KernelGuard
Back to Directory

Aegis-BPF

A runtime security engine built with eBPF CO-RE and LSM-based enforcement, designed for synchronous kernel-level protection.

CeBPFLinux KernelRust
Technical Overview

Implemented in C and Rust for memory safety and raw kernel performance. Utilizes eBPF CO-RE to ensure portability across different Linux kernel builds without requiring local recompilation on the target host.

Value Proposition

Enables deep, invisible synchronous container and host protection. As containerization abstracts the operating system, Aegis-BPF provides the highest tier of host-level enforcement with sub-millisecond overhead.

System Architecture

USER SPACE Application Process / Container Syscall Interface open / exec / connect Aegis Management Agent Policy Engine (Rust) BPF Map Config / Telemetry ── Kernel Boundary ── KERNEL SPACE eBPF Verifier Safety Checks / BTF LSM Hook Points bprm_check / file_open eBPF CO-RE Programs Enforce / Audit / Deny BPF Maps Policy Rules / Ring Buffer Decision: ALLOW / DENY Synchronous Enforcement LEGEND Control / Data Flow Enforcement Path Config / Policy Map User Space Kernel Shared
View Source Code