How to securely share data that is in a project tagged virtual machine

Posted October 22, 2021 by Samantha Dorfman ‐ 4 min read

This blog clarifies how to securely and successfully share data that is tagged with a project.

Project overview

Projects in tiCrypt serves as a security mechanism in that anything tagged by a project can only be viewed or managed by users who are part of that project. A project is a collection of security levels, which are a collection of security requirements. For example, a project may be called “USA” where the two security levels that compose this project are US citizen and US resident. If there is a government document within tiCrypt that should only be viewed by an individual who is part of the USA project, that document can be tagged by it and anyone who does not meet the requirements will not be able to view the document.

How to tag a project to a resource

  1. For security reasons, users should tag any resource to a project. The user must be part of the project in order to tag a resource to it. Navigate to the vault and select the file or directory that you would like to “classify.” Select the resource and click the clipboard icon as seen below.
Classify a resource.

Only users who have the project permissions can accomplish this task.
}

  1. It is most likely the case that this data will make its way into a virtual machine for research purposes. Navigate to the virtual machines tab and launch the virtual machine that is tagged by the same project.
If a resource is tagged by a project then that resource can ONLY go into a virtual machine that is tagged by that project. If a resource is tagged by something lesser than the project that tags the virtual machine, it can go in.
  1. Select the virtual machine that is tagged by the same project. In this example, we must locate the virtual machine that is tagged by “One”. Once launched, select the transfer icon as seen below. Import the files.
Transfer resources tagged by a project.
Please notice how both the resource that is tagged by the project and a resource that is tagged by nothing can go into this Virtual machine. If the virtual machine was not tagged by a project, then our tagged resource would not be allowed into the virtual machine.
Resources of same or lesser projects can go into a virtual machine that is tagged by a project.
  1. Once the data is ready to come out of the virtual machine for sharing purposes, the user should open the trasnfer panel as seen below. Let us remove both files that we just put into the virtual machine in the steps above. When we try to drag and drop, we see that we are unable to make this transfer.
Incorrect transfer from virtual machine.

The reason we cannot transfer these files is becuase once a resource goes into a virtual machine that is tagged by a project, those resources also get tagged by the project. In this example, one resource was tagged by a project and one was tagged by nothing. After going into the virtual machine, they both are tagged by the project.

  1. We must make a directory that is tagged by the project of the resources so that we can remove them. Go into the vault, create a new directory, and tag it by the project as seen below.
Create a directory tagged by the project.
  1. Navigate back to the virtual machine tab and open the transfer panel. Drag and drop the resources into the newly created directory as seen below.
Securely extract the data.
Please notice that transfering files to and from virtual machines and the vault does not remove them- it simply makes a copy. As seen in the video, both files remain in the virtual machine once they are dragged into the new directory.
  1. Navigate back to the vault and select the directory you just made. At this point, you can either share the directory and its files with individuals who are part of the same project, or you can declassify the resource and share it with anyone regardless of the projects that they are a part of.

To declassify the project, right click on it and click on the declassify button the same way we classified the resource earlier in the blog.