LAVA: A Conceptual Framework for Automated Risk Analysis

  • S. T. Smith
  • J. J. Lim
  • J. R. Phillips
  • R. M. Tisinger
  • D. C. Brown
  • P. D. FitzGerald
Part of the Advances in Risk Analysis book series (AIRA, volume 6)


At Los Alamos National Laboratory, we have developed an original methodology for performing risk analyses on subject systems characterized by a general set of asset categories, a general spectrum of threats, a definable system-specific set of safeguards protecting the assets from the threats, and a general set of outcomes resulting from threats exploiting weaknesses in the safeguards system. The Los Alamos Vulnerability and Risk Assessment Methodology (LAVA) models complex systems having large amounts of “soft” information about both the system itself and occurrences related to the system. Its structure lends itself well to automation on a portable computer, making it possible to analyze numerous similar but geographically separated installations consistently and in as much depth as the subject system warrants. LAVA is based on hierarchical systems theory, event trees, fuzzy sets, natural-language processing, decision theory, and utility theory. LAVA’s framework is a hierarchical set of fuzzy event trees that relate the results of several embedded (or sub-) analyses: a vulnerability assessment providing information about the presence and efficacy of system safeguards, a threat analysis providing information about static (background) and dynamic (changing) threat components coupled with an analysis of asset “attractiveness” to the dynamic threat, and a consequence analysis providing information about the outcome spectrum’s severity measures and impact values. Each sub-analysis can be simplified or made complex, depending on the sensitivity and relative worth of the subject system. Personnel at the subject site see only an interactive questionnaire eliciting from them data about the presence and quality of the safeguards, the potential consequences of a successful threat, and the target organization’s preference structure—the technical expertise is built into the model (and the computer code) itself. LAVA yields quantitative and qualitative insights: a pair of values (monetary and linguistic) express loss exposure for each threat/asset/safeguards-function/outcome quadruple. Using LAVA, we have modeled our widely used computer security application as well as LAVA/CS systems for physical protection, transborder data flow, contract awards, and property management. It is presently being applied for modeling risk management in embedded systems, survivability systems, and weapons systems security. LAVA is especially effective in modeling subject systems that include a large human component.


Vulnerability assessment automated risk analysis threat analysis hierarchical multilevel systems LAVA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    S. T. Smith and J. J. Lim, LAVA: An Automated Computer Security Vulnerability Assessment Software System (Version 0.9), Los Alamos National Laboratory document LA-UR-85–4014 (December 1985).Google Scholar
  2. 2.
    S. Sudman and N. M. Bradburn, Asking Questions: A Practical Guide to Questionnaire Design, Jossey-Bass, Inc., San Francisco (1982).Google Scholar
  3. 3.
    S. T. Smith and J. J. Lim, An Automated Method for Analyzing Computer Security Risk, Proc. 7th DOE Computer Security Group Conference,New Orleans, LA, April 17–19, 1984, Los Alamos National Laboratory document LA-UR-84–438.Google Scholar
  4. 4.
    S. T. Smith and J. J. Lim, An Automated Method for Assessing the Effectiveness of Computer Security Safeguards, Proc. IFIPS Second International Congress on Computer Security,Toronto, Canada, September 10–12, 1984, Los Alamos National Laboratory document LA-UR-84–2744.Google Scholar
  5. 5.
    S. T. Smith and J. J. Lim, An Automated Interactive Expert System for Evaluating the Effectiveness of Computer Security Measures, Proc. 7th Department of Defense/National Bureau of Standards Computer Security Conference,Gaithersburg, MD, September 24–26, 1984, Los Alamos National Laboratory document LA-UR-84–1580.Google Scholar
  6. 6.
    S. T. Smith and J. J. Lim, Framework for Generating Expert Systems to Perform Computer Security Risk Analysis, Proc. First Annual Armed Forces Communications and Electronics Association Symposium and Exposition on Physical and Electronics Security,Philadelphia, PA, August 19–21, 1985, Los Alamos National Laboratory document LA-UR-85–1933.Google Scholar
  7. 7.
    S. T. Smith and J. J. Lim, Assessment of Computer Security Effectiveness for Safe Plant Operation, Trans. Am. Nucl. Soc. 46:525–526 (1984), Los Alamos National Laboratory document LA-UR-84–99.Google Scholar
  8. 8.
    S. T. Smith and J. J. Lim, An Automated Procedure for Performing Computer Security Risk Analysis, Proc. Sixth Annual Symposium on Safeguards and Nuclear Material Management, European Safeguards Research and Development Association, Joint Research Centre, Ispra, Italy, ESARDA 17, pp. 527–530 (1984).Google Scholar
  9. 9.
    S. T. Smith, D. C. Brown, T. H. Erkkila, P. D. FitzGerald, J. J. Lim, L. Masasgli, J. R. Phillips, and R. M. Tisinger, LAVA — A Conceptual Framework for Automated Risk Assessment, Nucl. Mater. Manage. XV:256–259 (Proceedings Issue) (1986).Google Scholar
  10. 10.
    S. T. Smith, J. J. Lim, and J. Lobel, Application of Risk Assessment Methodology to Transborder Data Flow, Handbook on the International Information Economy, Transnational Data Report, Springfield, VA LA-UR-85–2416 (November 1985).Google Scholar
  11. 11.
    S. T. Smith, J. R. Phillips, D. C. Brown, and P. D. FitzGerald, Assessing the Threat Component for the LAVA Risk Management Methodology, Proc. 9th DOE Computer Security Group Conference,Las Vegas, NV, May 6–8, 1986, Los Alamos National Laboratory document LA-UR-86–741.Google Scholar
  12. 12.
    M. D. Mesarovic, D. Macks, and Y. Takahara, Theory of Hierarchical Multilevel Systems, Academic Press, New York and London (1970).Google Scholar
  13. 13.
    K. J. Schmucker, Fuzzy Sets, Natural Language Computations, and Risk Analysis, Computer Science Press, Rockville, MD (1984).Google Scholar
  14. 14.
    L. A. Zadeh, K.-S. Fu, K. Tanaka, and M. Shimura (Eds.), Fuzzy Sets and Their Applications to Cognitive and Decision Processes, pp. 1–39, Academic Press, New York (1975).Google Scholar

Copyright information

© Springer Science+Business Media New York 1990

Authors and Affiliations

  • S. T. Smith
    • 1
  • J. J. Lim
    • 2
  • J. R. Phillips
    • 1
  • R. M. Tisinger
    • 1
  • D. C. Brown
    • 3
  • P. D. FitzGerald
    • 3
  1. 1.Los Alamos National LaboratoryLos AlamosUSA
  2. 2.Lim and Orzechowski AssociatesWalnut CreekUSA
  3. 3.U.S. GovernmentUSA

Personalised recommendations