4.1.2. Access-Control Module

The access-control module is implemented as a root daemon that performs write/delete protection for the files produced by the version-control module each time a file version is created. This is achieved by running the chattr command (Change Attribute) with root privileges. chattr is a command line in Linux that is used to set/unset specific attributes to a file in a Linux environment to secure accidental deletion or modification of important files and folders, even by root users. Through this process, file snapshots are protected from corruption or deletion by using the change file attribute permissions with the immutable flag (i) under the Linux environment, preventing any user, including the root, from accidentally modifying and/or deleting files. An example using this command is shown in Figure 4.

**Figure 4.** An example using chattr command to perform file write/delete protection.

It is important to note that the default setting for standard users is assumed to be nonadmins, with the access-control module configured as a system daemon with root access privileges executing the chattr command; this would inherently ensure the protection of newly created versions in the version-control directory. Any attempt to modify or delete a protected file will not be permitted, as shown in the example in Figure 5. This is considered a valid setting for two reasons: (i) users usually do not log into their systems as admins. In fact, one of the best practices of computer usage emphasizes that users never log in as admins. (ii) A recent report showed that 90% of ransomware instances in the wild could infect systems and encryp<sup>t</sup> files without administrative privileges [58]. This indicates that while users log in as non-admins, there is still a high possibility that Ransomware may encryp<sup>t</sup> their files. In our proposed solution, ensuring a specific access control process with administrative privileges will protect files created/edited by non-admin users.

**Figure 5.** The file is immutable when trying to write or delete.

### *4.2. Recovery from Ransomware Attack*

The focus of our framework for ransomware recovery is all about maintaining control of the latest possible versions of the files. As the proposed framework preserves protected versions of the files, we can gain access to the files in case of a ransomware attack. The result of the attack will corrupt the original file or even delete it. However, self-healing is achieved using the proposed SH-VARR framework by retrieving the protected version for each file stored in the version-control directory. In case the original file is deleted or encrypted by Ransomware, our SH-VARR framework allows immediate recovery of the last protected version of the file(s) involved, fulfilling the self-healing property. Based on the proposed framework, the protected snapshots will not be affected and can be recovered under root privileges assumed to be protected. The recovery process is performed by removing the sticky bit attribute to ensure that the file extension is .odt. Recovering a file from the protected versions directory is performed as follows:


### *4.3. Implementation Challenges and Limitations*

Throughout this work, we conducted several experiments to ascertain that our goal of keeping a protected version of our XML-based files was achieved. Having set out to build a distributed version-aware control system for XML-based documents that ensures portability that would not depend on a centralized repository, the implemented approach was indeed found to warrant portability as it keeps a link to the original file as described above. During the implementation phase, the system was found to experience certain limitations, which can be summarized as follows:

