Skip to Main Content
Vulnerabilities in intrusion tolerant systems have dependence on various dynamic aspects such as redundant mechanisms, fault and error recovery mechanisms, and different operation modes. The conventional nodes of attack trees cannot adequately capture the attacks towards those systems, thus constructing security models for the systems is very difficult. This paper introduces new nodes to model the security of those systems. The nodes include: PAND node, k/n node, SEQ node, CSUB node, and Housing node. We provide the syntax and graphical representation for each node. The nodes allow us to model attacks that require exploitation of vulnerabilities which have dependence on ordering events, sequence-dependant events, conditional failures and mechanisms which involve configuration changes with time. We use the nodes to construct attack trees for different security related systems.