MergeTree: a Tree Model with Merged Nodes for Threat Induction

Abstract

Threat tree model can clearly organize threat induction information and thus is widely used for risk analysis in software assurance. Threat tree will grow to complicated structures, e.g., the number of nodes and branches, when the threat information grows to a huge volume. To extend the scalability of the threat tree model, we propose a tree model with merged nodes so as to largely decrease the number of nodes and branches. The formal model and dedicated algorithms are proposed in details. The experimental results show the practicality of MergeTree. We also formally analyze the soundness and completeness of the proposed model.