Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis
Abstract
LAVA (the Los Alamos Vulnerability/Risk Assessment system) is a three-part systematic approach to risk assessment that can be used to model risk assessment for a variety of application systems such as computer security systems, communications security systems, and information security systems. The first part of LAVA is the mathematical methodology based on such disciplines as hierarchical system theory, event-tree analysis, possibility theory, and cognitive science. The second part is the general software engine,written for a large class of personal computers, that implements the mathematical risk model. The third part is the application data sets written for a specific application system. The methodology provides a framework for creating applications for the software engine to operate upon; all application-specific information is data. Using LAVA, we build knowledge-based expert systems to assess risks in application systems comprising a subject system and a safeguards system. The subject system model comprises sets of threats, assets, and undesirable outcomes; because the threat to security systems is ever-changing, LAVA provides for an analysis of the dynamic aspects of the threat spectrum. The safeguards system model comprises sets of safeguards functions for protecting the assess from the threats by preventing or ameliorating the undesirable outcomes; sets of safeguardsmore »
- Authors:
-
- Los Alamos National Lab., NM (USA)
- Publication Date:
- Research Org.:
- Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
- Sponsoring Org.:
- DOE/DP
- OSTI Identifier:
- 5536717
- Report Number(s):
- LA-UR-89-527; CONF-891064-2
ON: DE89007990
- DOE Contract Number:
- W-7405-ENG-36
- Resource Type:
- Conference
- Resource Relation:
- Conference: 12. national computer security conference, Baltimore, MD (USA), 10-13 Oct 1989
- Country of Publication:
- United States
- Language:
- English
- Subject:
- 99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; COMPUTER ARCHITECTURE; SECURITY; EXPERT SYSTEMS; RISK ASSESSMENT; SAFEGUARDS; 990210* - Supercomputers- (1987-1989)
Citation Formats
Smith, S T. Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis. United States: N. p., 1989.
Web.
Smith, S T. Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis. United States.
Smith, S T. 1989.
"Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis". United States. https://www.osti.gov/servlets/purl/5536717.
@article{osti_5536717,
title = {Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis},
author = {Smith, S T},
abstractNote = {LAVA (the Los Alamos Vulnerability/Risk Assessment system) is a three-part systematic approach to risk assessment that can be used to model risk assessment for a variety of application systems such as computer security systems, communications security systems, and information security systems. The first part of LAVA is the mathematical methodology based on such disciplines as hierarchical system theory, event-tree analysis, possibility theory, and cognitive science. The second part is the general software engine,written for a large class of personal computers, that implements the mathematical risk model. The third part is the application data sets written for a specific application system. The methodology provides a framework for creating applications for the software engine to operate upon; all application-specific information is data. Using LAVA, we build knowledge-based expert systems to assess risks in application systems comprising a subject system and a safeguards system. The subject system model comprises sets of threats, assets, and undesirable outcomes; because the threat to security systems is ever-changing, LAVA provides for an analysis of the dynamic aspects of the threat spectrum. The safeguards system model comprises sets of safeguards functions for protecting the assess from the threats by preventing or ameliorating the undesirable outcomes; sets of safeguards subfunctions whose performance determine whether the function is adequate and complete; and sets of issues that appear as interactive questionnaires, whose measures define both the weaknesses in the safeguards system and the potential costs of an undesirable outcome occurring. 29 refs.},
doi = {},
url = {https://www.osti.gov/biblio/5536717},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Sun Jan 01 00:00:00 EST 1989},
month = {Sun Jan 01 00:00:00 EST 1989}
}