Malicious-and Accidental-Fault Tolerance for Internet Applications
IST Research Project IST-1999-11583
1 January 2000 - 28 February 2003

Check out a summary of the project, or browse through the original project proposal.

MAFTIA involved experts from 5 countries and 6 organisations. The Industrial Advisory Board provided valuable feedback on the work of the project.

Research was organised into six workpackages.

Find out more about the key scientific results and achievements, and the benefits of this research collaboration.

Final Workshop
Held at Newcastle University, 18-19 February, 2003.

All the MAFTIA deliverables in one place.

A list of MAFTIA-related papers published by members of the project.

Contribution to EU Policies

This project addresses directly some aspects that are crucial for the expected development of the Information Society: large network infrastructures, such as the Internet, are vital for the citizens to benefit from the services provided by the Information Society (global market place, education and information, culture, health, …), while preserving or enforcing their human and citizen rights (freedom of expression, privacy, access to knowledge and culture, intellectual property, protection of children against unsuitable contents, …).

But this development depends mostly on how much the users will trust the services offered to them: electronic commerce, for instance, could be seriously impeded if major frauds made the news headings; similarly, public confidence in air travel would drop alarmingly if there were a series of serious accidents due to long periods of outages of air traffic control systems, perhaps due to deliberate interference with these systems by terrorists or disaffected employees. It is thus critical to make such services dependable, and in particular resilient to malicious attacks perpetrated by external hackers or by corrupt insiders (see Section 5, footnote 1). The novel solutions developed by this project should help to this purpose. Our project is thus completely consistent with the European Dependability Initiative, in particular with the aspects concerning survivability and protection of critical infrastructures.

Many European resolutions, recommendations and directives involve, for their real implementation, the use of trustworthy entities (e.g., authentication servers, Certification Authorities or other Trusted-Third-Parties, TTPs) and complex authorisation structures, which should benefit directly from the expected results of this project. Here is a non-exhaustive list of examples:

The Communication "Towards a European framework for digital signatures and encryption" proposes a public key infrastructure based on Certification Authorities. In particular, this document notes in Section 2.3, about key-escrow and key-recovery schemes, and more generally about TTPs, that "any involvement of a third party in confidential communication increases its vulnerability." Our project will help to reduce such vulnerability to an acceptable level by improving trustworthiness of the involved Trusted-Third-Parties.

The Action Plan on "Promoting Safer Use of the Internet" proposes, among other measures, to develop filtering and rating systems involving independent third parties (in particular rating third parties), which could be made more trustworthy by using the techniques developed in our project.

The establishment of the future Internet Domain Name System would greatly benefit of the framework we propose for TTPs.

The protection of personal data and the protection of intellectual property would gain from sophisticated authorisation schemes like those developed in our project.

If successful, our project will contribute significantly to the future development of these actions, and influence the corresponding standards and regulations (e.g., on Trusted-Third Parties). Most of these actions can only be taken at an international, at least European, level as is noted in particular in the "European Initiative on Electronic Commerce". These actions are vital for the European competitiveness in global markets, and for the employment opportunities expected to be provided by the development of the Information Society. Moreover, the consortium brings together complementary expertise from the fields of fault-tolerance, distributed computing, computer security, intrusion detection, and cryptography, which is necessary for a consistent overall design of large-scale dependable systems. Such an expertise can be gathered only at an international level.