VAOFS: A Verifiable Append-Only File System for Regulatory Compliance

Append-only file systems, with which data can only be updated in an append-only manner, are of great importance to the regulatory compliance requirements for storing immutable data. However, existing approaches fail to provide the verifiability of the append-only property of the file system in the presence of an inside attacker who can manipulate on-disk data directly, and thus are unsuitable for use in regulatory compliance. This paper presents the design and implementation of VAOFS, a Verifiable Append-Only File System for regulatory compliance. Verifiability is provided by a tamper resistant hardware device cooperating with an instrumented file system. Non-appending operations can be detected in an audit process. A time-based secure deletion method is also proposed to handle file deletion in VAOFS. Experiments with a prototype VAOFS called ext3ao built with ext3 show that the overhead of ext3ao is 53.0% compared with ext3; the audit process is efficient.