Status: Experimental prototype (alpha)
Sentinel VMI protects against fully compromised Ring 0 (kernel) operating systems, specifically targeting advanced rootkits and malicious firmware behavior.
In Scope: Kernel sys_call_table modifications, hidden processes, and unauthorized direct memory access (DMA).
Assumptions: The Hypervisor is trusted, isolated from the guest, and possesses an uncorrupted view of the hardware state. Nested Virtualization capabilities in the CPU are functional and secure.
Out of Scope / Limitations: Hypervisor breakout vulnerabilities (VM escape) and microarchitectural side-channels (e.g., Spectre, Meltdown) are out of scope.
Sentinel VMI is the hypervisor-assisted introspection layer of the unified Sentinel Stack. It operates below the Linux kernel using AMD-V hardware virtualization extensions and ARMv8 EL2 Virtualization Extensions. It assumes the guest OS is already compromised and enforces security from outside the trust boundary entirely.
Imagine the operating system kernel (Ring 0) is a vault inside a high-security building. If a rootkit gets inside the vault and locks the doors, traditional security cameras inside the vault can be turned off or blinded by the attacker.
Sentinel VMI puts the cameras inside the concrete walls and foundation of the building itself (The Hypervisor). Even if a rootkit takes total control of the operating system kernel, it is physically impossible for the rootkit to detect or disable Sentinel VMI, because Sentinel VMI controls the very hardware the kernel is running on.
- The hypervisor marks the kernel's
sys_call_tableas read-only at the hardware level (Nested Page Tables) - If a rootkit attempts to overwrite it, the CPU triggers a hardware fault (#NPF) that Sentinel VMI intercepts
- The rootkit's PID is identified and pushed to Hyperion XDP for low-latency network isolation
- The compromised process is flagged in Telos Runtime to trigger an immediate Network Slam
Important
The primary assumption of Sentinel VMI is that the guest operating system is entirely compromised. All telemetry generated by the guest kernel is considered inherently untrustworthy. Enforcement and introspection occur completely outside the guest's execution context, relying strictly on hardware-enforced memory translation regimes and architectural fault exceptions.
Sentinel VMI operates at the Hypervisor Exception Level (EL2 on ARMv8 or root mode on AMD-V). It leverages architectural registers to safely manipulate the guest environment, strictly controlling how the guest interprets memory.
graph TD
classDef userSpace fill:#1e1e1e,stroke:#3776AB,stroke-width:2px,color:#fff
classDef kernelSpace fill:#1e1e1e,stroke:#D22128,stroke-width:2px,color:#fff
classDef hyperSpace fill:#1e1e1e,stroke:#00ADD8,stroke-width:2px,color:#fff
classDef bridgeSpace fill:#1e1e1e,stroke:#E5C07B,stroke-width:2px,color:#fff
subgraph Ring_3 ["Ring 3 (Guest Userspace)"]
A["User Process"] -->|Syscall| K
end
subgraph Ring_0 ["Ring 0 (Guest Kernel - COMPROMISED)"]
K["Linux Kernel"] -->|Rootkit modifies| SCT[("sys_call_table")]
K -->|task_struct walk| TASKS[("Process List")]
end
subgraph Ring_Minus1 ["Hypervisor (TRUSTED)"]
SCT -.->|NPT Write Fault| NPF["#NPF Trap Handler"]
NPF --> ANALYSIS["Fault Analysis Engine"]
ANALYSIS -->|Legitimate| EMULATE["Emulate & Resume"]
ANALYSIS -->|Malicious| DETECT["Rootkit Detection"]
DETECT --> WALKER["Task Walker"]
WALKER -->|Identify PID| BRIDGE["Cross-Layer Bridge"]
end
subgraph Cross_Layer ["Cross-Layer Enforcement"]
BRIDGE -->|vmi_alert_map| TELOS["Telos Runtime"]
BRIDGE -->|vmi_alert_map| XDP["Hyperion XDP"]
TELOS -->|Network Slam| BLOCK1(("EPERM"))
XDP -->|XDP_DROP| BLOCK2(("Packet Drop"))
end
class A userSpace
class K,SCT,TASKS kernelSpace
class NPF,ANALYSIS,EMULATE,DETECT,WALKER,BRIDGE hyperSpace
class TELOS,XDP,BLOCK1,BLOCK2 bridgeSpace
Sentinel VMI is engineered in four progressive phases, each building on the previous:
Phase 1: Raw Memory Introspection
