Malicious-and Accidental-Fault Tolerance for Internet Applications
IST Research Project IST-1999-11583
1 January 2000 - 28 February 2003

Check out a summary of the project, or browse through the original project proposal.

MAFTIA involved experts from 5 countries and 6 organisations. The Industrial Advisory Board provided valuable feedback on the work of the project.

Research was organised into six workpackages.

Find out more about the key scientific results and achievements, and the benefits of this research collaboration.

Final Workshop
Held at Newcastle University, 18-19 February, 2003.

All the MAFTIA deliverables in one place.

A list of MAFTIA-related papers published by members of the project.

Overall Goals

MAFTIA investigated the dependability of distributed applications for very large and heterogeneous user populations, such as Internet-based supply-chain management, auctioning in electronic commerce, and the IT infrastructure of large companies and administrations.

We were primarily interested in systems that are very privacy or security demanding. Such systems should ideally remain operational, providing the correct, intended service and protecting all confidential information from unauthorised access, in spite of malicious faults, as well as accidental faults. Coping with accidental faults, especially operational hardware faults, is a relatively well-understood problem.

However, the problems of repairing the effects of attacks, and of finding means of resuming proper operation, are typically dealt with manually by system administrators. Coping with such attacks automatically is a relatively new and very challenging requirement.

Such an approach, which we call "intrusion-tolerance", contrasts with the more usual security paradigm of preventing attacks from leading to intrusions at all.

For example, most systems using a public-key infrastructure (PKI) put all trust in one single trusted third party (TTP), and if this party fails then security can no longer be guaranteed. Similarly, most work on classical access control assumes a single trustworthy administrative authority which is infeasible in a large-scale heterogeneous environment of mutual mistrust such as the Internet.

Finally, intrusion detection systems rarely consider the possibility of insider attacks. These examples show that the existing paradigm is not sufficient. It is too complex and too expensive to aim at avoiding all damage to the system.