Date of Award


Document Type


Degree Name

Doctor of Philosophy (PhD)


Department of Electrical and Computer Engineering

First Advisor

Richard A. Raines, PhD


Attack trees have been developed to describe processes by which malicious users attempt to exploit or break complex systems. Attack trees offer a method of decomposing, visualizing, and determining the cost or likelihood of attacks. Attack trees by themselves do not provide enough decision support to system defenders. This research develops the concept of using protection trees to offer a detailed risk analysis of a system. In addition to developing protection trees, this research improves the existing concept of attack trees and develops rule sets for the manipulation of metrics used in the security of complex systems. This research specifically develops the framework for using an attack and protection tree methodology to analyze the security of complex systems. The structure of attack trees is extended and modified to create protection trees. To validate the effectiveness of the methodology, the Schematic Protection Model (SPM) is used. The SPM is extended and applied to verify that a system protected using the attack and protection tree methodology is safe. To demonstrate the general usefulness of this novel methodology, it is used to analyze the security of several varied domains including computer networks, online banking, homeland security, and mobile ad hoc networks.

AFIT Designator


DTIC Accession Number