Barbara FILA

Slava Ukraini!

SAND attack trees

A SAND attack tree is a graphical model decomposing an attack scenario into basic actions to be executed by the attacker. SAND attack trees extend classical attack trees by including the sequential conjunctive operator (SAND) to the formalism. They thus allow to differentiate actions that need to be executed sequentially from those that can be performed in parallel. Formal foundations of SAND attack trees are presented in our IFIP SEC'15 paper. Since several structurally different SAND attack trees can represent the same attack scenario, it is important to be able to decide which SAND attack trees are equivalent.


SPTool, described in our CRiSIS'16 tool paper, is free, open source software for checking equivalence of two SAND attack trees and computing their canonical forms. SPTool relies on a term rewriting system axiomatizing the SAND attack tree formalism and it uses Maude as the underlying computing engine.

You can download the jar with all dependencies included here. The sources are available here.