On the Soundness of Attack Trees

  • Maxime AudinotEmail author
  • Sophie PinchinatEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9987)


We formally define three notions of soundness of an attack tree w.r.t. the system it refers to: admissibility, consistency, and completeness. The system is modeled as a labeled transition system and the attack is provided with semantics in terms of paths of the transition system. We show complexity results on the three notions of soundness, and the influence of the operators that are in the attack tree (see the recap in Fig. 5).


Decision Problem Transition System Internal Node Atomic Proposition Label Transition System 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Clarke, E.M., Emerson, A.E.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs. LNCS, vol. 131, pp. 52–71. Springer, Heidelberg (1981)CrossRefGoogle Scholar
  2. 2.
    Cook, S.A.: The complexity of theorem-proving procedures. In: Conference Record of Third Annual ACM Symposium on Theory of Computing, Shaker Heights, Ohio, 3–5 May 1971, pp. 151–158 (1971)Google Scholar
  3. 3.
    Garey, M.R., Johnson, D.S.: Computers and Intractability. A Guide to the Theory of NP-Completeness. Freeman, New York (1979)zbMATHGoogle Scholar
  4. 4.
    Jhawar, R., Kordy, B., Mauw, S., Radomirović, S., Trujillo-Rasua, R.: Attack trees with sequential conjunction. In: Federrath, H., Gollmann, D., Chakravarthy, S.R. (eds.) SEC 2015. IFIP AICT, vol. 455, pp. 339–353. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-18467-8_23 CrossRefGoogle Scholar
  5. 5.
    Kordy, B., Mauw, S., Radomirović, S., Schweitzer, P.: Attack-defense trees. J. Logic Comput. 24(1), 55–87 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Lenzini, G., Mauw, S., Ouchani, S.: Security analysis of socio-technical physical systems. Comput. Electr. Eng. 47, 258–274 (2015)CrossRefGoogle Scholar
  7. 7.
    Pinchinat, S., Acher, M., Vojtisek, D.: ATSyRa: an integrated environment for synthesizing attack trees. In: Mauw, S., Kordy, B., Jajodia, S. (eds.) GraMSec 2015. LNCS, vol. 9390, pp. 97–101. Springer, Heidelberg (2016). doi: 10.1007/978-3-319-29968-6_7 CrossRefGoogle Scholar
  8. 8.
    Schneier, B.: Attack trees. Dr. Dobb’s J. Softw. Tools 24(12), 21–29 (1999)Google Scholar
  9. 9.
    Schnoebelen, P.: The complexity of temporal logic model checking. Adv. Modal Logic 4(393–436), 35 (2002)Google Scholar
  10. 10.
    Stockmeyer, L.J.: The polynomial-time hierarchy. Theoret. Comput. Sci. 3(1), 1–22 (1976)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.IRISA, Campus de BeaulieuRennes CedexFrance

Personalised recommendations