We introduce and give formal definitions of attack-defense trees. We argue that these trees are a simple, yet powerful tool to analyze complex security and privacy problems. Our formalization is generic in the sense that it supports different semantical approaches. We present several semantics for attack-defense trees along with usage scenarios, and we show how to evaluate attributes.
展开▼