MAFTIA: Malicious- and Accidental-Fault Tolerance for Internet Applications

From Navigators

Jump to: navigation, search

The MAFTIA project will investigate the dependability of large distributed applications thus addressing one of the four key issues of the IST Programme and in particular the main objectives of CPA2. Its major innovation is a comprehensive approach for tolerating both accidental faults and malicious attacks in such systems, including attacks by external hackers and by corrupt insiders. The objectives of the project will evolve under the guidance of an Industrial Advisory Board, representing a cross-section of the industrial organizations which can best exploit MAFTIA's ideas. Board members will provide "use cases" based on actual or planned major systems and on realistic threat scenarios; as the project progresses they will play an ever-increasing role in providing exploitation routes for the results. Deliverables will include demonstrations and prototypes of several accident- and attack-tolerant security mechanisms and services.


MAFTIA will investigate the 'tolerance paradigm' systematically, to propose an integrated architecture built on this paradigm, and to realise a concrete design used to support the dependability of many applications. Therefore, we will work on three broad categories of objectives related to, (i) the architecture of MAFTIA: providing a framework that ensures the dependability of distributed applications in the face of a wide class of faults and attacks, (ii) the design of mechanisms and protocols: providing the required building blocks to implement large scale dependable applications: this will be addressed by means of four subclasses of objectives, dependable middleware, large scale intrusion detection systems, dependable trusted third parties and distributed authorisation mechanisms (iii) the assessment of our work: rigorously defining the basic concepts developed by MAFTIA and verifying results of the work on dependable middleware.

Approach and Methods

MAFTIA is structured into six technical Workpackages (WP). WP1 will concentrate on the conceptual model and architecture of attack tolerance. The largest body of work will be carried out in designing mechanisms and protocols. This constitutes the next four work packages. The first two are dealing with enabling technologies while the last two are concerned with application-level technologies. WP2 will develop a modular and scalable cryptographic group-oriented middleware suite, suitable for supporting reliable multi-party interactions under partial synchrony models and subject to malicious as well as accidental faults. We will also develop a framework for building attack-tolerant transactional systems that are as resilient to attacks as they are to accidental faults. WP3 will investigate how Intrusion Detection Systems (IDSs) can benefit from fault injection methods, diversity from combining several systems, and distributed reasoning. The design of an IDS that is itself secure and attack-tolerant will be addressed building on results of WP2. In WP4 we will design a generic architecture for dependable TTP services based on results from WP2. We will specify the necessary services that the TTP needs to provide, then we will implement the protocols in the first prototype and finally provide an integrated demonstrator for the TTP in the PKI scenario and in the fair exchange scenario. In WP5, we will define a framework for access control and authorisation in a distributed environment where the access control decision is distributed among parties that might not trust each other completely. We will design and prototype flexible authorisation schemes, adapted to multi-party transactions. The assessment part forms WP6, in which we plan to work towards formalisation of the MAFTIA conceptual model, employ existing methods and tools to assess new MAFTIA mechanisms, and develop a novel combination of existing approaches to the validation of cryptographic mechanisms.


  • Miguel Correia, Nuno Ferreira Neves, Lau Cheuk Lung, Paulo Verissimo, “Low Complexity Byzantine-Resilient Consensus”, Missing institution, Tech. Rep., Oct. 2003. Technical Report DI/FCUL TR-03-25, Department of Computer Science, University of Lisbon. August 2003

  • J. Armstrong, C. Cachin, Miguel Correia, A. Costa, Hugo Miranda, Nuno Ferreira Neves, Nuno Miguel Neves, J. A. Poritz, B. Randell, Lau Cheuk Lung, Luís Rodrigues, R. J. Stroud, Paulo Verissimo, M. Waidner, I. S. Welch, “Complete Specification of APIs and Protocols for the MAFTIA Middleware”, Missing institution, Tech. Rep., Jul. 2002. Technical Report DI/FCUL TR-02-11, Department of Computer Science, University of Lisbon. jULY 2002

  • Paulo Verissimo, Nuno Ferreira Neves, Miguel Correia, “The middleware architecture of MAFTIA: A blueprint”, in In Proceedings of the IEEE Third Information Survivability Workshop (ISW-2000), Boston, Massachusetts, USA, October 2000., Oct. 2000.

  • Paulo Verissimo, Nuno Ferreira Neves, Miguel Correia, “The middleware architecture of MAFTIA: A blueprint.”, Missing institution, Tech. Rep., Sept. 2000. Technical Report DI/FCUL TR 00-6, Department of Computer Science, University of Lisbon, September 2000.

  • C. Cachin, J. Camenisch, M. Dacier, Yves Deswarte, J.Dobson, D. Horne, K. Kursawe, J.-C. Laprie, J.-C. Lebraud, D. Long, T. McCutcheon, J. Muller, F. Petzold, B. Pfitzmann, D. Powell, B. Randell, M. Schunter, V. Shoup, Paulo Verissimo, G. Trouessin, R. J. Stroud, M. Waidner, I. S. Welch, “MAFTIA: Reference Model and Use Cases”, Missing institution, Tech. Rep., Aug. 2000. Technical Report DI/FCUL TR-00-5. Department of Computer Science, University of Lisbon. August 2000


Navigators - MAFTIA project
Personal tools
Navigators toolbox