Write Once Read Many (WORM) properties for storage devices are desirable to ensure data immutability for applications such as secure logging, regulatory compliance, archival storage, and other types of backup systems. WORM devices guarantee that data, once written, cannot be altered or deleted. However, implementing secure and compatible WORM storage remains a challenge. Traditional solutions often rely on specialized hardware, which is either costly, closed, or inaccessible to the general public. Distributed approaches, while promising, introduce additional risks such as denial-of-service vulnerabilities and operational complexity. We introduce Socarrat, a novel, cost-effective, and local WORM storage solution that leverages a simple external USB device (specifically, a single-board computer running Linux with USB On-The-Go support). The resulting device can be connected via USB, appearing as an ordinary external disk formatted with an ext4 or exFAT file system, without requiring any specialized software or drivers. By isolating the WORM enforcement mechanism in a dedicated USB hardware module, Socarrat significantly reduces the attack surface and ensures that even privileged attackers cannot modify or erase stored data. In addition to the WORM capacity, the system is designed to be tamper-evident, becoming resilient against advanced attacks. This work describes a novel approach, the Reverse File System, based on inferring the file system operations occurring at higher layers in the host computer where Socarrat is mounted. The paper also describes the current Socarrat prototype, implemented in Go and available as free/libre software. Finally, it provides a complete evaluation of the logging performance on different single-board computers.

翻译：存储设备的一次写入多次读取（WORM）特性对于确保安全日志记录、法规遵从、归档存储及其他备份系统应用中的数据不可变性至关重要。WORM设备能保证数据一经写入即不可篡改或删除。然而，实现安全且兼容的WORM存储仍是当前面临的挑战。传统解决方案通常依赖专用硬件，这些方案要么成本高昂，要么属于封闭系统，或对公众难以获取。分布式方法虽具前景，但会引入拒绝服务漏洞和操作复杂性等额外风险。本文提出Socarrat——一种新颖、经济、本地的WORM存储解决方案，其利用简易的外部USB设备（具体而言，是支持USB On-The-Go功能的Linux单板计算机）。该设备可通过USB连接，呈现为采用ext4或exFAT文件系统格式的普通外接磁盘，无需任何专用软件或驱动程序。通过将WORM强制机制隔离在专用USB硬件模块中，Socarrat显著减少了攻击面，确保即使具备特权的攻击者也无法修改或擦除已存储数据。除WORM功能外，该系统还具备防篡改特性，能够抵御高级攻击。本研究提出基于反向文件系统的新方法，通过推断主机计算机中Socarrat挂载点上层发生的文件系统操作来实现。本文同时描述了当前采用Go语言实现并以自由/开源软件形式提供的Socarrat原型系统，最后对不同单板计算机上的日志记录性能进行了全面评估。