[tor-bugs] #10711 [Flashproxy]: Flashproxy security models and resource management (was: Flashproxy security issues)

Tor Bug Tracker & Wiki blackhole at torproject.org
Thu Jan 23 13:43:10 UTC 2014


#10711: Flashproxy security models and resource management
----------------------------+-----------------
     Reporter:  infinity0   |      Owner:  dcf
         Type:  project     |     Status:  new
     Priority:  normal      |  Milestone:
    Component:  Flashproxy  |    Version:
   Resolution:              |   Keywords:
Actual Points:              |  Parent ID:
       Points:              |
----------------------------+-----------------

Old description:

> This is the parent ticket for flashproxy security issues. The flashproxy
> system consists of 4 types of entities: client, proxy, facilitator, and
> server.
>
> The facilitator is a trusted entity, but clients and proxies may be
> malicious. The servers are actually unaware of the rest of the system,
> and their security considerations are identical to that of other non-
> flashproxy PT servers. (Indeed, the code for it is in a separate
> repository and looks more like a plain PT server).
>
> So, we can group the issues that concern us into three distinct cases:
>
> - from the proxy's POV, dealing with malicious clients
> - from the client's POV, dealing with malicious proxies
> - from the facilitator's POV, dealing with malicious clients and/or
> proxies.
>
> The original flashproxy paper contains some attacks; we can explore this
> area further and form a threat model to address.
>
> Availability and resource management come under this umbrella - bad
> resource management algorithms can be attacked. Actually, it will
> probably be the most complex sub-topic here, since it is not binary like
> other concerns such as confidentiality and authenticity.

New description:

 This is the parent ticket for flashproxy security models and resource
 management. Other concerns like operational / implementation security
 should go elsewhere.

 The flashproxy system consists of 4 types of entities: client, proxy,
 facilitator, and server.

 The facilitator is a trusted entity, but clients and proxies may be
 malicious. The servers are actually unaware of the rest of the system, and
 their security considerations are identical to that of other non-
 flashproxy PT servers. (Indeed, the code for it is in a separate
 repository and looks more like a plain PT server).

 So, we can group the issues that concern us into three distinct cases:

 - from the proxy's POV, dealing with malicious clients
 - from the client's POV, dealing with malicious proxies
 - from the facilitator's POV, dealing with malicious clients and/or
 proxies.

 The original flashproxy paper contains some attacks; we can explore this
 area further and form a threat model to address.

--

Comment (by infinity0):

 re-wording the description to clearly reduce the scope, which is what I
 originally meant

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10711#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list