A study on the effectiveness of read-only root filesystems in mitigating persistent malware threats

المؤلفون

  • Nuha Omran Abokhdair Dept.Computer Science / Faculty of Science / University of Zawiya المؤلف
  • Thuraya Rajab Dept.Computer science / Faculty of Science / University of Sabratha المؤلف

DOI:

https://doi.org/10.65405/s2sqm281

الكلمات المفتاحية:

Persistent Malware; Read-only Root Filesystem; Immutable Operating Systems; File System Security; Docker Containers

الملخص

Persistent malware poses a serious challenge to operating systems due to its ability to remain active within a system over extended periods, even after reboot. This persistence enables sustained unauthorized access to system resources and data. In most cases, such behavior depends on the ability to introduce lasting modifications to system files—an inherent characteristic of traditional mutable systems. This highlights the need for approaches that address persistence at the system design level, rather than relying solely on detection after compromise.

This paper investigates the effectiveness of enforcing a read-only root filesystem as a means of limiting persistence. To this end, a controlled experimental setup was implemented using a container-based environment. Two configurations were examined: a standard mutable system and a second configuration designed to emulate immutability by enforcing read-only access to the root filesystem. A simple persistence-oriented scenario was used, in which attempts were made to write files into system directories.

The observations were consistent across all trials. In the mutable configuration, write operations targeting system directories such as /etc were successful, allowing modifications to remain after execution. In contrast, the read-only configuration prevented all such attempts, effectively blocking the introduction of persistent changes.

These results suggest that restricting write access at the filesystem level can significantly limit the ability of malware to establish persistence. While this approach does not eliminate all possible attack vectors, it directly constrains one of the primary mechanisms used to maintain long-term presence within a system.

التنزيلات

تنزيل البيانات ليس متاحًا بعد.

المراجع

[1] Z. Zhang, Y. Cheng, S. Nepal, D. Liu, Q. Shen, and F. Rabhi, “KASR: A Reliable and Practical Approach to Attack Surface Reduction of Commodity OS Kernels,” in Research in Attacks, Intrusions, and Defenses, M. Bailey, T. Holz, M. Stamatogiannakis, and S. Ioannidis, Eds., Cham: Springer International Publishing, 2018, pp. 691–710. doi: 10.1007/978-3-030-00470-5_32.

[2] B. A. S. Al-Rimy et al., “A Pseudo Feedback-Based Annotated TF-IDF Technique for Dynamic Crypto-Ransomware Pre-Encryption Boundary Delineation and Features Extraction,” IEEE Access, vol. 8, pp. 140586–140598, 2020, doi: 10.1109/ACCESS.2020.3012674.

[3] E. Reshetova, J. Karhunen, T. Nyman, and N. Asokan, “Security of OS-Level Virtualization Technologies,” in Secure IT Systems, K. Bernsmed and S. Fischer-Hübner, Eds., Cham: Springer International Publishing, 2014, pp. 77–93. doi: 10.1007/978-3-319-11599-3_5.

[4] Y. S. Putta, “Enhancing Docker Container Security,” masters, Dublin, National College of Ireland, 2024. Accessed: Jun. 12, 2026. [Online]. Available: https://norma.ncirl.ie/7145/

[5] Guihard, F., “Impact of operating systems on edge device: Benchmarking performance, reliability, and post-quantum readiness,” Master’s thesis, University of Turku, Turku, Finland, 2025.

[6] Böhm, Sebastian and Wirtz, Guido, “Immutable Operating Systems: A Survey,” Proceedings of the 15th ZEUS Workshop (ZEUS 2023), CEUR-WS.org, 2023.

[7] P. Caporaso, G. Bianchi, and F. Quaglia, “VaultFS: Write-once Software Support at the File System Level Against Ransomware Attacks,” Oct. 29, 2024, arXiv: arXiv:2410.21979. doi: 10.48550/arXiv.2410.21979.

[8] W. Felter, A. Ferreira, R. Rajamony, and J. Rubio, “An updated performance comparison of virtual machines and Linux containers,” in 2015 IEEE International Symposium on Performance Analysis of Systems and Software (ISPASS), Mar. 2015, pp. 171–172. doi: 10.1109/ISPASS.2015.7095802.

[9] Y. Zhang, A. Rajimwale, A. C. Arpaci-Dusseau, and R. H. Arpaci-Dusseau, “End-to-end Data Integrity for File Systems: A ZFS Case Study”.

[10] M. Momeu et al., “ISLAB: Immutable Memory Management Metadata for Commodity Operating System Kernels,” in Proceedings of the 19th ACM Asia Conference on Computer and Communications Security, Singapore Singapore: ACM, Jul. 2024, pp. 1159–1172. doi: 10.1145/3634737.3644994.

[11] S. Sultan, I. Ahmad, and T. Dimitriou, “Container Security: Issues, Challenges, and the Road Ahead,” IEEE Access, vol. 7, pp. 52976–52996, 2019, doi: 10.1109/ACCESS.2019.2911732.

]12[ The Role of Artificial Intelligence Technologies in Addressing Individual Differences among Basic Education Students in Libya. (2026). Al-Farooq Journal of Sciences, 2(3), 536-544. https://doi.org/10.65405/2gb8v408

التنزيلات

منشور

2026-06-05

إصدار

مجلد 11 عدد 41 (2026): مجلة العلوم الشاملة

القسم

المقالات

الرخصة

الحقوق الفكرية (c) 2026 مجلة العلوم الشاملة

Creative Commons License

هذا العمل مرخص بموجب Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.

كيفية الاقتباس

A study on the effectiveness of read-only root filesystems in mitigating persistent malware threats. (2026). مجلة العلوم الشاملة, 11(41), 466-478. https://doi.org/10.65405/s2sqm281

الأعمال الأكثر قراءة لنفس المؤلف/المؤلفين