{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,7]],"date-time":"2026-05-07T10:51:34Z","timestamp":1778151094065,"version":"3.51.4"},"reference-count":59,"publisher":"MDPI AG","issue":"9","license":[{"start":{"date-parts":[[2023,8,29]],"date-time":"2023-08-29T00:00:00Z","timestamp":1693267200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Information"],"abstract":"<jats:p>Systems that integrate cyber and physical aspects to create cyber-physical systems (CPS) are becoming increasingly complex, but demonstrating the security of CPS is hard and security is frequently compromised. These compromises can lead to safety failures, putting lives at risk. Attack Defense Trees with sequential conjunction (ADS) are an approach to identifying attacks on a system and identifying the interaction between attacks and the defenses that are present within the CPS. We present a semantic model for ADS and propose a methodology for generating ADS automatically. The methodology takes as input a CPS system model and a library of templates of attacks and defenses. We demonstrate and validate the effectiveness of the ADS generation methodology using an example from the automotive domain.<\/jats:p>","DOI":"10.3390\/info14090481","type":"journal-article","created":{"date-parts":[[2023,8,30]],"date-time":"2023-08-30T10:09:49Z","timestamp":1693390189000},"page":"481","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":7,"title":["Formal Template-Based Generation of Attack\u2013Defence Trees for Automated Security Analysis"],"prefix":"10.3390","volume":"14","author":[{"given":"Jeremy","family":"Bryans","sequence":"first","affiliation":[{"name":"Systems Security Group, Centre for Future Transport and Cities, Coventry University, Coventry CV1 5FB, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Lin Shen","family":"Liew","sequence":"additional","affiliation":[{"name":"iTrust, Singapore University of Technology and Design, Singapore 487372, Singapore"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0260-1697","authenticated-orcid":false,"given":"Hoang Nga","family":"Nguyen","sequence":"additional","affiliation":[{"name":"Systems Security Group, Department of Computer Science, Swansea University, Swansea SA1 8EN, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1183-7001","authenticated-orcid":false,"given":"Giedre","family":"Sabaliauskaite","sequence":"additional","affiliation":[{"name":"Systems Security Group, Department of Computer Science, Swansea University, Swansea SA1 8EN, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Siraj Ahmed","family":"Shaikh","sequence":"additional","affiliation":[{"name":"Systems Security Group, Department of Computer Science, Swansea University, Swansea SA1 8EN, UK"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2023,8,29]]},"reference":[{"key":"ref_1","unstructured":"Schneier, B. (2023, July 01). AT: Modeling Security Threats. Available online: https:\/\/www.schneier.com\/academic\/archives\/1999\/12\/attack_trees.html."},{"key":"ref_2","unstructured":"(2021). Road Vehicles\u2014Cybersecurity Engineering (Standard No. BS ISO\/SAE 21434:2021)."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cosrev.2014.07.001","article-title":"DAG-based attack and defense modeling: Don\u2019t miss the forest for the attack trees","volume":"13\u201314","author":"Kordy","year":"2014","journal-title":"Comput. Sci. Rev."},{"key":"ref_4","first-page":"325","article-title":"On Quantitative Analysis of Attack\u2013Defense Trees with Repeated Labels","volume":"Volume 10804","author":"Bauer","year":"2018","journal-title":"Principles of Security and Trust"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Arnold, F., Hermanns, H., Pulungan, R., and Stoelinga, M. (2014, January 5\u201313). Time-dependent analysis of attacks. Proceedings of the Third International Conference on Principles and Security of Trust, POST 2014, Grenoble, France.","DOI":"10.1007\/978-3-642-54792-8_16"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"339","DOI":"10.1007\/978-3-319-18467-8_23","article-title":"Attack Trees with Sequential Conjunction","volume":"Volume 455","author":"Jhawar","year":"2015","journal-title":"ICT Systems Security and Privacy Protection"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Ivanova, M.G., Probst, C.W., Hansen, R., and Kamm\u00fcller, F. (2015, January 13). Transforming graphical system models to graphical attack models. Proceedings of the Second International Workshop, GraMSec 2015, Verona, Italy.","DOI":"10.1007\/978-3-319-29968-6_6"},{"key":"ref_8","unstructured":"Lee, D., and Hong, S. (2009, January 2\u20134). Serial Model for Attack Tree Computations. Proceedings of the 12th International Conference, Seoul, Republic of Korea."