Opened 5 years ago

Closed 6 weeks ago

#10711 closed project (wontfix)

Flashproxy security models and resource management

Reported by: infinity0 Owned by: dcf
Priority: Medium Milestone:
Component: Archived/Flashproxy Version:
Severity: Normal Keywords: archived-closed-2018-07-04
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by infinity0)

This is the parent ticket for flashproxy security models and resource management. Other concerns like operational / implementation security should go elsewhere.

The flashproxy system consists of 4 types of entities: client, proxy, facilitator, and server.

The facilitator is a trusted entity, but clients and proxies may be malicious. The servers are actually unaware of the rest of the system, and their security considerations are identical to that of other non-flashproxy PT servers. (Indeed, the code for it is in a separate repository and looks more like a plain PT server).

So, we can group the issues that concern us into three distinct cases:

  • from the proxy's POV, dealing with malicious clients
  • from the client's POV, dealing with malicious proxies
  • from the facilitator's POV, dealing with malicious clients and/or proxies.

The original flashproxy paper contains some attacks; we can explore this area further and form a threat model to address.

Child Tickets

TicketStatusOwnerSummaryComponent
#5426closeddcfFacilitator: remember client registrationsArchived/Flashproxy
#7823closeddcfRate-limit facilitator interactionArchived/Flashproxy
#7945closeddcfModify facilitator to hand out multiple relays.Archived/Flashproxy
#8172closeddcfAdjust proxy polling interval to maintain desired level of serviceArchived/Flashproxy
#9949closeddcfhave each fp client register at multiple custom facilitatorsArchived/Flashproxy
#9964closeddcfclient registrations should expireArchived/Flashproxy

Change History (3)

comment:1 Changed 5 years ago by infinity0

Description: modified (diff)
Summary: Flashproxy security issuesFlashproxy security models and resource management

re-wording the description to clearly reduce the scope, which is what I originally meant

comment:2 Changed 8 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

comment:3 Changed 6 weeks ago by teor

Keywords: archived-closed-2018-07-04 added
Resolution: wontfix
Status: newclosed

Close all tickets in archived components

Note: See TracTickets for help on using tickets.