This sounds like a good way to think about exploit chains (though I'm not an expert)