Malicious-and Accidental-Fault Tolerance for Internet Applications
IST Research Project IST-1999-11583
1 January 2000 - 28 February 2003

Check out a summary of the project, or browse through the original project proposal.

MAFTIA involved experts from 5 countries and 6 organisations. The Industrial Advisory Board provided valuable feedback on the work of the project.

Research was organised into six workpackages.

Find out more about the key scientific results and achievements, and the benefits of this research collaboration.




Conceptual Model and Architecture
WP1 concentrated on the Conceptual Model and Architecture of attack tolerance.
Deliverables...


Dependable Middleware
WP2 developed a modular and scalable cryptographic group-oriented middleware suite
Deliverables...


Intrusion Detection
WP3 investigated ways of reducing the high rate of false positives and false negatives for existing Intrusion Detection Systems (IDSs), whilst making the IDS itself intrusion-tolerant
Deliverables...


Trusted Third Parties
WP4 designed a generic architecture for dependable Trusted Third Party (TTP) services based on results from WP2.
Deliverables...



Distributed Authorisation
In WP5, we defined a framework for access control and authorisation
Deliverables...



Verification and Assessment
WP6
worked towards formalisation of the MAFTIA conceptual model
Deliverables...

Description of the Work

Research was structured into six technical workpackages (WP). The output of each workpackage takes the form of deliverables. These include prototype implementation and demonstrations, as well as technical papers and reports.

There were three main areas of work: concepts and architecture, mechanisms and protocols, and verification and assessment.

Conceptual Model and Architecture

WP1 developed a conceptual model and architecture for intrusion tolerant systems. The core dependability concepts were refined with respect to malicious faults, and an integrated framework for combining intrusion detection with intrusion tolerance was developed.

Dependable Middleware

WP2 developed a modular and scalable cryptographic group-oriented middleware suite, suitable for supporting reliable multi-party interactions under partial synchrony models and subject to malicious as well as accidental faults.

We also developed a framework for building intrusion-tolerant transactional systems that are as resilient to attacks as they are to accidental faults.

Intrusion Detection

WP3 investigated ways of reducing the high rate of false positives and false negatives for existing Intrusion Detection Systems (IDSs), whilst making the IDS itself intrusion-tolerant.

Trusted Third Parties

In WP4 we designed a generic architecture for dependable Trusted Third Party (TTP) services based on results from WP2.

We specified the services that the TTP needed to provide, then implemented the protocols in a first prototype.

Distributed Authorisation

In WP5 we defined a framework for access control and authorisation in a distributed environment where the access control decision is distributed among parties that might not trust each other completely.

We designed and prototyped flexible authorisation schemes, adapted to multi-party transactions.

Verification and Assessment

WP6 worked towards formalisation of the MAFTIA conceptual model. It employed existing methods and tools to assess new MAFTIA mechanisms, and developed a novel combination of existing approaches to the validation of cryptographic mechanisms.