there is the attack tree concept of Bruce Schneier: http://www.schneier.com/paper-attacktrees-ddj-ft.html http://www.counterpane.com/attacktrees.pdf
there is a SW that helps creating such trees: SecurITree from Amenaza, http://www.amenaza.com/
i am working on attack tree of smartcards, and i have the idea of creating as many as possible attack trees for different systems and at the end they can build an Attack Wood of IT security...and of course this wood is like the real one, where new trees are born or old ones die, boughs are broken or outgrown etc.
maybe on HEX (http://www.hex2005.org/) we will have the 1.0 version :-)
any comment, idea, opinion, advise is welcome and thnx in advance!
zoli
