Malicious-and Accidental-Fault Tolerance for Internet Applications
IST Research Project IST-
1 January 2000 - 28 February 2003

Check out a summary of the project, or browse through the original project proposal.

MAFTIA involved experts from 5 countries and 6 organisations. The Industrial Advisory Board provided valuable feedback on the work of the project.

Research was organised into six workpackages.

Find out more about the key scientific results and achievements, and the benefits of this research collaboration.



Final Workshop
 Held at Newcastle University, 18-19 February, 2003.



Deliverables
 All the MAFTIA deliverables in one place.



Publications
 A list of MAFTIA-related papers published by members of the project.



http://www.research.ec.org/dsos/index.html

http://www.research.ec.org/cabernet/

Key Scientific Results and Achievements

MAFTIA's results and achievements include:

  • a conceptual model and architecture for intrusion tolerance that bridges the gap between dependability and security
  • a set of mechanisms and protocols for achieving intrusion tolerance, namely:
    • a modular and scalable suite of middleware protocols for secure group communication.
    • an architecture for a large-scale distributed intrusion detection system, which is itself intrusion-tolerant and uses a comprehensive approach to reduce the rate of false positives and false negatives
    • a blueprint for building generic trusted third-party services using state machine replication.
    • the design and implementation of an intrusion-tolerant distributed authorization service.
  • the formal verification and assessment of selected components of the MAFTIA middleware, using a rigorous model for reactive cryptographic systems that allows for formal specification and verification of security properties under a standard cryptographic semantics

Below is a brief description of the key ideas that underpinned the results of the MAFTIA project, with an emphasis on those areas that illustrate collaboration between partners and integration across disciplines. The MAFTIA deliverables contain full technical details of the work.
Conceptual Model

The development of the MAFTIA conceptual model was led by LAAS but involved all the partners. The aim of this work was to develop a unified set of terminology and concepts that brings together ideas from the dependability community, the security community, and the intrusion detection community. In particular, the MAFTIA conceptual model is based on a refinement of the core dependability concepts with respect to malicious faults, and re-interprets traditional approaches to building dependable systems in a security context. It also shows how intrusion detection systems relate to the dependability notions of error detection and fault diagnosis, and develops an integrated framework for building intrusion tolerant systems. [ More... ]

Architecture

Work on the MAFTIA architecture was led by Lisbon, but again involved most of the partners. The MAFTIA architecture was developed using a number of guiding principles: hybrid failure assumptions, recursive use of fault prevention and fault tolerance techniques, and the notion of trusting components to the extent of their trustworthiness. A crucial aspect of any fault-tolerant architecture is the fault model upon which the system architecture is conceived, and component interactions are defined. MAFTIA is based on a composite fault model with hybrid failure assumptions in which the presence and severity of vulnerabilities, attacks and intrusions varies from component to component. The failure assumptions are in fact enforced by the architecture and the construction of certain trustworthy system components, and thus substantiated. [ More... ]

Mechanisms and Protocols

Within the context of the MAFTIA conceptual model and architecture, a number of mechanisms and protocols for building intrusion tolerant applications and services were developed by IBM, Lisbon, LAAS and Newcastle. These depend on the notion of distributing trust so as to avoid placing too much trust in any one component of the system. By its very nature, intrusion tolerance requires a "defence in depth" approach, and there can be no single point of failure. However, one of the difficulties that has to be overcome in designing such mechanisms is avoiding the apparent conflict between reliability and secrecy - naïve replication of secrets makes it easier for an attacker to breach confidentiality. [ More... ]

Verification and Assessment

The verification and assessment work within MAFTIA was largely performed by Saarland and QinetiQ, but involved close collaboration with other partners whose protocols and mechanisms were being verified, notably IBM and Lisbon. The goals of the verification and assessment work were three-fold:

  • to develop a rigorous model of selected malicious- and accidental-fault tolerance concepts
  • to formalize some properties and protocols in the language CSP and verify them with a model checker
  • to investigate how cryptography can be integrated into such formalizations in a faithful way

[ More... ]

Expected Impact

The broad area of security and trustworthiness is increasingly seen as being vital for the success of the Information Society. As a pioneering project in the field of intrusion tolerance, MAFTIA has already been very visible in the scientific community, and has made major contributions to a number of EU/US collaboration workshops in the general area of dependability and survivability. Some of the results from IBM's work on improving the quality of intrusion detection systems have already found their way into products, and a number of patents have been taken out. Several of the MAFTIA partners are actively seeking collaboration with industry to develop their research prototypes further, and the longer term research agenda will be carried forward in a number of research proposals submitted to FP6 by members of the MAFTIA consortium.