Integrating CARVER Vulnerability Assessment Methodology with BIM for Security-by-Design in Critical Infrastructure Projects

This paper presents the concept and implementation of the BIM–CARVER tool, which integrates the CARVER vulnerability assessment methodology (Criticality, Accessibility, Recuperability, Vulnerability, Effect, Recognizability) with an open BIM environment based on the IFC standard. Originally developed by the US military for target analysis, the CARVER methodology has evolved into a defensive tool for protecting critical infrastructure. Traditionally, physical security assessments of buildings are performed manually, separately from the digital model, which contradicts the principles of Security by Design, which assume that security aspects should be taken into account at the early stages of design. As part of research conducted in accordance with the Design Science Research methodology, a plugin for the Bonsai platform (BlenderBIM) was developed, enabling the assignment of vulnerability assessments to individual elements of the IFC model according to six CARVER criteria on a scale of 1-10, visualization of results directly in the modeling environment, and generation of security reports in HTML format. The tool was validated on a set of ten building models of varying purpose and complexity. The results confirmed the effectiveness of the tool in systematically identifying and classifying building elements into four risk categories: critical, important, significant, and insignificant. The developed solution supports designers and security specialists in the proactive identification of threats and enables the comparison of design variants in terms of the aggregated risk level, contributing to the implementation of Security by Design principles in design practice.