What is INOCULUM?
INOCULUM is a research project that will explore secure-by-design storage systems that ensure full data recovery under ransomware attacks, while complying with the high-performance I/O needs of data-intensive applications and critical infrastructures.
The Vision
Cryptographic ransomware blocks access to users' data through encryption until a ransom is paid. Critical sectors (e.g., healthcare, finance, and governments) are increasingly targeted by these attacks, leading to high financial penalties and service disruption.
Current defenses share a structural weakness: they are reactive. Detection may miss attacks, or be too slow to prevent data loss. Periodic backups are expensive and done at regular intervals (e.g., daily, weekly). Both leave a window where data can be compromised. Cloud-based backups add cost, latency, and forces organizations to surrender data sovereignty.
INOCULUM explores a different approach: security is the primary design constraint, not an afterthought. Using Copy-on-Write (CoW), every data modification produces an immutable copy. Ransomware encryption always lands on a new version — the previous content is always intact, and recoverable — with no periodic snapshot schedule and no cloud service dependence.
INOCULUM targets high-performance storage appliances and data-intensive applications. Performance and cost-efficient I/O is attainable by exploring technologies, such as SPDK and io_uring, and data reduction techniques such as deduplication and compression. AI and heuristic-based algorithms are used to identify and increase protection on critical data under a ransomware attack.
Why Existing Defences Fail
Avoidance, detection, and backup-based recovery each carry a fundamental weakness that ransomware exploits.
Avoidance Falls Short
Access-control and hiding strategies are bypassed by user misconfigurations and ransomware injecting malicious code into trusted processes.
Detection Lags Behind
Signature and ML-based detection is reactive — data may already be encrypted before an alert fires, and new ransomware variants are built specifically to mimic benign I/O behaviour.
Backups Have a Gap
Periodic snapshots leave a window of unrecoverable data proportional to backup frequency. Cloud-based recovery adds per-GB cost, network latency, and GDPR sovereignty risks.
Secure-by-Design, High-Performance
A storage solution where ransomware cannot destroy your data — built for the throughput demands of real storage appliances.
No Backups Required
Copy-on-Write with a Write-Once-Read-Many strategy generates an immutable copy on every write. Full history is always present — no snapshots, no cloud, quicker recovery window.
Cost-Effective Storage
Explores compression and deduplication techniques to reduce storage costs. AI and heuristic-based algorithms are used to identify and increase protection on critical data under a ransomware attack.
Built for High-performance I/O
Explores efficient I/O via SPDK and io_uring to minimise CoW performance overhead and comply with the requirements of modern hardware and data-intensive applications.
Why It Matters
Critical Infrastructure
Healthcare, finance, and government organisations handling highly sensitive data can adopt digital services with confidence, knowing data is always recoverable — even under sophisticated attacks.
Data Sovereignty
On-premises, backup-free recovery eliminates the need for third-party cloud storage, keeping sensitive data within organisational boundaries and fully compliant with GDPR and sector-specific regulations.
New Research Direction
INOCULUM opens a research path at the intersection of storage systems and cybersecurity — shifting the community focus from reactive detection to proactive, storage-level immunity.