title: How do you talk about attack trees?
keywords: Attack trees, Logic
topics: Dependability, security and performance , Logics and semantics
committee: Mariëlle Stoelinga ,
Stefano Schivo


Cyber-security is a hot topic: the continuous struggle between (malicious) hackers and ICT personnel sees alternating success, with new exploits and patches developed on a daily basis. But let's zoom out a little and look at the big picture: how does one attack a particular system, and with which objectives? Attack Trees are an increasingly popular way to collect ideas and reason about how important assets can be targeted by a malicious attacker. With them, we are able to synthetically describe many possible attack routes, and help decide how to improve a system's security by estimating where the highest risks lie. Many tools have been developed to analyse different aspects of Attack Trees, however we still miss a language that can do what SQL did for databases: allow the user to ask useful and specific queries about a model without the need to refer to a particular implementation or underlying tool. For example, it would be interesting to know the top-10 most dangerous attack routes threatening the confidentiality of a company's client data, or what is the most efficient way (in terms of cost, or time) to hack a particular ship's navigation system.

We propose to investigate the design of a query logic for Attack Trees. This would allow security experts to seamlessly and transparently analyse a single model with different tools and methods.