skip to main content
OSTI.GOV title logo U.S. Department of Energy
Office of Scientific and Technical Information

Title: Adversary-defender modeling grammar for vulnerability analysis and threat assessment .


No abstract prepared.

Publication Date:
Research Org.:
Sandia National Laboratories
Sponsoring Org.:
OSTI Identifier:
Report Number(s):
TRN: US200616%%28
DOE Contract Number:
Resource Type:
Resource Relation:
Conference: Proposed for presentation at REDTEAM 2006 held May 2-4, 2006 in Albuquerque, NM.
Country of Publication:
United States

Citation Formats

Merkle, Peter Benedict. Adversary-defender modeling grammar for vulnerability analysis and threat assessment .. United States: N. p., 2006. Web.
Merkle, Peter Benedict. Adversary-defender modeling grammar for vulnerability analysis and threat assessment .. United States.
Merkle, Peter Benedict. Mon . "Adversary-defender modeling grammar for vulnerability analysis and threat assessment .". United States. doi:.
title = {Adversary-defender modeling grammar for vulnerability analysis and threat assessment .},
author = {Merkle, Peter Benedict},
abstractNote = {No abstract prepared.},
doi = {},
journal = {},
number = ,
volume = ,
place = {United States},
year = {Mon May 01 00:00:00 EDT 2006},
month = {Mon May 01 00:00:00 EDT 2006}

Other availability
Please see Document Availability for additional information on obtaining the full-text document. Library patrons may search WorldCat to identify libraries that hold this conference proceeding.

Save / Share:
  • No abstract prepared.
  • Vulnerability analysis and threat assessment require systematic treatments of adversary and defender characteristics. This work addresses the need for a formal grammar for the modeling and analysis of adversary and defender engagements of interest to the National Nuclear Security Administration (NNSA). Analytical methods treating both linguistic and numerical information should ensure that neither aspect has disproportionate influence on assessment outcomes. The adversary-defender modeling (ADM) grammar employs classical set theory and notation. It is designed to incorporate contributions from subject matter experts in all relevant disciplines, without bias. The Attack Scenario Space U{sub S} is the set universe of all scenariosmore » possible under physical laws. An attack scenario is a postulated event consisting of the active engagement of at least one adversary with at least one defended target. Target Information Space I{sub S} is the universe of information about targets and defenders. Adversary and defender groups are described by their respective Character super-sets, (A){sub P} and (D){sub F}. Each super-set contains six elements: Objectives, Knowledge, Veracity, Plans, Resources, and Skills. The Objectives are the desired end-state outcomes. Knowledge is comprised of empirical and theoretical a priori knowledge and emergent knowledge (learned during an attack), while Veracity is the correspondence of Knowledge with fact or outcome. Plans are ordered activity-task sequences (tuples) with logical contingencies. Resources are the a priori and opportunistic physical assets and intangible attributes applied to the execution of associated Plans elements. Skills for both adversary and defender include the assumed general and task competencies for the associated plan set, the realized value of competence in execution or exercise, and the opponent's planning assumption of the task competence.« less
  • LAVA (the Los Alamos Vulnerability/Risk Assessment system) is a three-part systematic approach to risk assessment that can be used to model risk assessment for a variety of application systems such as computer security systems, communications security systems, and information security systems. The first part of LAVA is the mathematical methodology based on such disciplines as hierarchical system theory, event-tree analysis, possibility theory, and cognitive science. The second part is the general software engine,written for a large class of personal computers, that implements the mathematical risk model. The third part is the application data sets written for a specific application system.more » The methodology provides a framework for creating applications for the software engine to operate upon; all application-specific information is data. Using LAVA, we build knowledge-based expert systems to assess risks in application systems comprising a subject system and a safeguards system. The subject system model comprises sets of threats, assets, and undesirable outcomes; because the threat to security systems is ever-changing, LAVA provides for an analysis of the dynamic aspects of the threat spectrum. The safeguards system model comprises sets of safeguards functions for protecting the assess from the threats by preventing or ameliorating the undesirable outcomes; sets of safeguards subfunctions whose performance determine whether the function is adequate and complete; and sets of issues that appear as interactive questionnaires, whose measures define both the weaknesses in the safeguards system and the potential costs of an undesirable outcome occurring. 29 refs.« less
  • In the procedure for the assessment of material control systems being developed at Lawrence Livermore Laboratory, one of the major requirements is the systematic development of adversary action sequences and stimuli. Stimuli refer to the disturbances in state or process variables that occur as the result of adversary activity, such as diversion or concealment activities. This paper presents an approach to generate adversary action sequences on the basis of graph theory and fault tree analysis. The resulting stimuli can then be generated from these sequences.
  • A computer-based method for security system evaluation and improvement called Matrix Analysis for the Insider Threat (MAIT) was developed and reported on previously by Science Applications International Corporation (SAIC). MAIT is a sophisticated method for the analysis of safeguards or security systems that determines if single or multiple insiders can covertly sabotage a facility or system or can covertly divert a resource that is present in the facility or system. The MAIT code was initially developed for application to theft from fuel cycle facilities. The MAIT method provides a detailed, organized way to exhaustively examine the safeguards or security systemmore » against these covert threats. An evaluation of this broad scope is beyond the reasonable capability of an analyst working without computer assistance. The MAIT analysis is conducted by first manually collecting detailed facility design data and access and control information for each individual safeguard measure. With this information, the MAIT computer code synthesizes every possible situation and returns data to the analyst concerning those particular events that are not adequately projected.« less