Abstract

Defence trees are used to represent attack and defence strategies in security scenarios; the aim in such scenarios is to select the best set of countermeasures that are able to stop all the vulnerabilities. In order to represent preferences among possible countermeasures of a given attack, defence trees are enriched with conditional preferences, obtaining a new structure called CP-defence tree. In this paper we transform a CP-defence tree with preferences among attacks and countermeasures in an Answer Set Optimization (ASO) program. The ASO program, representing the overall scenario, is a special composition of the programs associated to each branch of a CP-defence tree. We describe an implementation that select the best set of countermeasure able to mitigate all the vulnerabilities by computing the optimal answer set of the corresponding ASO program.