Created
August 14, 2018 19:27
-
-
Save mgrube/8bbd2f65104fc10cf9c9d37d57146ff0 to your computer and use it in GitHub Desktop.
Threat Model
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Phage is designed to allow individuals and groups to privately communicate and conduct transactions in a resilient and anonymous way. | |
| Though Phage is designed to maintain anonymity and privacy, there are certain attacks it cannot defend against. | |
| ## What Phage Should Defend Against | |
| Phage is designed to prevent Eavesdropping, Network Traffic Attribution and DoS attacks on the marketplace. | |
| This means that Phage aims to provide forward-secret messaging and file transfer while maintaining the anonymity of the poster and allowing group collaborating and discussion. | |
| ## What Phage Cannot Defend Against | |
| There are certain threats that should be accounted for to ensure effective use of the Phage marketplace. Some severe risks that Phage is inherently not designed to defend against are: | |
| 1. Software backdoors in the JVM or OpenJDK, associated libraries, the host operating system or any software that Phage is used with. | |
| 2. Hardware backdoors on the computer of the operator. | |
| 3. Undiscovered 0day vulnerabilities in any of the aforementioned software | |
| 4. Any adversary who can remotely make contact with the Phage operator | |
| 5. Advanced Cryptanalysis by world-leading agencies | |
| 6. Any adversary who can view the flow of all network traffic in real time |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment