MIT and Stanford researchers develop operating system with one major promise: Resisting ransomware

Computer science researchers at MIT and Stanford are developing an operating system with built-in cybersecurity defenses.
Getty Images

Some of the biggest names in modern computing — including a winner of the prestigious Turing Award — are betting on a new type of operating system they say will be resilient against common cyberattacks and bounce back from ransomware infections within minutes.

Those are bold claims. But the people behind the project include Michael Stonebraker, a serial tech entrepreneur and computer scientist at the Massachusetts Institute of Technology whose groundbreaking work on database systems earned him the Turing honor in 2015. He’s teaming up with Matei Zaharia, an associate professor at Stanford University and creator of the Apache Spark project, and Jeremy Kepnew, head of the MIT Lincoln Laboratory Supercomputing Center.

“It’s a total new paradigm,” said Michael Coden, associate director of cybersecurity at MIT Sloan School of Management, who took a part-time position at Boston Consulting Group as senior adviser in order to help lead the database-oriented operating system, or “DBOS” for short.

“The revolution here is turning the operating system upside down,” he said. “You get detection internally without external cybersecurity tools or analytics engines more quickly and you can roll back to the pre-attack state for business continuity within minutes or seconds without having to go and do restores. It’s kind of like revolutionary.”


Stonebraker and Coden plan on demonstrating the open-source operating systems during the RSA Conference, the annual cybersecurity gathering San Francisco, next week and show in real time how it will bounce back from a simulated ransomware attack.

The system is structured around databases that save and track all events and changes occurring within the OS. That should mean that should mean recovering from ransomware simply means rolling back a machine to the previously safe state within minutes. With a file-based system, users still have to make backups of that data which, if not set up correctly, can also be infected with malicious malware. Additionally, recovery using those backups take up additional time, as well. Coden said that recovery can occur within minutes using the new systems.

The benefits are largely borne out of the fundamental difference between DBOS and Linux. Linux operates in a way where, essentially, everything on the system is a file. A folder is actually a file (as are the files in the folder) and even the mouse and keyboard has a file path. Although there are exceptions to the “everything is a file” idea within Unix, generally, that is the idea.

However, instead of everything being a file, the new OS operates from an “everything is a table” perspective. That’s because everything about the current session is kept on a database and this means that all changes to the systems are recorded, which comes in handy when a ransomware attack locks access to important data.

“We have a table where we do change capture on everything that happens to every data element in the system so we have a complete list of every change that’s occurred,” Coden said. The table structure also means that the database management system logs are all stored on a single file, in sequence with the same formatting, so searching for logs following a cyberattack or even just suspicious activity is a basic SQL query, Coden explained. “You can do anomaly detection blazingly fast.”


Using the data analytics program Splunk as an example, Coden said that the timetable to detect anomalies went from “several hours” to “hundreds of milliseconds.” “So higher accuracy, much quicker detection built into the operating system. No seven figure license for an external analytics engine.”

“The fundamental concept was we looked at a typical complicated application in a Linux Kubernetes environment and saw that the operating system was managing a million times more state variables than it was designed to,” Coden said. “[Linux] was invented about 40 years ago. It was to run on a single CPU … with maybe 128 kilobytes of memory.”

But while DBOS system boasts some impressive built-in cybersecurity protections, that wasn’t the initial goal. Stonebraker and Zaharia began working more than two years ago on the database-centered OS because they were annoyed at how slow and inefficient Linux systems moved once it reaches a high enough number of programs and processes running. But the cybersecurity benefits is what attracted Coden to the project.

“I said wait a second, here you have a much smaller surface area to begin with — this is no Linux no Kubernetes starting with relational database built on a brand new kernel,” he said. “Because being a high availability database, it has the ability to rollback from any state to a previous state. It can detect an attack in hundreds of milliseconds, block the attack, and then you can roll back to the pre-attack state for business continuity in a matter of seconds. You don’t have to go and get backups from yesterday or last week.”

There is still a ways to go. The operating system is currently using a micro-kernel from Linux so it’s not complete just yet and there isn’t a typical desktop experience for casual users. So far, development of the OS has been primarily led by around 20 researchers from MIT and Stanford with people such as Stonebraker, Zaharia and Kepnew. But they also want people to contribute to the open-source project, Coden said. “We want to get everybody to go to the GitHub site and download the software and try it. We want to get feedback from the community.”


Correction April 21, 2023: This article has been updated to correct Michael Coden’s position at Boston Consulting Group.

Latest Podcasts