Would it be possible to whitelist some of System.Reflection? My engine uses it to scan for certain kinds of functions, and also to serialize the simulation's state, to store/restore the state and/or checksum it.
The main error I've been seeing so far is due to System.Reflection.MethodInfo not being whitelisted. I'd hope this wouldn't cause any security issues - this level of reflection only really lets you discover things at runtime which you could potentially have referenced explicitly.
On a related note, I also get whitelisting errors about ComVisibleAttribute, which is required by System.AttributeUsage, which in turn is pretty much required when you define custom attributes to mark members for later inspection by the reflection API. I don't see any security issues with ComVisibleAttribute so it feels like it ought to be OK to whitelist that. These things are all allowed in Unity's webplayer for example, which presumably has security concerns similar to your servers'.
If this sound OK on principle then I'd be happy to provide some sample code that exercises these features, so you can check you've whitelisted enough things to make the code work.
Thanks