Architectural Frameworks for Composable Survivability and Security

DARPA CHATS Web site for Contract No. N66001-01-C-8040
CHATS = Composable High-Assurance Trustworthy Systems
ARPA Order M132
SRI Project 11459, 29 June 2001 to 28 December 2004
Project URL:

Peter Neumann, Principal Investigator
Principal Scientist, Computer Science Laboratory
SRI International EL-243, 333 Ravenswood Ave
Menlo Park California 94025-3493, USA

Web page:
Tel: 650/859-2375
Fax: 650/859-2844

This Web site ( can also be reached from the top-level CSL Web site ( by clicking on "CSL Staff" and then "Neumann", then "our CHATS project".

  • Nature of the Project
  • DARPA Quad Chart
  • Project Advisory Board
  • Project Information and Documents
  • Other Relevant URLs
  • Background
  • Nature of the Project

    The project consists of three tasks:
  • Task 1 (two years, extended to 3.5 years): Distributed system and network architectures, with high survivability and security, interoperability, composability, and evolvability, with potentials for high assurance, exploiting the open-source paradigm (but also typically applicable to proprietary closed-source software as well). This is a long-term approach that includes various short-term payoffs. The task is led by Peter Neumann, with participation of Drew Dean, with oversight from the project advisory board. This task addresses composability, high assurance, and trustworthiness within a coherent approach, with three subtasks.

  • Task 2 (two years): SRI consulting pool for the CHATS program as a whole. The other CHATS projects were invited to request our involvement in their projects, as appropriate.

  • Task 3 (first year only, work now completed): This task involves a short-term potentially high-payoff approach, with static analysis capable of detecting fundamental characteristic common security vulnerabilities in source code. The approach combines models of the vulnerabilities with model checking related to the source code. The approach is intentionally open-ended, with linearly increasing complexity of composability as various new vulnerability types are accommodated. The team for this task includes Professor David Wagner and two of his graduate students in the Computer Science Department in the University of California at Berkeley, with participation of Drew Dean at SRI and supervision of Peter Neumann. See David Wagner's project site for emerging progress information on this task. A plan for how the software developments of this task could subsequently be integrated into the EMERALD framework will be included in Task 1. Several different approaches are foreseen, such as (a) automatically coupling the vulnerability models with EMERALD rule bases, and (b) applying the static analysis to EMERALD modules.
  • DARPA Quad Chart

    The URL for the DARPA Quad Chart is

    Project Advisory Board

    The advisory board consists of the following members, who participate informally as a review panel -- primarily via e-mail discussions.

    Project Information and Documents

    A summary of the project as of early 2003 appeared in the DISCEX03 proceedings, Achieving Principled Assuredly Trustworthy Composable Systems and Networks in pdf form.

    The final report is now on-line, dated 28 December 2004: Principled Assuredly Trustworthy Composable Architectures
    html, pdf, and ps.

    The report was originally due on 28 June 2003, but was delayed because of several hitches in the incremental funding.

    Other Relevant URLs

    DARPA program Web site: (The CHATS program is concluded.)
    Peter Neumann's Web site: and project site:
    Drew Dean's Web site:
    David Wagner's main Web site: http://www.cs.berkeley/~daw/
    and project site: http://www.cs.berkeley/~daw/research/ss/.
    The recent work of Hao Chen and David Wagner, including David's doctoral thesis and a (somewhat misleadingly named) joint paper with Drew Dean (``Intrusion Detection via Static Analysis'', available on David's Web site) in the Proceedings of the 2001 IEEE Symposium on Security and Privacy, was one of the starting points for the Task 3 approach. See our final report for more recent details.


    Peter Neumann's final report for the Army Research Lab, Practical Architectures for Survivable Systems and Networks, 30 June 2000, is available on his Web site, for browsing in html, and for printing in PostScript, and in pdf. From the abstract: This report summarizes the analysis of information system survivability. It considers how survivability relates to other requirements such as security, reliability, and performance. It considers a hierarchical layering of requirements, as well as interdependencies among those requirements. It identifies inadequacies in existing commercial systems and the absence of components that hinder the attainment of survivability. It recommends specific architectural structures and other approaches that can help overcome those inadequacies, including research and development directions for the future. It also stresses the importance of system operations, education, and awareness as part of a balanced approach toward attaining survivability.