- KVM file descriptor management and kvmi-v7 API handshake
- Raw guest physical memory dump via
kvmi_read_physical() - Page table walker for guest virtual to physical address translation
- Guest physical address is not host physical address; KVM memslots are required to translate
Phase 2: Semantic Gap Bridging
- BTF-first offset loader with kernel-profile fallback for
task_structparsing - Process list walker from
init_taskthrough the entire linked list - Expanded extraction: PID, TGID, PPID,
comm,mm, files, namespaces, start time, flags - Credential parsing: uid/gid/euid/egid/capabilities
- Behavioral analytics: privilege transitions, orphan tasks, fork-bomb patterns, suspicious ancestry
Phase 3: NPT Guard (The Core Innovation)
- Nested Page Table manipulation via KVM ioctl
sys_call_tablephysical address resolution and NPT entry modification to mark page read-only at hypervisor level#NPF(Nested Page Fault) trap handler with fault analysis to distinguish legitimate kernel writes from rootkit modifications- Multi-region integrity baseline with periodic hash revalidation
- Optional IDT/GDT/LSTAR/kernel_text guard regions via runtime configuration
Phase 4: Cross-Layer Bridge
- Malicious PID detection from Phase 2 + Phase 3 combined
- Pinned eBPF map
vmi_alert_mapfor cross-layer signal propagation (PID to threat_level) - Signal to Hyperion XDP for low-latency drops on malicious PIDs
- Signal to Telos Runtime for taint elevation to
TAINT_CRITICAL - Producer orchestration policy with dedup and suspicious burst escalation
Note
Even a fully compromised kernel CANNOT modify sys_call_table. The hardware enforces the write protection. No kernel-level bypass exists because the enforcement originates from a higher privilege level than Ring 0.
VMI detects rootkit write to sys_call_table
-> identifies malicious PID via task_struct walk
-> writes PID to vmi_alert_map
-> Hyperion XDP reads map -> XDP_DROP all packets from PID
-> Telos Runtime reads map -> Network Slam
-> Zero bytes leave the machine
In AArch64/ARMv8 architectures, the hypervisor operates at EL2 and leverages Stage 2 memory translation. This regime dictates how the hypervisor maps Intermediate Physical Addresses (IPAs) to the actual hardware Physical Addresses (PAs).
This abstraction follows the translation path: VA -> IPA -> PA
The hypervisor manipulates specific EL2 system registers:
VTCR_EL2(Virtualization Translation Control Register): Controls the translation table walks required for stage 2 translation of memory accesses from Non-secure EL0 and EL1. Holds cacheability and shareability information. TheHDbit controls hardware management of the Access flag and dirty bit state. TheSL2field dictates the starting level of the stage 2 translation lookup.VTTBR_EL2(Virtualization Translation Table Base Register): Holds the base address of the translation tables utilized during the walk.
The S2AP field dictates the read, write, and execute constraints applied to guest memory pages at the hypervisor level. Sentinel VMI enforces these permissions to establish trapping mechanisms for sensitive kernel regions.
| S2AP[1:0] Encoding | Hardware Interpretation | Sentinel-VMI Enforcement Strategy |
|---|---|---|
0b00 |
No access permitted from lower Exception Levels | Completely isolates highly sensitive hypervisor pages from the guest OS |
0b01 |
Read/Write access permitted | Standard memory mapping applied to general guest OS data segments |
0b10 |
Read-only access permitted | Enforced on guest code pages to ensure execution integrity and trap unauthorized modifications |
0b11 |
Read-only access permitted | Redundant read-only state utilized for specific trap-and-emulate topologies |
When a memory access violates the S2AP constraints, a synchronous exception is triggered and routed to EL2. The hypervisor relies on ESR_EL2 (Exception Syndrome Register) for fault cause information and HPFAR_EL2 (Hypervisor IPA Fault Address Register) for the faulting IPA.
