WOFS (Write Only Filesystem)

Inspiration

The first thing any malicious hacker does after hacking into a server is to wipe the logs so that they can't be traced. With a normal system, this is trivial-just rm -rf the logs folder. With WOFS, this is impossible. With WOFS, not only can an attacker not delete the logs-they also can't even view the logs. This leaves the hacker completely in the dark about whether or not their attacks are being traced thereby empowering companies to better detect and stop security breaches.

What it does and how it works

WOFS works via FUSEpy, a python library for creating a Filesystem in UserSpace (FUSE). It overrides the write file functionality to transparently encrypt all data with a PGP public key. Furthermore, everytime a file is modified a diff is sent to a remote server over an SSL pinned and password authenticated socket. This server can be locked down so as to ensure that the logs are completely secure.

When a sysadmin wants to review the logs on their server, they download the encrypted logs to their own secure machine and use their securely stored PGP private key to view the logs.

What's next for WOFS (Write Only Filesystem)

We've personally heard engineers from a variety of companies express interest in this idea so at this point we believe the next step is raising awareness of WOFS so that companies can deploy it on their servers. Through deploying WOFS, companies will be able to ensure that they will always be able to trace the source of any security breaches. This improves not only the security of individual companies, but all companies through greater awareness of how hackers are exploiting systems.

All of our code is released and documented on Github under a MIT license, so companies can easily deploy WOFS to their servers. We are also prepared to provide support and program new features as needed to increase deployment of WOFS.

Built With

• fuse
• gpg
• python