An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability

Ítalo Oliveira; Stefano Maria Nicoletti; Gal Engelberg; Mattia Fumagalli; Dan Klein; Giancarlo Guizzardi

doi:10.3233/FAIA250491

An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability

Ítalo Oliveira, Stefano Maria Nicoletti, Gal Engelberg, Mattia Fumagalli, Dan Klein, Giancarlo Guizzardi

Department of Information Systems

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker’s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.

Original language	English
Title of host publication	Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025
Editors	Tiago Prince Sales, Claudio Masolo, C. Maria Keet
Publisher	IOS Press BV
Pages	151-165
Number of pages	15
ISBN (Electronic)	9781643686172
DOIs	https://doi.org/10.3233/FAIA250491
State	Published - 28 Aug 2025
Event	15th Formal Ontology in Information Systems Conference, FOIS 2025 - Catania, Italy Duration: 10 Sep 2025 → 12 Sep 2025

Publication series

Name	Frontiers in Artificial Intelligence and Applications
Volume	409
ISSN (Print)	0922-6389
ISSN (Electronic)	1879-8314

Conference

Conference	15th Formal Ontology in Information Systems Conference, FOIS 2025
Country/Territory	Italy
City	Catania
Period	10/09/25 → 12/09/25

Bibliographical note

Publisher Copyright:
© 2025 The Authors.

Keywords

attack trees
ontological analysis
risk ontologies

ASJC Scopus subject areas

Artificial Intelligence

Access to Document

10.3233/FAIA250491

Cite this

Oliveira, Í., Nicoletti, S. M., Engelberg, G., Fumagalli, M., Klein, D., & Guizzardi, G. (2025). An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. In T. P. Sales, C. Masolo, & C. M. Keet (Eds.), Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025 (pp. 151-165). (Frontiers in Artificial Intelligence and Applications; Vol. 409). IOS Press BV. https://doi.org/10.3233/FAIA250491

Oliveira, Ítalo ; Nicoletti, Stefano Maria ; Engelberg, Gal et al. / An Ontological Lens on Attack Trees : Toward Adequacy and Interoperability. Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. editor / Tiago Prince Sales ; Claudio Masolo ; C. Maria Keet. IOS Press BV, 2025. pp. 151-165 (Frontiers in Artificial Intelligence and Applications).

@inproceedings{4b640ebaeefc489ea9d092f223d78c44,

title = "An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability",

abstract = "Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker{\textquoteright}s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.",

keywords = "attack trees, ontological analysis, risk ontologies",

author = "{\'I}talo Oliveira and Nicoletti, \{Stefano Maria\} and Gal Engelberg and Mattia Fumagalli and Dan Klein and Giancarlo Guizzardi",

note = "Publisher Copyright: {\textcopyright} 2025 The Authors.; 15th Formal Ontology in Information Systems Conference, FOIS 2025 ; Conference date: 10-09-2025 Through 12-09-2025",

year = "2025",

month = aug,

day = "28",

doi = "10.3233/FAIA250491",

language = "English",

series = "Frontiers in Artificial Intelligence and Applications",

publisher = "IOS Press BV",

pages = "151--165",

editor = "Sales, \{Tiago Prince\} and Claudio Masolo and Keet, \{C. Maria\}",

booktitle = "Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025",

address = "Netherlands",

}

Oliveira, Í, Nicoletti, SM, Engelberg, G, Fumagalli, M, Klein, D & Guizzardi, G 2025, An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. in TP Sales, C Masolo & CM Keet (eds), Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. Frontiers in Artificial Intelligence and Applications, vol. 409, IOS Press BV, pp. 151-165, 15th Formal Ontology in Information Systems Conference, FOIS 2025, Catania, Italy, 10/09/25. https://doi.org/10.3233/FAIA250491

An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. / Oliveira, Ítalo; Nicoletti, Stefano Maria; Engelberg, Gal et al.
Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. ed. / Tiago Prince Sales; Claudio Masolo; C. Maria Keet. IOS Press BV, 2025. p. 151-165 (Frontiers in Artificial Intelligence and Applications; Vol. 409).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - An Ontological Lens on Attack Trees

T2 - 15th Formal Ontology in Information Systems Conference, FOIS 2025

AU - Oliveira, Ítalo

AU - Nicoletti, Stefano Maria

AU - Engelberg, Gal

AU - Fumagalli, Mattia

AU - Klein, Dan

AU - Guizzardi, Giancarlo

PY - 2025/8/28

Y1 - 2025/8/28

N2 - Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker’s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.

AB - Attack Trees (AT) are a popular formalism for security analysis. They are meant to display an attacker’s goal decomposed into attack steps needed to achieve it and compute certain security metrics (e.g., attack cost, probability, and damage). ATs offer three important services: (a) conceptual modeling capabilities for representing security risk management scenarios, (b) a qualitative assessment to find root causes and minimal conditions of successful attacks, and (c) quantitative analyses via security metrics computation under formal semantics, such as minimal time and cost among all attacks. Still, the AT language presents limitations due to its lack of ontological foundations, thus compromising associated services. Via an ontological analysis grounded in the Common Ontology of Value and Risk (COVER)— a reference core ontology based on the Unified Foundational Ontology (UFO)— we investigate the ontological adequacy of AT and reveal four significant shortcomings: (1) ambiguous syntactical terms that can be interpreted in various ways; (2) ontological deficit concerning crucial domain-specific concepts; (3) lacking modeling guidance to construct ATs decomposing a goal; (4) lack of semantic interoperability, resulting in ad hoc stand-alone tools. We also discuss existing incremental solutions and how our analysis paves the way for overcoming those issues through a broader approach to risk management modeling.

KW - attack trees

KW - ontological analysis

KW - risk ontologies

UR - https://www.scopus.com/pages/publications/105021215104

U2 - 10.3233/FAIA250491

DO - 10.3233/FAIA250491

M3 - Conference contribution

AN - SCOPUS:105021215104

T3 - Frontiers in Artificial Intelligence and Applications

SP - 151

EP - 165

BT - Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025

A2 - Sales, Tiago Prince

A2 - Masolo, Claudio

A2 - Keet, C. Maria

PB - IOS Press BV

Y2 - 10 September 2025 through 12 September 2025

ER -

Oliveira Í, Nicoletti SM, Engelberg G, Fumagalli M, Klein D, Guizzardi G. An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability. In Sales TP, Masolo C, Keet CM, editors, Formal Ontology in Information Systems - Proceedings of the 15th International Conference, FOIS 2025. IOS Press BV. 2025. p. 151-165. (Frontiers in Artificial Intelligence and Applications). doi: 10.3233/FAIA250491

An Ontological Lens on Attack Trees: Toward Adequacy and Interoperability

Abstract

Publication series

Conference

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this