Unlike most systems, tiCrypt protects user-data cryptographically with end-to-end encryption. This means that even if an attacker gains access (via the internet, or physically breaking into the data facility) to the servers, they can steal all the encrypted gibberish they like but they will not have access to any files except those they have decryption keys for, which are not stored on the server. However, basing every security measure on cryptographic functions like signing and encryption is not practical due to performance and ease-of-user concerns. Projects serve as a run-of-the-mill "who is allowed to access what" admin-organized protection system on top of the end-to-end-encryption guarantees.
Projects are the star of the show. When you associate a resource (file, group, etc.) with a project, we refer to that as tagging the resource with a project. Resources which are tagged with projects will then only allow certain people to access them. I will cover tagging and what "access" means in a dedicated section (the rules can get deceptively complicated when you try to be specific). First let's discuss what projects themselves look like.
A project is comprised of a security level plus a name and description, and a set of users who are members of the project. Optionally, a project may be a subproject of another project. Each project may have zero or more subprojects, and each of those may have zero or more subprojects, and so forth. Thus, projects form a tree/hierarchy.
Projects are a security tagging mechanism that allow for any type of resource (file, directory, drive, VM) to be protected, and only shared with other users who are part of that project. Once a resource or group has been tagged by a project label, the way it can be manipulated or accessed is significantly restricted.
Projects are a collection of security levels, which is made up of one or more security requirements.
Every project has a variety of project actions as follows:
|Add member||Allows users to grant other users memberships to the project.|
|Create subproject||Users can create a subproject of the selected project.|
|Edit Project||Users can edit the 'profile' information about a project such as the name, description, PI and security level.|
|Send Message||Users can send messages to all members of the project. The message will appear a a notification.|
|Delete Project||Users can delete a project.|
These actions can be accessed as seen in the video below.
The project info tab displays all of the information about a project. A user can see when the project was created, when it was last modified, the security level that it tags, and the Principal Investigator. The security requirements that make up the security level are also displayed. The video below displays how to access this information.
A user can add members to a project if they have the correct permissions to do so as seen below.
A subproject is a project that is branched off of a parent. Subprojects do not inherit any access restrictions from the parent. A user might be able to access resources tagged with a particular project, but not be able to access resources tagged with a parent project. Similarly, a subproject may have a completely different security level (set of requirements) than its parent project. They are completely independent when it comes to "who can access what", but the project hierarchy does determine who can tag resources with a particular project in the first place. Additionally, before you can add a user to a project (make them a member), they must a member of any ancestor projects (parent, parent's parent, etc.). To maintain this relationship, you also cannot remove a user from a project until you have removed them from any descendant projects. You can create a project as seen below.
A user may want to change the name, description, security level, or Principal Investigator of a project. They may do so in the "Edit project" tab.
A user can send a message to all users that have memberships to the project. The message will appear in notifications which can be accessed by clicking on the bell icon on the top right side of the screen.
A user can delete a project IF there is not a subproject of this project AND all the project does not have any members.
If a user is a member of a project, it means that they have a membership for that project. The Project Membership tab displays all of the Projects in the system, and each individual that has a membership for it. The projects are sorted by their colored tag as seen below. Users name's, date joined, and roles are also displayed. A user can be searched to determine all of the projects that they are a part of.
Resources by Project
Users can view resources used by each of the projects in which they are certified. There are no actions in this tab. It is simply a way to view resource usage.