Understanding Attacks: Modeling the outcome of Attack Tree analysis

Attack trees are used in structured approaches to describe all actions that an attacker must undertake to achieve a certain (malicious) goal. The analysis of such an attack tree provides insight in the vulnerabilities of this system. One way of attack tree analysis is the transformation of the attack tree into a priced timed automaton, and analysing this automaton with Uppaal. This approach generates a large amount of trace data, which is proof of the results that Uppaal provides. This trace data is undocumented and needs further parsing in order to gain usable information. These drawbacks make the isolation of information relevant to the attack tree rather cumbersome. This paper proposed a meta-model to model Uppaal and Uppaal trace data and shows that it is possible to build a compiler that compiles raw trace data into instances of this metamodel effectively. This paper also suggests how to derive insightful information and map this onto the original attack tree. This yields the original attack tree enriched with information derived from the trace data.