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Pi\u00e8tre-Cambac\u00e9d\u00e8s, L., and Bouissou, M. (2010, January 28\u201330). Beyond Attack Trees: Dynamic Security Modeling with Boolean Logic Driven Markov Processes (BDMP). Proceedings of the 2010 European Dependable Computing Conference, Valencia, Spain.","DOI":"10.1109\/EDCC.2010.32"},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Bistarelli, S., Fioravanti, F., and Peretti, P. (2006, January 20\u201322). Defense trees for economic evaluation of security investments. Proceedings of the First International Conference on Availability, Reliability and Security (ARES\u201906), Vienna, Austria.","DOI":"10.1109\/ARES.2006.46"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"121","DOI":"10.1016\/j.entcs.2007.12.021","article-title":"Analyzing Security Scenarios Using Defence Trees and Answer Set Programming","volume":"197","author":"Bistarelli","year":"2008","journal-title":"Electron. Notes Theor. Comput. Sci."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"161","DOI":"10.1080\/13623079.2011.587206","article-title":"Evaluation of complex security scenarios using defense trees and economic indexes","volume":"24","author":"Bistarelli","year":"2012","journal-title":"J. Exp. Theor. Artif. Intell."},{"key":"ref_13","unstructured":"Ali Babar, M., Vierimaa, M., and Oivo, M. (2010, January 21\u201323). Prioritizing Countermeasures through the Countermeasure Method for Software Security (CM-Sec). Proceedings of the 11th International Conference, PROFES 2010, Limerick, Ireland."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"929","DOI":"10.1002\/sec.299","article-title":"Attack Countermeasure Trees (ACT): Towards Unifying the Constructs of Attack and Defense Trees","volume":"5","author":"Roy","year":"2012","journal-title":"Sec. Commun. Netw."},{"key":"ref_15","unstructured":"Mauw, S., Kordy, B., and Jajodia, S. (2016, January 27). How to Generate Security Cameras: Towards Defence Generation for Socio-Technical Systems. Proceedings of the Third International Workshop, GraMSec 2016, Lisbon, Portugal."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Won, D.H., and Kim, S. (2005, January 1\u20132). Foundations of Attack Trees. Proceedings of the Information Security and Cryptology\u2014ICISC 2005, Seoul, Republic of Korea.","DOI":"10.1007\/11734727"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Pinchinat, S., Acher, M., and Vojtisek, D. (2014, January 1\u20132). Towards Synthesis of Attack Trees for Supporting Computer-Aided Risk Analysis. Proceedings of the SEFM 2014 Collocated Workshops: HOFM, SAFOME, OpenCert, MoKMaSD, WS-FMDS, Grenoble, France.","DOI":"10.1007\/978-3-319-15201-1_24"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Kordy, B., Mauw, S., and Pieters, W. (2014, January 12). Towards Automating the Construction & Maintenance of Attack Trees: A Feasibility Study. Proceedings of the First International Workshop on Graphical Models for Security, GraMSec 2014, Grenoble, France.","DOI":"10.4204\/EPTCS.148.0"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Pinchinat, S., Acher, M., and Vojtisek, D. (2015, January 13). ATSyRa: An Integrated Environment for Synthesizing Attack Trees. Proceedings of the Second International Workshop on Graphical Models for Security (GraMSec\u201915), Verona, Italy.","DOI":"10.1007\/978-3-319-29968-6_7"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Bryans, J., Nguyen, H.N., and Shaikh, S.A. (2019, January 3\u20135). Attack Defense Trees with Sequential Conjunction. Proceedings of the 2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE), Hangzhou, China.","DOI":"10.1109\/HASE.2019.00045"},{"key":"ref_21","first-page":"75","article-title":"Beyond 2014: Formal methods for attack tree-based security modeling","volume":"52","author":"Audinot","year":"2019","journal-title":"ACM Comput. Surv."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"57","DOI":"10.3233\/FI-2017-1531","article-title":"Semantics for specialising attack trees based on linear logic","volume":"153","author":"Horne","year":"2017","journal-title":"Fundam. Inform."},{"key":"ref_23","unstructured":"Foley, S.N., Gollmann, D., and Snekkenes, E. (2017, January 11\u201315). Is My Attack Tree Correct?. Proceedings of the 22nd European Symposium on Research in Computer Security, Oslo, Norway."},{"key":"ref_24","unstructured":"Audinot, M. (2018). Assisted Design and Analysis of Attack Trees. [Ph.D. Thesis, University Rennes 1]."