This manuscript is the author version of the manuscript of the same name published in Fundamenta Informatica 182(1).This manuscript is an extended version of the manuscript of the same name published in the proceedings of the 19th International Conference on Application of Concurrency to System Design (ACSD 2019).International audienceRisk assessment of cyber-physical systems, such as power plants, connected devices and IT-infrastructures has always been challenging: safety (i.e., absence of unintentional failures) and security (i.e., no disruptions due to attackers) are conditions that must be guaranteed. One of the traditional tools used to consider these problems is attack trees, a treebased formalism inspired by fault trees, a well-know...