Uniform analysis of fault trees through model transformations

Enno Ruijters, Stefano Schivo, Mariëlle Stoelinga, Arend Rensink

Research output: Chapter in Book/Report/Conference proceedingConference Article in proceedingAcademicpeer-review


As the critical systems we rely on every day, such as nuclear power plants and airplanes, become ever more complex, the need to rigorously verify the safety and dependability of these systems is becoming very clear. Furthermore, deliberate attacks have become a prominent cause of concern for safety and reliability. One of the most prominent techniques for analyzing such systems is fault tree analysis (FTA), and a whole forest of variants, extensions, and analysis tools have been developed. In the security field, FTA was the inspiration for attack trees, used to analyze systems for vulnerability to malicious attacks. These formalisms are rarely compatible, making it difficult to exploit their different strengths in analyzing the same system. The key contribution of this paper is a meta-model describing many varieties of fault and attack trees, and well as combined attack-fault trees. We provide translations to and from different formalisms, as well as our own analysis engine for combined models. We demonstrate this framework on three case studies.
Original languageEnglish
Title of host publication2017 Annual Reliability and Maintainability Symposium (RAMS)
Place of PublicationUnited States
PublisherInstitute of Electrical and Electronics Engineers Inc.
ISBN (Print)978-1-5090-5285-1
Publication statusPublished - 23 Jan 2017
Externally publishedYes
Event2017 Annual Reliability and Maintainability Symposium (RAMS) - Rosen Plaza Hotel, Orlando, United States
Duration: 23 Jan 201726 Jan 2017


Conference2017 Annual Reliability and Maintainability Symposium (RAMS)
Abbreviated titleRAMS 2017
Country/TerritoryUnited States
Internet address


  • EWI-27223, Metamodelling, Fault Tree Analysis, Attack-fault trees, IR-101865, EC Grant Agreement nr.: FP7/318003


Dive into the research topics of 'Uniform analysis of fault trees through model transformations'. Together they form a unique fingerprint.

Cite this