slackFS - resilient and persistent information hiding framework

The ever-expanding cyberspace, driven by digital convergence, inadvertently broadens the attack surface. Savvy modern cybercriminals have embraced steganography as a key weapon. This paper introduces slackFS, a novel steganographic framework utilising file slack space for covert data concealment. Unlike prior methods focusing on individual files, slackFS hides entire filesystems, offering a structured means for data exfiltration. It ensures persistence across system reboots, robust detection resistance, portability, and minimal performance impact. Incorporating erasure-code-based fault-tolerance, slackFS enables recovery from partial loss due to accidental slack space overwriting. Prototype validation on Ubuntu 20.04 with ext4 filesystems as the cover medium and FAT16 as the hidden malicious filesystem is conducted. The study includes testing of three coding libraries and two Reed-Solomon erasure code implementations - VANDERMONDE and CAUCHY matrices - highlighting slackFS's resilience and effectiveness.