This paper presents the system model for the work on security in the Pasta project. We present the objectives of the security effort, the threats we will consider, and those we will not consider. As such, the paper describes the environment which applications must be prepared to face, and still provide users with the desired degree of privacy.