Risk Assessment with Attack Trees: From Formalism to Research Outlook

  • Name:

    Risk Assessment with Attack Trees: From Formalism to Research Outlook

  • Venue:

    252 / BBB

  • Date:

    2025-11-11

  • Speaker:

    Clemens Fruböse

  • Time:

    15:45

  • Quantifying risk by relying on assumptions and (mathematically) proving security within those boundaries is a well-established approach. While this method is appealing due to its rigor, it is not always applicable to broader or more practical risk assessment scenarios.
    In such cases, models like attack trees are often proposed, as they are more closely aligned with real-world risk assessment problems. In this talk, I will provide an overview of the attack tree formalism, tracing its evolution from early fault trees to attack-defense trees and their various extensions. I will discuss how these models are used to conduct risk assessments, which types of computations are meaningful within this framework, and how we can leverage them for our specific purposes.
    Finally, I will offer an outlook on current research in this field and provide a qualitative evaluation of emerging approaches.