Attack trees with sequential conjunction

Ravi Jhawar, Barbara Kordy*, Sjouke Mauw, Saša Radomirović, Rolando Trujillo-Rasua

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contribution

80 Citations (Scopus)


We provide the first formal foundation of SAND attack trees which are a popular extension of the well-known attack trees. The SAND attack tree formalism increases the expressivity of attack trees by introducing the sequential conjunctive operator SAND. This operator enables the modeling of ordered events. We give a semantics to SAND attack trees by interpreting them as sets of series-parallel graphs and propose a complete axiomatization of this semantics. We define normal forms for SAND attack trees and a term rewriting system which allows identification of semantically equivalent trees. Finally, we formalize how to quantitatively analyze SAND attack trees using attributes.

Original languageEnglish
Title of host publicationICT Systems Security and Privacy Protection
Subtitle of host publicationSEC 2015
EditorsHannes Federrath, Dieter Gollmann
Number of pages15
ISBN (Electronic)9783319184678
ISBN (Print)9783319184661
Publication statusPublished - 2015
Event30th IFIP TC 11 International Information Security and Privacy Conference 2015 - Hamburg, Germany
Duration: 26 May 201528 May 2015

Publication series

NameIFIP Advances in Information and Communication Technology
ISSN (Print)1868-4238


Conference30th IFIP TC 11 International Information Security and Privacy Conference 2015
Abbreviated titleSEC 2015


  • Attack trees
  • SAND
  • Security modeling
  • Sequential operators

ASJC Scopus subject areas

  • Information Systems
  • Computer Networks and Communications
  • Information Systems and Management


Dive into the research topics of 'Attack trees with sequential conjunction'. Together they form a unique fingerprint.

Cite this