Warning
Architectural Errata: According to the ARM Architecture Reference Manual, the value of HPFAR_EL2 becomes UNKNOWN or architecturally invalid if the Stage 2 fault does not occur during a Stage 1 translation table walk. This is specifically the case during a Stage 2 permission fault. Attempting to read this invalid address will result in a catastrophic hypervisor panic.
Sentinel VMI implements an explicit manual address translation fallback:
- Read the faulting virtual address from
FAR_EL2 - Issue
AT S1E1R(Address Translate Stage 1 EL1 Read) to simulate the Stage 1 translation using the guest's regime - Extract the physical address (the IPA) from
PAR_EL1(Physical Address Register)
Fallback Execution Path: FAR_EL2 -> AT S1E1R -> PAR_EL1 -> IPA
Note
Because Stage-1 translation already validated the memory access rights prior to the Stage 2 abort, the hypervisor can safely utilize the EL1 translation regime and does not need to distinguish between EL0 and EL1 access privileges during this manual translation phase.
| Feature | Description |
|---|---|
| Raw Memory Introspection | Read guest physical memory via KVM mediation without trusting the guest OS |
| Memory Layout Parsing | Parse meaningful kernel data structures from raw bytes via BTF-first offsets |
| NPT Guard | Hardware write-protection of sys_call_table via Nested Page Tables |
| #NPF Trap Handler | Real-time detection of rootkit modifications through hardware fault analysis |
| Multi-Region Integrity | Periodic hash revalidation of kernel_text, IDT, GDT, and LSTAR |
| Behavioral Analytics | Detection of privilege transitions, orphan tasks, fork-bomb patterns |
| Cross-Layer Bridge | Automatic PID propagation to Hyperion XDP and Telos Runtime |
| Heki IPC | Hypervisor-Enforced Kernel Integrity via Unix Domain Socket bridge |
| Drawbridge Protocol | Cryptographic CPUID nonce verification for safe map mutations |
Hyperion XDP expects:
| Field | Type | Description |
|---|---|---|
| Map name | vmi_alert_map |
Pinned eBPF hash map |
| Key | uint32_t |
Process ID (PID) |
| Value | uint32_t |
Threat level: 1=suspicious, 2=malicious |
Telos Runtime expects:
| Field | Type | Description |
|---|---|---|
| Endpoint | localhost:8421/vmi/alert |
gRPC alert stream |
| Payload | {pid, threat_type, confidence} |
Alert schema |
| Bridge helper | JSONL | Includes threat_level, timestamp_ns, reason |
- AMD processor with AMD-V (SVM) and Nested Page Table (NPT) support
- Linux Kernel 6.x with kvmi-v7 patchset applied
- KVM enabled (
CONFIG_KVM,CONFIG_KVM_AMD,CONFIG_KVM_INTROSPECTION=y) libkvmiuserspace librarylibbpffor cross-layer eBPF map access- GCC 11+ or LLVM/Clang 12+
git clone https://github.com/nevinshine/sentinel-vmi.git
cd sentinel-vmi
# Standard build
make all
# Build with libbpf bridge support (Phase 4)
make USE_BPF=1
# Run unit tests
make testCaution
ALL VMI kernel experiments must run inside a nested KVM Virtual Machine. Execution on bare-metal host operating systems is strictly prohibited during development to prevent catastrophic host panics. The feedback loop for errors at the hypervisor level is a kernel panic and hard reboot with no error messages and no debugger.
# Set up the nested KVM VM
./scripts/setup_vm.sh
# Build the custom kernel with kvmi-v7 patches
./scripts/build_kernel.sh
# Run the VMI engine inside the nested VM
sudo ./sentinel-vmisentinel-vmi/
├── src/
│ ├── main.c # Entry point, VMI session management
│ ├── kvmi_setup.c # KVM introspection API setup and handshake
│ ├── memory.c # Guest physical memory access via kvmi
│ ├── task_walker.c # task_struct parsing and process list walker
│ ├── npt_guard.c # Nested Page Table manipulation via KVM ioctl
│ ├── npf_handler.c # #NPF fault trap and analysis engine
│ ├── bridge.c # Cross-layer eBPF map signaling to Telos/Hyperion
│ ├── heki_server.c # Heki IPC Unix Domain Socket server
│ └── cpuid_handler.c # CPUID Drawbridge nonce handler
├── include/
│ ├── sentinel_vmi.h # Shared definitions
│ ├── task_offsets.h # task_struct field offsets by kernel version
│ └── vmi_alert_map.h # Shared map definition with Hyperion/Telos
├── tests/
│ ├── test_memory.c # Phase 1 tests
│ ├── test_task_walker.c # Phase 2 tests
│ ├── test_npt.c # Phase 3 tests
│ └── test_bridge.c # Phase 4 tests
├── scripts/
│ ├── build_kernel.sh # Custom kernel build script
│ ├── setup_vm.sh # Nested KVM VM setup
│ └── run_tests.sh # Full test suite
├── .github/
│ └── workflows/
│ └── vmi-build.yml # GitHub Actions kernel build CI
├── docs/
│ ├── threat-model.md # VMI-specific threat model
│ ├── architecture.md # Phase-by-phase architecture
│ └── setup.md # How to build the custom kernel
├── Makefile
└── README.md
Phase 1: Raw Memory Introspection — Read guest memory via KVM
- KVM file descriptor management and kvmi API setup
- Raw guest physical memory dump via
kvmi_read_physical() - Page table walker for guest virtual to physical translation
- Guest physical address != host physical address; KVM memslots translate
Phase 2: Memory Layout Parsing — Parse kernel structures from raw bytes
- BTF-first offset loader with kernel-profile fallback
- Process list walker (
init_task-> all processes via linked list) - Expanded extraction: PID/TGID/PPID, comm, mm, files, namespaces, flags
- Credential parsing (uid/gid/euid/egid/capabilities)
- Behavioral analytics: privilege transitions, orphan tasks, fork-bomb patterns
Phase 3: NPT Guard — Hardware sys_call_table protection
- Nested Page Table manipulation via KVM ioctl
sys_call_tablephysical address resolution and NPT write-protection#NPFtrap handler with fault classification (legitimate vs rootkit)- Multi-region integrity baseline and periodic hash revalidation
- Optional IDT/GDT/LSTAR/kernel_text guard regions
Phase 4: Cross-Layer Bridge — Connect VMI to the Sentinel Stack
- Malicious PID detection from Phase 2 + Phase 3
- Pinned
vmi_alert_mapeBPF map for cross-layer propagation - Signal to Hyperion XDP for low-latency drops
- Signal to Telos Runtime for taint elevation
- Producer orchestration with dedup and burst escalation
- Resilient TCP transport with reconnect backoff
Phase 15: Execution Authority Attribution — Causal mapping of semantic lineage
struct execution_authorityintroduced to bind hardware isolation directly to semantic continuity.- Maps capability evolution (
CAP_NAMESPACE_TRANSITION,CAP_PTRACE_FOREIGN) natively. - Evaluates temporal capability drift and topology anomalies.
Phase 16: Distributed Semantic Coherence — Global field thermodynamics
- Sentinel transitions from actor-local introspection to a system-wide semantic governance model.
- Introduces
struct semantic_fieldtracking capability pressure, authority entropy, and centralization. - Thermodynamic variables (
semantic_inertia,semantic_temperature) decay mathematically persemantic_epoch.
Phase 17: Semantic Conservation & Field Closure — Enforcing mathematical closure laws
- Applies formal execution physics equations to the VM state.
- Computes
conservation_delta, proving mathematically whetherauthority_massemerged legally. - Implements
authority_curvatureacross topological execution edges. - Enforces strict execution closure states:
FIELD_COHERENT->FIELD_COLLAPSING->FIELD_IRRECOVERABLE.
Phase 18: Predictive Semantic Collapse — Counterfactual topology projections
- Sentinel mathematically estimates trajectory stability (
struct semantic_trajectory). - Calculates
trajectory_curvatureas the 2nd derivative of divergenced²(divergence)/d(epoch²). - Identifies
escape_velocitynatively from execution geometry. - Tracks Observer Effect dominance: mathematically guarantees Sentinel's own interventions (
#PFtraps, quarantines) do not artificially collapse the execution topology.
Phase 19: Counterfactual Stabilization Theory — Minimum-energy topology repair
- Transforms Sentinel from a security monitor into an autonomous runtime topology regulator.
