A qualitative analysis of the intrusion-tolerance capabilities of the MAFTIA architecture

MAFTIA was a three-year European research project that explored the use of fault-tolerance techniques to build intrusion-tolerant systems. The MAFTIA architecture embodies a number of key design principles for building intrusion-tolerant systems, such as the notion of distributing trust throughout the system and limiting the extent to which individual components are trusted, and the aim of this paper is to illustrate these principles and demonstrate MAFTIA s intrusion-tolerance capabilities by showing how MAFTIA mechanisms and protocols might be deployed in a realistic context. We discuss the relationship between intrusion tolerance and fault tolerance, and then describe how the MAFTIA architecture could be used to build an intrusion-tolerant version of a hypothetical e-commerce application. Using fault trees, we analyse possible attack scenarios and show how MAFTIA mechanisms protect against them. We conclude the paper with a discussion of related work and identify areas for future research.