{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,2]],"date-time":"2025-09-02T16:10:09Z","timestamp":1756829409755,"version":"3.44.0"},"reference-count":0,"publisher":"IOS Press","isbn-type":[{"value":"9781643686172","type":"electronic"}],"license":[{"start":{"date-parts":[[2025,8,28]],"date-time":"2025-08-28T00:00:00Z","timestamp":1756339200000},"content-version":"unspecified","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by-nc\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2025,8,28]]},"abstract":"<jats:p>Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker\u2019s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)\u2014 a reference core ontology based on the Unified Foundational Ontology (UFO)\u2014 we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.<\/jats:p>","DOI":"10.3233\/faia250491","type":"book-chapter","created":{"date-parts":[[2025,9,2]],"date-time":"2025-09-02T15:33:43Z","timestamp":1756827223000},"source":"Crossref","is-referenced-by-count":0,"title":["An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability"],"prefix":"10.3233","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-2384-3081","authenticated-orcid":false,"given":"\u00cdtalo","family":"Oliveira","sequence":"first","affiliation":[{"name":"Semantics, Cybersecurity, & Services (SCS), University of Twente, Enschede, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-5522-4798","authenticated-orcid":false,"given":"Stefano Maria","family":"Nicoletti","sequence":"additional","affiliation":[{"name":"Formal Methods and Tools (FMT), University of Twente, Enschede, The Netherlands"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9021-9740","authenticated-orcid":false,"given":"Gal","family":"Engelberg","sequence":"additional","affiliation":[{"name":"University of Haifa, Haifa, Israel"},{"name":"Accenture, The Center of Advanced AI, EMEA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3385-4769","authenticated-orcid":false,"given":"Mattia","family":"Fumagalli","sequence":"additional","affiliation":[{"name":"KRDB Research Centre on Knowledge and Data, Free University of Bozen-Bolzan, Bolzano, Italy"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8881-1902","authenticated-orcid":false,"given":"Dan","family":"Klein","sequence":"additional","affiliation":[{"name":"Accenture, The Center of Advanced AI, EMEA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3452-553X","authenticated-orcid":false,"given":"Giancarlo","family":"Guizzardi","sequence":"additional","affiliation":[{"name":"Semantics, Cybersecurity, & Services (SCS), University of Twente, Enschede, The Netherlands"}]}],"member":"7437","container-title":["Frontiers in Artificial Intelligence and Applications","Formal Ontology in Information Systems"],"original-title":[],"link":[{"URL":"https:\/\/ebooks.iospress.nl\/pdf\/doi\/10.3233\/FAIA250491","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,9,2]],"date-time":"2025-09-02T15:33:43Z","timestamp":1756827223000},"score":1,"resource":{"primary":{"URL":"https:\/\/ebooks.iospress.nl\/doi\/10.3233\/FAIA250491"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,8,28]]},"ISBN":["9781643686172"],"references-count":0,"URL":"https:\/\/doi.org\/10.3233\/faia250491","relation":{},"ISSN":["0922-6389","1879-8314"],"issn-type":[{"value":"0922-6389","type":"print"},{"value":"1879-8314","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,8,28]]}}}