An attack tree is a useful analytical technique to model security threats and/or risks, and hence model attacks as actual realizations of the former. Research on attack trees have focused either on applying such trees to model various ranges of security systems, or on advancements to this technique in itself. In this paper, we revisit the notion of attack tree attribution, i.e. how explicit attribute values of child nodes are aggregated to form the attribute of the parent node, and propose a novel attribution approach. We then show using this approach within the context of analyzing the weakest links of security systems, how the weakest link may not necessarily always be so, but instead it depends on the existence of other stronger links within the system.

• 出版日期2011-7