Cost-damage analysis of attack trees. (arXiv:2304.05812v1 [cs.CR])

Attack trees (ATs) are a widely deployed modelling technique to categorize
potential attacks on a system. An attacker of such a system aims at doing as
much damage as possible, but might be limited by a cost budget. The maximum
possible damage for a given cost budget is an important security metric of a
system. In this paper, we find the maximum damage given a cost budget by
modelling this problem with ATs, both in deterministic and probabilistic
settings. We …

analysis attack attacks budget cost doing find general important problem security settings system trees