},{"key":"ref_25","unstructured":"(2023, July 01). ATSyRA Studio. Available online: http:\/\/atsyra2.irisa.fr\/."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Vigo, R., Nielson, F., and Nielson, H.R. (2014, January 19\u201322). Automated Generation of Attack Trees. Proceedings of the 2014 IEEE 27th Computer Security Foundations Symposium, Vienna, Austria.","DOI":"10.1109\/CSF.2014.31"},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Vigo, R. (2016). Nielson, F.; Nielson, H. Discovering, quantifying, and displaying attacks. Log. Methods Comput. Sci., 12.","DOI":"10.2168\/LMCS-12(4:5)2016"},{"key":"ref_28","unstructured":"P\u0103s\u0103reanu, C.S., and Sala\u00fcn, G. (2012, January 11\u201313). A Calculus for Quality. Proceedings of the 9th International Symposium, FACS 2012, Mountain View, CA, USA."},{"key":"ref_29","first-page":"1","article-title":"The attack navigator","volume":"9390","author":"Probst","year":"2015","journal-title":"GraMSec 2015 (LNCS)"},{"key":"ref_30","unstructured":"Sowka, K., Cheah, M., Doan, T., Nguyen, H., and Shaikh, S. (2023, July 01). Towards Generation of Attack Trees Using Machine Learning. Available online: https:\/\/pure.coventry.ac.uk\/ws\/portalfiles\/portal\/53429439\/Towards_Generation_of_Attack_Trees.pdf."},{"key":"ref_31","first-page":"100468","article-title":"Systematic threat assessment and security testing of automotive over-the-air (OTA) updates","volume":"35","author":"Mahmood","year":"2022","journal-title":"Veh. Commun."},{"key":"ref_32","doi-asserted-by":"crossref","first-page":"360","DOI":"10.1016\/j.cose.2018.04.008","article-title":"Building an automotive security assurance case using systematic security evaluations","volume":"77","author":"Cheah","year":"2018","journal-title":"Comput. Secur."},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"1110","DOI":"10.1109\/TIFS.2017.2771238","article-title":"An Empirical Evaluation of the Effectiveness of Attack Graphs and Fault Trees in Cyber-Attack Perception","volume":"13","author":"Lallie","year":"2018","journal-title":"IEEE Trans. Inf. Forensics Secur."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Hong, J.B., Kim, D.S., and Takaoka, T. (2013, January 16\u201318). Scalable Attack Representation Model Using Logic Reduction Techniques. Proceedings of the 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications, Melbourne, Australia.","DOI":"10.1109\/TrustCom.2013.51"},{"key":"ref_35","unstructured":"Livraga, G., and Mitchell, C. (2017, January 14\u201315). Refinement-Aware Generation of Attack Trees. Proceedings of the 13th International Workshop, STM 2017, Oslo, Norway."},{"key":"ref_36","first-page":"28","article-title":"THREATGET: Towards Automated Attack Tree Analysis for Automotive Cybersecurity","volume":"14","author":"Chulp","year":"2023","journal-title":"Information"},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Gadyatskaya, O., and Mauw, S. (2019, January 24). Attack Tree Series: A case for dynamic attack tree analysis. Proceedings of the 6th International Workshop, GraMSec 2019, Hoboken, NJ, USA.","DOI":"10.1007\/978-3-030-36537-0_2"},{"key":"ref_38","unstructured":"Ali, A.T., and Gruska, D.P. (2021, January 27\u201328). Attack Trees with Time Constraints. Proceedings of the 29th International Workshop on Concurrency, Specification and Programming (CS&P 2021), Berlin, Germany."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"85","DOI":"10.1007\/978-3-030-01141-3_6","article-title":"Semi-automatically Augmenting Attack Trees Using an Annotated Attack Tree Library","volume":"Volume 11091","author":"Jhawar","year":"2018","journal-title":"Security and Trust Management"},{"key":"ref_40","unstructured":"(2023, July 01). CAPEC\u2014Common Attack Pattern Enumeration and Classification. Available online: https:\/\/capec.mitre.org\/."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Mantel, H., and Probst, C.W. (2019, January 25\u201328). On the meaning and purpose of attack trees. Proceedings of the 2019 IEEE 32nd Computer Security Foundations Symposium (CSF), Hoboken, NJ, USA.","DOI":"10.1109\/CSF.2019.00020"},{"key":"ref_42","unstructured":"Pinchinat, S., Fila, B., Wacheux, F., and Thierry-Mieg, Y. (2019). Lecture Notes in Computer Science (Including Subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Springer International Publishing."},{"key":"ref_43","unstructured":"Laurent, M., and Giannetsos, T. (2019, January 11\u201312). A Template-Based Method for the Generation of Attack Trees. Proceedings of the 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France."