Saved in:
Bibliographic Details
Main Authors: Oliveira, Ítalo, Nicoletti, Stefano M., Engelberg, Gal, Fumagalli, Mattia, Klein, Dan, Guizzardi, Giancarlo
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.23841
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915365486854144
author Oliveira, Ítalo
Nicoletti, Stefano M.
Engelberg, Gal
Fumagalli, Mattia
Klein, Dan
Guizzardi, Giancarlo
author_facet Oliveira, Ítalo
Nicoletti, Stefano M.
Engelberg, Gal
Fumagalli, Mattia
Klein, Dan
Guizzardi, Giancarlo
contents Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker's goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER) -- a reference core ontology based on the Unified Foundational Ontology (UFO) -- we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.
format Preprint
id arxiv_https___arxiv_org_abs_2506_23841
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle An ontological lens on attack trees: Toward adequacy and interoperability
Oliveira, Ítalo
Nicoletti, Stefano M.
Engelberg, Gal
Fumagalli, Mattia
Klein, Dan
Guizzardi, Giancarlo
Cryptography and Security
Software Engineering
Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker's goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER) -- a reference core ontology based on the Unified Foundational Ontology (UFO) -- we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.
title An ontological lens on attack trees: Toward adequacy and interoperability
topic Cryptography and Security
Software Engineering
url https://arxiv.org/abs/2506.23841