Skip to content

Instantly share code, notes, and snippets.

@mgrube

mgrube/ThreatModel.Md

Created August 14, 2018 19:27
Show Gist options
  • Save mgrube/231f9f2ab09c7126411122d2f1ef9b23 to your computer and use it in GitHub Desktop.
Save mgrube/231f9f2ab09c7126411122d2f1ef9b23 to your computer and use it in GitHub Desktop.
Download ZIP
Threat Model
Raw
ThreatModel.Md

Phage is designed to allow individuals and groups to privately communicate and conduct transactions in a resilient and anonymous way.

Though Phage is designed to maintain anonymity and privacy, there are certain attacks it cannot defend against.

What Phage Should Defend Against

Phage is designed to prevent Eavesdropping, Network Traffic Attribution and DoS attacks on the marketplace.

This means that Phage aims to provide forward-secret messaging and file transfer while maintaining the anonymity of the poster and allowing group collaborating and discussion.

What Phage Cannot Defend Against

There are certain threats that should be accounted for to ensure effective use of the Phage marketplace. Some severe risks that Phage is inherently not designed to defend against are:

  1. Software backdoors in the JVM or OpenJDK, associated libraries, the host operating system or any software that Phage is used with.
  2. Hardware backdoors on the computer of the operator.
  3. Undiscovered 0day vulnerabilities in any of the aforementioned software
  4. Any adversary who can remotely make contact with the Phage operator
  5. Advanced Cryptanalysis by world-leading agencies
  6. Any adversary who can view the flow of all network traffic in real time
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment