Quiz Entry - updated: 2026.07.05
What is an Attack Tree and how does it help with threat modeling?
A hierarchical diagram with the attacker's goal at the root and the alternative ways to reach it branching below — it maps out every attack path.
An Attack Tree is a hierarchical diagram showing how an attacker could achieve a malicious goal.
Structure:
- Root node = attacker's goal (e.g., "Steal customer data")
- Child nodes = ways to achieve parent goal
- Branches show decomposition of attack paths
Example - "Steal customer data":
- Obtain backup media (burglarize office OR bribe admin)
- Intercept email (hack remote user's home system OR hack SMTP gateway)
- Hack into fileserver (hack through firewall)
Benefits: Visualizes all possible attack paths, helps prioritize defenses, identifies weakest links.
Go deeper:
Bruce Schneier — Attack Trees (1999) — the original paper, with the PGP worked example.
Attack tree (Wikipedia) — worked tree diagrams with OR/AND decomposition of an attacker's goal.