they are caught and have to pay penalties. The new model allows safer conclusions about the security of real-life systems and is somewhat (computationally) easier to analyze. We show that in the new model optimal strategies always exist and finding the optimal strategy is (just) an np-complete problem. We also present methods to compute adversarial utility estimation and utility upper bound approximated estimation using a bottom-up approach.




Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Buldas, A., Laud, P., Priisalu, J., Saarepera, M., Willemson, J.: Rational choice of security measures via multi-parameter attack trees. In: López, J. (ed.) CRITIS 2006. LNCS, vol. 4347, pp. 235–248. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Buldas, A., Mägi, T.: Practical security analysis of e-voting systems. In: Miyaji, A., Kikuchi, H., Rannenberg, K. (eds.) IWSEC 2007. LNCS, vol. 4752, pp. 320–335. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Buldas, A., Stepanenko, R.: Upper bounds for adversaries’ utility in attack trees. In: Grossklags, J., Walrand, J. (eds.) GameSec 2012. LNCS, vol. 7638, pp. 98–117. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Jürgenson, A., Willemson, J.: Computing exact outcomes of multi-parameter attack trees. In: Meersman, R., Tari, Z. (eds.) OTM 2008, Part II. LNCS, vol. 5332, pp. 1036–1051. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Jürgenson, A., Willemson, J.: Serial model for attack tree computations. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 118–128. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Jürgenson, A., Willemson, J.: Efficient Semantics of Parallel and Serial Models of Attack Trees, TUT (2010)Google Scholar
  7. 7.
    Luby, M.: Pseudorandomness and Cryptographic Applications. In: Hanson, D.R., Tarjan, R.E. (eds.) Princeton Computer Science Notes. Princeton University Press (1996)Google Scholar
  8. 8.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Niitsoo, M.: Optimal adversary behavior for the serial model of financial attack trees. In: Echizen, I., Kunihiro, N., Sasaki, R. (eds.) IWSEC 2010. LNCS, vol. 6434, pp. 354–370. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2013

Authors and Affiliations

  • Ahto Buldas
    • 1
    • 2
    • 3
  • Aleksandr Lenin
    • 1
    • 3
  1. 1.Cybernetica ASEstonia
  2. 2.Guardtime ASEstonia
  3. 3.Tallinn University of TechnologyEstonia

Personalised recommendations