As depicted above, the SecCube project consists of 5 main layers, each
of them exporting its own API:
the FileCube layer handles the creation/ modification/ removal of
files within a SecCube. Its main task is to convert files into SecCube
records. At first, it is expected to offer only an extremely basic file
system API, with no more than support for file names and paths (e.g. no
ownership or rights). Later, this layer may evolve with additional
features, but note its intent is to remain simple, not get as complex
as "real" file systems such as ext2, ext3 or NTFS.
the ManageCube layer offers the highest view of SecCubes and
functions to manage them. It typically provides functions to configure
the SecCube's security settings, read/write/delete or list records.
Note this layer no longer deals with files but only with records.
SecCubes and records are respectively identified by SecCube identifiers
(scid) and record identifiers (rcid).
the BlockCube layer handles the data format of SecCubes. Indeed,
records have a variable size, but they are fragmented into several
fixed size blocks. A SecCube consequently consists of a list of such
blocks, more precisely, one INIT block (a particular block storing the
seccube's settings), one or more MAP blocks and several DATA blocks.
MAP blocks are used to index DATA blocks, which hold the payload data.
MAP blocks are created with pre-allocated entries. At first, each entry
point to no DATA block. They are called free entries. When a DATA block
is added, the entry is said to be occupied. When the MAP block is full,
a new one is created and chained to the previous MAP block. The
BlockCube layer handles this structure: INIT, MAP and DATA blocks.
the DumpCube layer is the lowest layer. It actually makes sure
the various INIT, MAP and DATA blocks are correctly written to the
chosen support. This layer can be seen as a kind of driver, dumping and
reading from hardware storage media. It converts INIT, MAP and DATA
blocks (SecCube's portable representation) to / from a sequence of
bytes or sectors the storage media can cope with.
FileCube System API
fs_mkdir: create a given directory name in a SecCube
fs_rmdir: removes a given directory from a SecCube
fs_mkfile: creates a given file within a given path, in a SecCube
fs_rmfile: removes a given file from a SecCube
fs_list: lists all file in a given path in a given SecCube
ManageCube API
sc_init: initializes a default SecCube
sc_configure: configure SecCube's security settings
sc_put: writes a given record to the SecCube
sc_get: reads a given record from the SecCube.
sc_del: removes a given record from the SecCube.
sc_list: lists existing records of the SecCube.
BlockCube API
bc_createinit: creates a new INIT block
bc_createmap: creates a new MAP block, chains this MAP block to the
previous MAP block, or to the INIT block.
bc_createdata: creates a new DATA block, and chain it to a free entry
of a MAP block.
bc_adddata: creates a new DATA block and chain it to a previous DATA
block.
bc_rmdata: delete a given DATA block and recursively delete all other
DATA blocks chained to it.
bc_unlinkdata: unlink a given DATA block from its parent
bc_rmmap: delete a given MAP block and recursively delete all chained
data.
bc_unlinkmap: unlink a given MAP block from its parent
DumpCube API
dc_readblock: read data from the media, and build the appropriate INIT,
MAP or DATA block out of it.
dc_writeblock: writes an INIT, MAP or DATA block to the media.
