@inproceedings{808e072f5fd54cd5941621da2bb63e54,
title = "Attack trees with sequential conjunction",
abstract = "We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND attack tree formalism increases the expressivity of attack trees by introducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.",
keywords = "Attack trees, SAND, Security modeling, Sequential operators",
author = "Ravi Jhawar and Barbara Kordy and Sjouke Mauw and Sa{\v s}a Radomirovi{\'c} and Rolando Trujillo-Rasua",
year = "2015",
doi = "10.1007/978-3-319-18467-8_23",
language = "English",
isbn = "9783319184661",
series = "IFIP Advances in Information and Communication Technology",
publisher = "Springer",
pages = "339--353",
editor = "Hannes Federrath and Dieter Gollmann",
booktitle = "ICT Systems Security and Privacy Protection",
note = "30th IFIP TC 11 International Information Security and Privacy Conference 2015, SEC 2015 ; Conference date: 26-05-2015 Through 28-05-2015",
}