Abstract
Attack and Defense Trees (ADT) constitute a formal modeling technique that has become dominant in recent years in the area of qualitative and quantitative cybersecurity analysis of ICT and digital control systems. A Weighted-ADT (WADT) is augmented with cost or impact attributes to evidence the most convenient attack sequence in terms of investment budget and provoked damage and to provide an indication on how to mitigate the located breaches by means of suitable countermeasures. The original analysis technique proposed in this paper is based on the representation of a WADT by means of an extension of Binary Decision Diagrams (BDD), called Multi Terminal Binary Decision Diagrams (MTBDD). MTBDDs allow the modeler to evaluate the probability distribution function of the cost and impact related to any possible attack scenario. A running example illustrates the methodology.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
