Partner und Internationale Organisationen
(Englisch)
|
University of Newcastle upon Tyne (UK), Fundacao da Faculdade de Ciencias (P), The Secretary of State for defence acting through the Defence Evaluation and Research Agency (DERA) (UK), Universität des Saarlandes (D), Centre Nastional de la Recherche Scientifique (Délégation Midi-Pyrénées) (CNRS-LAAS) (F)
|
Abstract
(Englisch)
|
Project MAFTIA investigates the dependability of distributed applications for very large and heterogeneous user populations; typical examples include electronic commerce, Internet auctions, and the IT infrastructure of large organizations. MAFTIA is primarily interested in systems with high privacy or security demands. Such systems should ideally remain operational, providing the correct, intended service and protecting all confidential information from unauthorized access, even if accidental or malicious faults occur.Accidental faults result typically from hardware outages; coping with them and building reliable, dependable computer systems from unreliable components is relatively well understood today.On the other hand, intrusions and malicious attacks can be viewed as a new kind of 'malicious' fault, which has to be addressed by new methods. In current practice, repairing the effects of a malicious attack and resuming proper operation typically have to be done manually by the system administrators. It is the goal of MAFTIA to remedy this situation by investigating the tolerance paradigm in environments with security demands.Our approach, which we call intrusion-tolerance, complements the traditional paradigm of computer security, which typically aims at preventing intrusions completely, by the paradigms of fault tolerance. For example, most systems using a public-key infrastructure put all trust in one single trusted third party (the certification authority), and if this party fails then security can no longer be guaranteed. Complete protection of a trusted entity is either not practical or prohibitively expensive.MAFTIA aims at developing concepts, methods, and tools for dependable and trusted applications on the Internet, which can cope with accidental faults as well as with malicious attacks. It provides a general architecture for intrusion-tolerant systems, develops protocols for dependable middleware, builds the link to new methods for detecting intrusions, investigates distributed authorization services, and uses formal verification methods to validate its approach.In its second year, MAFTIA has formulated an integrated approach to intrusion tolerance and demonstrated several new key technologies to implement the approach.
|
