skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis

Abstract

LAVA (the Los Alamos Vulnerability/Risk Assessment system) is a three-part systematic approach to risk assessment that can be used to model risk assessment for a variety of application systems such as computer security systems, communications security systems, and information security systems. The first part of LAVA is the mathematical methodology based on such disciplines as hierarchical system theory, event-tree analysis, possibility theory, and cognitive science. The second part is the general software engine,written for a large class of personal computers, that implements the mathematical risk model. The third part is the application data sets written for a specific application system. The methodology provides a framework for creating applications for the software engine to operate upon; all application-specific information is data. Using LAVA, we build knowledge-based expert systems to assess risks in application systems comprising a subject system and a safeguards system. The subject system model comprises sets of threats, assets, and undesirable outcomes; because the threat to security systems is ever-changing, LAVA provides for an analysis of the dynamic aspects of the threat spectrum. The safeguards system model comprises sets of safeguards functions for protecting the assess from the threats by preventing or ameliorating the undesirable outcomes; sets of safeguardsmore » subfunctions whose performance determine whether the function is adequate and complete; and sets of issues that appear as interactive questionnaires, whose measures define both the weaknesses in the safeguards system and the potential costs of an undesirable outcome occurring. 29 refs.« less

Authors:
 [1]
  1. Los Alamos National Lab., NM (USA)
Publication Date:
Research Org.:
Los Alamos National Laboratory (LANL), Los Alamos, NM (United States)
Sponsoring Org.:
DOE/DP
OSTI Identifier:
5536717
Report Number(s):
LA-UR-89-527; CONF-891064-2
ON: DE89007990
DOE Contract Number:  
W-7405-ENG-36
Resource Type:
Conference
Resource Relation:
Conference: 12. national computer security conference, Baltimore, MD (USA), 10-13 Oct 1989
Country of Publication:
United States
Language:
English
Subject:
99 GENERAL AND MISCELLANEOUS//MATHEMATICS, COMPUTING, AND INFORMATION SCIENCE; COMPUTER ARCHITECTURE; SECURITY; EXPERT SYSTEMS; RISK ASSESSMENT; SAFEGUARDS; 990210* - Supercomputers- (1987-1989)

Citation Formats

Smith, S T. Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis. United States: N. p., 1989. Web.
Smith, S T. Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis. United States.
Smith, S T. 1989. "Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis". United States. https://www.osti.gov/servlets/purl/5536717.
@article{osti_5536717,
title = {Risk assessment and LAVA's (Los Alamos Vulnerability and Risk Assessment) dynamic threat analysis},
author = {Smith, S T},
abstractNote = {LAVA (the Los Alamos Vulnerability/Risk Assessment system) is a three-part systematic approach to risk assessment that can be used to model risk assessment for a variety of application systems such as computer security systems, communications security systems, and information security systems. The first part of LAVA is the mathematical methodology based on such disciplines as hierarchical system theory, event-tree analysis, possibility theory, and cognitive science. The second part is the general software engine,written for a large class of personal computers, that implements the mathematical risk model. The third part is the application data sets written for a specific application system. The methodology provides a framework for creating applications for the software engine to operate upon; all application-specific information is data. Using LAVA, we build knowledge-based expert systems to assess risks in application systems comprising a subject system and a safeguards system. The subject system model comprises sets of threats, assets, and undesirable outcomes; because the threat to security systems is ever-changing, LAVA provides for an analysis of the dynamic aspects of the threat spectrum. The safeguards system model comprises sets of safeguards functions for protecting the assess from the threats by preventing or ameliorating the undesirable outcomes; sets of safeguards subfunctions whose performance determine whether the function is adequate and complete; and sets of issues that appear as interactive questionnaires, whose measures define both the weaknesses in the safeguards system and the potential costs of an undesirable outcome occurring. 29 refs.},
doi = {},
url = {https://www.osti.gov/biblio/5536717}, journal = {},
number = ,
volume = ,
place = {United States},
year = {Sun Jan 01 00:00:00 EST 1989},
month = {Sun Jan 01 00:00:00 EST 1989}
}

Conference:
Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share: