Problem
Host security policies are difficult to enforce consistently when user-space agents can miss kernel-level behavior.
一个使用 eBPF(扩展伯克利包过滤器)并支持 CO-RE(一次编译,到处运行)的安全策略执行原型。
基于 2026 年 5 月 31 日的公开 GitHub 仓库数据测量。
Host security policies are difficult to enforce consistently when user-space agents can miss kernel-level behavior.
A user-space policy controller feeds pinned BPF maps and ring buffers while eBPF LSM hooks enforce or audit file, process, and socket activity.
CO-RE portability, kernel verifier checks, policy signing, and audit-first rollout reduce the risk of unsafe kernel instrumentation.
The prototype shows a path to low-overhead kernel-level policy enforcement with observable audit output.
该项目使用 C++ 和 eBPF 技术开发。它通过 CO-RE 在不同 Linux 内核版本之间实现无需重新编译的可移植性,并提供低开销的内核级安全策略执行能力。
内核级企业安全能力。Aegis 以极低开销提供对系统行为的深度可见性与控制,帮助您利用先进的 eBPF 技术保护基础设施免受高级持续性威胁。