Lukas Güthing

Context: Attack-fault trees (AFTs) are used to assess risks for systems either coming from malicious actors (attacks) or errors in the systems (faults). However, AFTs have not been generalized for configurable software to model attacks and faults for a whole product family.

Goal: Extend Attack-Fault Trees to include variability annotations.

Requirements: Prior knowledge of AFTs and software product lines is helpful.