},{"key":"ref_44","unstructured":"Sheyner, O., Haines, J., Jha, S., Lippmann, R., and Wing, J. (2002, January 12\u201315). Automated generation and analysis of attack graphs. Proceedings of the 2002 IEEE Symposium on Security and Privacy, Berkeley, CA, USA."},{"key":"ref_45","unstructured":"de Boer, F.S., Bonsangue, M.M., Graf, S., and de Roever, W.P. (2003, January 4\u20137). Tools for Generating and Analyzing Attack Graphs. Proceedings of the Second International Symposium, FMCO 2003, Leiden, The Netherlands."},{"key":"ref_46","unstructured":"Akram, R.N., and Jajodia, S. (2015, January 24\u201325). Attack Tree Generation by Policy Invalidation. Proceedings of the 9th IFIP WG 11.2 International Conference, WISTP 2015, Heraklion, Greece."},{"key":"ref_47","doi-asserted-by":"crossref","unstructured":"Xu, J., Venkatasubramanian, K.K., and Sfyrla, V. (2016, January 18\u201321). A methodology for systematic attack trees generation for interoperable medical devices. Proceedings of the 2016 Annual IEEE Systems Conference (SysCon), Orlando, FL, USA.","DOI":"10.1109\/SYSCON.2016.7490632"},{"key":"ref_48","unstructured":"Santra, S. (2017). Semi-Automated Generation of Networked Vulnerability-Attack Countermeasure Trees for Security Analysis, University of Canterbury."},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"48360","DOI":"10.1109\/ACCESS.2018.2867556","article-title":"A Master Attack Methodology for an AI-Based Automated Attack Planner for Smart Cities","volume":"6","author":"Falco","year":"2018","journal-title":"IEEE Access"},{"key":"ref_50","unstructured":"Cheah, M., Nguyen, H., Bryans, J., and Shaikh, S.A. (2017, January 28\u201329). Formalising Systematic Security Evaluations Using Attack Trees for Automotive Applications. Proceedings of the 11th IFIP WG 11.2 International Conference, WISTP 2017, Heraklion, Greece."},{"key":"ref_51","doi-asserted-by":"crossref","unstructured":"Roscoe, A.W. (2010). Understanding Concurrent Systems, Springer.","DOI":"10.1007\/978-1-84882-258-0"},{"key":"ref_52","unstructured":"(2018, September 05). FDR4. Available online: https:\/\/www.cs.ox.ac.uk\/projects\/fdr\/."},{"key":"ref_53","doi-asserted-by":"crossref","first-page":"35","DOI":"10.1007\/978-3-319-44878-7_3","article-title":"Modelling Attack-Defense Trees Using Timed Automata","volume":"Volume 9884","author":"Gadyatskaya","year":"2016","journal-title":"Formal Modeling and Analysis of Timed Systems"},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"55","DOI":"10.1093\/logcom\/exs029","article-title":"Attack-Defense Trees","volume":"24","author":"Kordy","year":"2014","journal-title":"J. Log. Comput."},{"key":"ref_55","doi-asserted-by":"crossref","unstructured":"Cobos, L.P., Ruddle, A.R., and Sabaliauskaite, G. (2021, January 19\u201323). Cybersecurity Assurance Challenges for Future Connected and Automated Vehicles. Proceedings of the 31st European Safety and Reliability Conference, Angers, France.","DOI":"10.3850\/978-981-18-2016-8_412-cd"},{"key":"ref_56","doi-asserted-by":"crossref","unstructured":"Kumar, R., and Stoelinga, M. (2017, January 12\u201314). Quantitative Security and Safety Analysis with Attack-Fault Trees. Proceedings of the 2017 IEEE 18th International Symposium on High Assurance Systems Engineering (HASE), Singapore.","DOI":"10.1109\/HASE.2017.12"},{"key":"ref_57","doi-asserted-by":"crossref","unstructured":"Andr\u00e9, \u00c9., Lime, D., Ramparison, M., and Stoelinga, M. (2019, January 23\u201328). Parametric Analyses of Attack-Fault Trees. Proceedings of the 2019 19th International Conference on Application of Concurrency to System Design, ACSD 2019, Aachen, Germany.","DOI":"10.1109\/ACSD.2019.00008"},{"key":"ref_58","unstructured":"(2024, July 01). CWE\u2014Common Weakness Enumeration. Available online: https:\/\/cwe.mitre.org\/."},{"key":"ref_59","unstructured":"(2024, July 01). NVD\u2014National Vulnerability Database, Available online: https:\/\/nvd.nist.gov\/."}],"container-title":["Information"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/9\/481\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T20:42:04Z","timestamp":1760128924000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2078-2489\/14\/9\/481"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,8,29]]},"references-count":59,"journal-issue":{"issue":"9","published-online":{"date-parts":[[2023,9]]}},"alternative-id":["info14090481"],"URL":"https:\/\/doi.org\/10.3390\/info14090481","relation":{},"ISSN":["2078-2489"],"issn-type":[{"value":"2078-2489","type":"electronic"}],"subject":[],"published":{"date-parts":[[2023,8,29]]}}}