Kudelski Security company specializing in the security audit, published oramfs with the implementation of the Oram (Oblivious Random Access Machine) Masking Data Access Character (Data Access Pattern). The project proposed a FUSE module for Linux with a FS layer implementation that does not allow to track the structure of record and read operations. The ORMFS code is written in the language of Rust and spreads under licenses gplv3.
ORAM technology implies the creation of another layer in addition to encryption that does not allow to determine the nature of the current activity when working with data. For example, in the case of encryption when storing data in third-party service, the owners of this service cannot find out the data themselves, but they can determine which blocks the appeal is carried out and what operations are performed. Oram hides information about which parts of the FS access and which operation is performed (reading or writing).
Oramfs provides a universal file system, which allows you to simplify the storage organization on any external storage facilities. The data is stored in an encrypted form with the optional authentication possibility. For encryption, Chacha8, AES-CTR and AES-GCM algorithms can be used. Patterns when accessing and reading is hidden using the Path Oram . In the future, the implementation of other schemes is scheduled, but in the current form, the development is still at the prototype stage, which is not recommended to use in working systems.
oramfs can be used with any FS and does not depend on the type of target external storage – it is possible to synchronize files to any service that can be configured in the form of a local directory (SSH, FTP, Google Drive, Amazon S3, Dropbox, Google Cloud Storage, Mail .ru Cloud, Yandex.Disk and other services supported by rclone or for which there are fuse-modules for mounting). The size of the storage is not fixed and, if necessary, the size of ORAM can dynamically increase.