Flashproxy security models and resource management
This is the parent ticket for flashproxy security models and resource management. Other concerns like operational / implementation security should go elsewhere.
The flashproxy system consists of 4 types of entities: client, proxy, facilitator, and server.
The facilitator is a trusted entity, but clients and proxies may be malicious. The servers are actually unaware of the rest of the system, and their security considerations are identical to that of other non-flashproxy PT servers. (Indeed, the code for it is in a separate repository and looks more like a plain PT server).
So, we can group the issues that concern us into three distinct cases:
- from the proxy's POV, dealing with malicious clients
- from the client's POV, dealing with malicious proxies
- from the facilitator's POV, dealing with malicious clients and/or proxies.
The original flashproxy paper contains some attacks; we can explore this area further and form a threat model to address.