In this report we present a first draft specification of the secure object storage tool (SECOSTOR). The tool comes with a clean architecture and easy to use modules and interfaces. All components are specified in detail for implementation and usage. All together this report specifies core functionality to build secure distributed storage systems on the basis of secret sharing with many additional features not found in comparable approaches. With its rich feature set it supports many possibilities for integration into cloud environments or other dynamic infrastructures, hence, it is a useful tool for service and application developers who want to leverage the technology.
The current draft specification in this document contains the overall architecture as well as two core software modules of the SECOSTOR tool. One module is a comprehensive secret sharing library comprising various encoding algorithms and the other module provides a robust concurrency layer for distributed transaction management. The two modules are intended to seamlessly work together and enable various options for deployment and integration into novel secure cloud storage services.
The architecture and protocols defined are based on the cryptographic work done in WP4, i.e. D4:1 and D4:2, and also build on the preliminary results of D5:1. This document presents a first version of the specification and will be superseded by D5:3 which provides and improved and final specification of the secure object storage tool. The software implementation of the specified components and protocols is covered in WP6 and the integration of the tool into cloud services is part of WP7. In particular, the capabilities of the tool will be demonstrated in two services which are going to be developed on the basis of the SECOSTOR tool and which will be piloted in two use cases during the last phase of the project.