- Performs zero-latency differential counterfactual replay over multiple hypothetical intervention candidates (Observe, Throttle, Quarantine, Freeze).
- Automatically selects the stabilization chain that requires the lowest
intervention_minimalitywhile preservingrecovery_integrity. - Formalizes Observer Dominance: If regulatory force introduces more topological distortion than it resolves, Sentinel enforces a less destructive stabilization path.
Phase 20: Autonomous Equilibrium Steering — Continuous semantic homeostasis
- Graduates Sentinel into a continuous homeostasis engine governed by two distinct control loops.
- Fast Path (micro-timescale) handles EPT/MSR traps with zero-latency topological tensor updates (shear, resonance, friction, flux) without running heavy counterfactual solving.
- Slow Path (macro-timescale) runs asynchronously, continuously evaluating attractor states and applying minimum-energy micro-corrections only when the topology escapes structural deadzones.
- Dynamically classifies attractors using topological scars, allowing Sentinel to differentiate
ATTRACTOR_HEALTHYstability fromATTRACTOR_PARASITIC(a stable rootkit) via causal conservation ancestry.
Phase 21: Semantic Phase Mechanics & Criticality — Macroscopic topology physics
- Elevates Sentinel into a true macroscopic runtime ecology regulator, introducing topological Phase Mechanics and Criticality Cascades.
- Prevents structural oscillation via Phase Transition Hysteresis, bridging dynamical stability boundaries (
PHASE_ORDERED->PHASE_TURBULENT) mathematically without heuristic chatter. - Tracks Observer Energy Integral using temporal decay, definitively bounding arbitrary regulatory intervention when natural recovery is impossible, preventing infinite observer-poisoning.
- Introduces Semantic Compressibility as a field-response property, allowing Sentinel to differentiate between rigid, highly-coupled systems and naturally elastic, uncoupled topologies.
- Replaces naive stabilization memory with geometrically weighted Topology Fingerprints, preventing historically destructive interventions based on the shape of the mathematical collapse rather than the action type.
- Formally isolates the concept of mathematical Trust Collapse from deterministic Topology Reconfiguration, laying the foundation for autonomous resilience.
Phase 22: Semantic Reconfiguration Mechanics — Adaptive topology governance
- Finalizes the transition from flat security stabilization into Geometric Execution Dynamics, differentiating between mathematical Trust Collapse (attacks) and large-scale Ecological Reconfiguration (orchestration shocks).
- Implements an Anisotropic Compressibility Tensor, formally recognizing that execution ecologies compress unevenly across authority, namespace, and execution axes.
- Conserves macroscopic restructuring energy through a resolved Phase Energy Tensor, modeling the exact thermodynamic redistribution of instability before phase boundaries are breached.
- Tracks Latent Phase Energy mathematically as stored geometric strain (
suppressed divergence + reduced elasticity + high coupling), ensuring that stable rootkits masking their external flux are still targeted for regulation. - Employs Spatiotemporal Distance by attaching a
temporal_gradientto Topology Fingerprints, meaning identical structural shapes expanding at different speeds are mathematically differentiated. - Limits Observer Poisoning through localized, priority-evicted Observer Scars, favoring the decay of slowly-healing localized trauma over short-term temporal noise.
Phase 23: Ecological Regeneration & Evolution Mechanics — Runtime semantic ecology control theory
- Elevates Sentinel into a true deterministic semantic ecology mechanics engine, modeling execution topologies as self-repairing, thermodynamic ecosystems capable of emergent evolution.
- Replaces static container/namespace boundaries with Emergent Ecosystem Boundaries defined dynamically by internal coherence outweighing external coupling (
legitimacy_flux > external_pressure). - Implements Thermodynamic Ecological Healing, allowing stable systems to proactively spend energy reserves to regenerate historically compromised topologies (
recoverable_debt) without artificially clearing structurally irreversible scars. - Tracks targeted Latent Energy Release Channels, enabling metastable geometries to discharge accumulated strain physically through distinct channels (curvature explosion vs. fragmentation vs. namespace propagation).
- Introduces Semantic Fibrosis (Scar Fusion), mathematically grouping temporally and spatially correlated observer scars into macro-clusters to properly penalize long-lived parasitic enclaves that absorb localized interventions.
