RisQFLan: security risk modelling and analysis

RisQFLan concerns an open-source toolset for quantitative graph-based security risk modelling and analysis based on attack-defense trees, which are compact formal models of possible system attacks. RisQFLan allows to build rich models with expressive quantitative constraints in a domain-specific language that combines distinctive features from various well-known formalisms for risk modelling and analysis from the literature. One of these features is the specification of specific dynamic threat profiles by means of explicit (probabilistic) attack behaviour. The analysis capabilities of RisQFLan enhance those of other toolsets from the domain. In particular, RisQFlan caters for exact as well as statistical verification of probabilistic attack scenarios through either probabilistic or statistical model checking.
M.H. ter Beek, A. Legay, A. Lluch Lafuente and A. Vandin, Quantitative Security Risk Modeling and Analysis with RisQFLan. Computers & Security 109 (2021). DOI: 10.1016/j.cose.2021.102381