Formalising attack trees to support economic analysis

Andrew C. Simpson, Matthias Dellago, Daniel W. Woods

Research output: Contribution to journalArticlepeer-review


Attack trees and attack graphs are both examples of what one might term attack modelling techniques. The primary purpose of such techniques is to help establish and enumerate the ways in which a system could be compromised; as such, they play a key role in the (security) risk analysis process. Given their role and the consequent need to ensure that they are correct, there are good reasons for capturing such artefacts in a formal manner. We describe such a formal approach, which has been motivated by a desire to model attacks from the perspectives of attackers, to support economic analysis. As an illustration, we consider exploitation cost.
Original languageEnglish
Article numberbxac170
Number of pages16
JournalThe Computer Journal
Early online date30 Nov 2022
Publication statusE-pub ahead of print - 30 Nov 2022


  • Attack Trees
  • Formal Modelling
  • Z
  • Information Security Economics


Dive into the research topics of 'Formalising attack trees to support economic analysis'. Together they form a unique fingerprint.

Cite this