The Reverse File System: Towards open cost-effective secure WORM storage devices for logging
Gorka Guardiola Múzquiz, Juan González-Gómez, Enrique Soriano-Salvador
TL;DR
The paper tackles the challenge of cost-effective, open, and secure WORM storage for logging by introducing Socarrat, a local USB-based device that uses the Reverse File System to infer and enforce append-only writes to designated log files. It couples this hardware-assisted WORM mechanism with SealFS to provide forward integrity, enabling tamper-evident logs even under host compromise. The authors implement a Go-based prototype supporting ext4 and exFAT, evaluate it across multiple single-board computers, and discuss trade-offs related to file-system journaling and coherency. This work offers a practical, open-source path to tamper-evident logging suitable for offline or disconnected environments, with clear directions for future optimization (e.g., ublk or netlink interfaces).
Abstract
Write Once Read Many (WORM) properties for storage devices are desirable to ensure data immutability for applications such as secure logging, regulatory compliance, archival storage, and other types of backup systems. WORM devices guarantee that data, once written, cannot be altered or deleted. However, implementing secure and compatible WORM storage remains a challenge. Traditional solutions often rely on specialized hardware, which is either costly, closed, or inaccessible to the general public. Distributed approaches, while promising, introduce additional risks such as denial-of-service vulnerabilities and operational complexity. We introduce Socarrat, a novel, cost-effective, and local WORM storage solution that leverages a simple external USB device (specifically, a single-board computer running Linux with USB On-The-Go support). The resulting device can be connected via USB, appearing as an ordinary external disk formatted with an ext4 or exFAT file system, without requiring any specialized software or drivers. By isolating the WORM enforcement mechanism in a dedicated USB hardware module, Socarrat significantly reduces the attack surface and ensures that even privileged attackers cannot modify or erase stored data. In addition to the WORM capacity, the system is designed to be tamper-evident, becoming resilient against advanced attacks. This work describes a novel approach, the Reverse File System, based on inferring the file system operations occurring at higher layers in the host computer where Socarrat is mounted. The paper also describes the current Socarrat prototype, implemented in Go and available as free/libre software. Finally, it provides a complete evaluation of the logging performance on different single-board computers.