Use Case 3: Optimised WebDav service for confidential storage

Partner: ARSYS
Overview
As many people share data over the Internet and WebDav is one of the most popular protocols to access shared storage services, the target of this use case is to provide equivalent level of service to those users who would like to store and share the encrypted version of their sensitive data. Thus, sharing access among multiple users to co-browse and co-edit the files (share resources in a multi-tenant setting), and ensuring confidentiality via encryption while keeping performance of the service in terms of storage efficiency by applying technologies such as data deduplication on encrypted files will be the core challenge of this use case.

Business Context
As a differentiator from all the different cloud storage business solutions offered in the international markets, the target of this use case is to provide Arsys cloud storage service with multi-tenancy access control and end-to-end data encryption, without compromising service efficiency and performance. Having these characteristics would provide a clear advantage against the rest of competitor solutions. In this use case, for the shared storage service, Arsys will incorporate TREDISEC multi-tenancy access control, data encryption and storage efficiency to its WebDav access service.

Technology Context
Currently Arsys uses GlusterFS as Cloud Storage, with four nodes constituting a storage cluster. All components of the storage cluster (servers, network connections and files) are redundant in order to avoid any single point of failure and to minimize downtime. Customers access their files through WebDav protocol over HTTPS, thus all information accessed over the Internet is encrypted. However, the storage cluster supports neither data encryption nor deduplication over encrypted data.

Expected Outcomes and Contribution of TREDISEC
The motivation of this use case is built upon three pillars: (i) enabling customers with multiple tenants to manage access control and share resources (this includes tenants with more than one user, where users have different permissions); (ii) enabling encryption to guarantee data confidentiality for the cloud storage; (iii) enhancing cloud storage efficiency over duplicated data. It is challenging to satisfy all three requirements at the same time. ARSYS expects that the outcome of TREDISEC will help to build a complete solution.