This paper describes an open-source project called RATCHET whose goal is to create software that can be used by large groups of people to construct attack trees. The value of an attack tree increases when the attack tree explores more scenarios. Crowdsourcing an attack tree reduces the possibility that some options might be overlooked. RATCHET has been tested in classroom settings with positive results. This paper gives an overview of RATCHET and describes some of the features that we plan to add.
Date of creation, presentation, or exhibit
Department, Program, or Center
Department of Computing Security (GCCIS)
Tentilucci, Matthew; Roberts, Nick; Kandari, Shreshth; Johnson, Daryl; Stackpole, Bill; and Markowsky, George, "Crowdsourcing Computer Security Attack Trees" (2015). Accessed from
RIT – Main Campus