Title: Architectural Frameworks for Composable Survivability and Security
ARPA Order: M132; Contract Number: N66001-01-C-8040 

M132: Architectural Frameworks for Composable Survivability and Security
--------------------------------------------------------------------------
                                       |
1. Architecturally    2. Silk Purses   | NEW IDEAS (& some good old ones):
Isolating Mistrust    and Sows' Ears   |
                     _______________   | 1. Architectural frameworks that
_________________    : More-robust :   | minimize dependence on weak
: Less-trusted  :    :   systems   :   | components, with demonstrably
:  noncritical  :    ----/--|--\----   | strong critical components
: functionality :       /   |   \      |
-------|---------     _/_  _|_  _\_    | 2. Systematization of trustworthy
       |              :?:  :?:  :?:    | systems composed of interoperable 
_______V_________     ---  ---  ---    | less trustworthy components
:  Trustworthy  :     Not-so-robust    |
:   critical    :     or potentially   | 3. Principle-driven static code 
: functionality :     untrustworthy    | analysis to identify flawed  
-----------------     subsystems       | and malicious code
                                       |
--------------------------------------------------------------------------
                                |
IMPACT:                         |       PROJECT SCHEDULE:
Long-term highly principled     |      month 3  6  9 12      20  24    30 
robust architectural view with  |  Task 1  ..a..b..c..d.......e...e.....f
short-term payoffs can yield    |  Task 2  .............................g
secure open-source systems.     |  Task 3  ...h.i.....j
                                | 
Composable interoperable robust |  a: 1st robust composability templates 
critical components can reduce  |  b: 1st design principles 
dependence on flawed systems,   |  c: 1st architectural frameworks 
with greater overall security.  |  d: Iteration, interim first-year report
                                |  e: Iteration, draft final report
Task 3: Improved detectability  |  f: Final report [contract extended]
of malicious source code and    |  g: Summaries of consulting outreach
security flaws, based on        |  h: Principles and properties selected
principle-based static analysis |  i: Model-checking tool prototype
(Berkeley subcontract)          |  j: Model-checking results, final report
                                |
--------------------------------------------------------------------------

SRI Computer Science Lab, PI: Peter G. Neumann
Project URL: http://www.csl.sri.com/neumann/chats.html
Working draft final report: http://www.csl.sri.com/neumann/chats4.html