The Vision

Cryptographic ransomware blocks access to users' data through encryption until a ransom is paid. Critical sectors (e.g., healthcare, finance, and governments) are increasingly targeted by these attacks, leading to high financial penalties and service disruption.

Current defenses share a structural weakness: they are reactive. Detection may miss attacks, or be too slow to prevent data loss. Periodic backups are expensive and done at regular intervals (e.g., daily, weekly). Both leave a window where data can be compromised. Cloud-based backups add cost, latency, and forces organizations to surrender data sovereignty.

INOCULUM explores a different approach: security is the primary design constraint, not an afterthought. Using Copy-on-Write (CoW), every data modification produces an immutable copy. Ransomware encryption always lands on a new version — the previous content is always intact, and recoverable — with no periodic snapshot schedule and no cloud service dependence.

INOCULUM targets high-performance storage appliances and data-intensive applications. Performance and cost-efficient I/O is attainable by exploring technologies, such as SPDK and io_uring, and data reduction techniques such as deduplication and compression. AI and heuristic-based algorithms are used to identify and increase protection on critical data under a ransomware attack.

Acronym
INOCULUM
Reference
NORTE2030-FEDER-00868400
Principal Investigator
Host Institution
INESC TEC · University of Minho
Timeline
May 2026 – May 2029 · 36 months
Keywords
Storage Systems Ransomware Cybersecurity Copy-on-Write SPDK io_uring AI

Why Existing Defences Fail

Avoidance, detection, and backup-based recovery each carry a fundamental weakness that ransomware exploits.

Avoidance Falls Short

Access-control and hiding strategies are bypassed by user misconfigurations and ransomware injecting malicious code into trusted processes.

Detection Lags Behind

Signature and ML-based detection is reactive — data may already be encrypted before an alert fires, and new ransomware variants are built specifically to mimic benign I/O behaviour.

Backups Have a Gap

Periodic snapshots leave a window of unrecoverable data proportional to backup frequency. Cloud-based recovery adds per-GB cost, network latency, and GDPR sovereignty risks.

Secure-by-Design, High-Performance

A storage solution where ransomware cannot destroy your data — built for the throughput demands of real storage appliances.

No Backups Required

Copy-on-Write with a Write-Once-Read-Many strategy generates an immutable copy on every write. Full history is always present — no snapshots, no cloud, quicker recovery window.

Cost-Effective Storage

Explores compression and deduplication techniques to reduce storage costs. AI and heuristic-based algorithms are used to identify and increase protection on critical data under a ransomware attack.

Built for High-performance I/O

Explores efficient I/O via SPDK and io_uring to minimise CoW performance overhead and comply with the requirements of modern hardware and data-intensive applications.

Why It Matters

Critical Infrastructure

Healthcare, finance, and government organisations handling highly sensitive data can adopt digital services with confidence, knowing data is always recoverable — even under sophisticated attacks.

Data Sovereignty

On-premises, backup-free recovery eliminates the need for third-party cloud storage, keeping sensitive data within organisational boundaries and fully compliant with GDPR and sector-specific regulations.

New Research Direction

INOCULUM opens a research path at the intersection of storage systems and cybersecurity — shifting the community focus from reactive detection to proactive, storage-level immunity.

INOCULUM with reference 15032 (NORTE2030-FEDER-00868400) is co-funded by the ERDF – European Regional Development Fund through North Regional Program – NORTE 2030 under the scope of Portugal 2030 and by National Funds through the FCT – Fundação para a Ciência e a Tecnologia, I.P. (Portuguese Foundation for Science and Technology).