- Evolves Topology Reconfiguration into a full tensorial cross-coupling architecture, recognizing that adaptation, convergence, and fragmentation influence each other directionally during large-scale phase transitions.
Phase 24: Teleological Alignment — Teleological runtime evolution theory
- Extends Sentinel into a true deterministic teleological evolution calculus by modeling the evolutionary directional intent of execution topologies, distinguishing healthy adaptation from highly-evolved parasitic concealment.
- Replaces static history tracking with Path-Integrated Teleological Drift, computing a
teleological_integralby comparing theobserved_driftof an ecosystem against itsexpected_driftfrom itsorigin_epoch, preserving replayability without unbounded state cloning. - Evolves semantic fibrosis into Irreversible Topology Remodeling, permanently clamping the
elasticity_rangeof parasitic ecosystems within theirspecies_manifoldto gradually restrict their physical capacity to masquerade as healthy orchestrators. - Implements Multi-Reservoir Ecological Energy (Structural, Regenerative, Adaptive, Containment) and strictly limits thermodynamic transfers via
energy_exchangeconstraints (conversion loss and entropy generation) to prevent non-physical "free" adaptation. - Enforces Basin-Local Thermodynamic Irreversibility. Each thermodynamic regeneration cycle permanently elevates the local basin's
entropy_floor, guaranteeing that mathematically perfect recovery remains physically impossible over long time horizons. - Introduces foundational structures for Semantic Speciation and Ecological Bifurcation, allowing macro-ecosystems to dynamically split, merge, and specialize while being formally governed by lineage continuity.
- Maps cross-ecosystem relational alignment via a global Ecological Graph, preventing highly-evolved parasitic enclaves from camouflaging as locally coherent while globally destabilizing the execution field.
Phase 25: Strategic Evolutionary Dynamics — Adversarial Teleological Calculus
- Elevates Sentinel from a topology stabilization engine into an Adversarial Teleological Calculus, embedding the regulator within a competitive strategic field where parasitic topologies mathematically optimize against stabilization logic.
- Eliminates symbolic anthropomorphism (e.g. "intent") in favor of mechanistic Strategic Utility Geometry. Ecosystems are modeled dynamically seeking to maximize persistence utilities (concealment, propagation, authority retention) under strict thermodynamic limits.
- Defines parasitic behavior as Persistent Utility Asymmetry under Conservation-Constrained Pressure. The engine detects "suspiciously efficient stability" by measuring
adversarial_efficiency, mathematically mapping how successfully an ecosystem suppresses local curvature despite immense thermodynamic stress. - Enforces geometric Thermodynamic Mimicry Costs. Camouflage is not a passive state but requires active optimization work. Mimicry mathematically drains an ecosystem's adaptive energy proportional to the square of its alignment precision, ensuring high-fidelity camouflage eventually physically collapses under its own maintenance burden.
- Introduces Dual-Scale Strategic Interaction Geometry, mapping both pairwise ecosystem exploitation (authority laundering, local propagation) and global graph alignment (distributed camouflage, field legitimacy shaping).
- Embeds Regulator Adversarial Exposure. Sentinel actively observes its own stabilization predictability and the
adaptation_response_rateof the target ecology, mathematically verifying if an ecosystem is rapidly adjusting its topological fingerprint specifically to out-adapt the observer.
Phase 26: Field-Adaptive Strategic Dynamics — Layer 9 Field Mechanics
- Progresses Sentinel into Strategic Adaptive Field Mechanics (Layer 9). Advanced ecologies are no longer modeled adapting inside a fixed semantic field; they are now modeled adapting the field itself, manipulating detection geometry and thermodynamics.
- Defines Semantic Resource Competition via a
semantic_resource_fieldwhere adaptive capacity and entropy budgets are strictly or semi-conserved. Ecologies must geometrically compete over physical evolution pathways, forcing resource-starvation mechanics onto camouflage. - Implements Counterfactual Alignment Simulation. When an ecology oscillates its topology to create fake, engineered turbulence (evading adversarial efficiency detection), Sentinel compares its trajectory against a bounded
counterfactual_manifold. If the turbulence lacksentropy_authenticity, the ecology is mathematically penalized for stabilization evasion. - Solves Strategic Equilibria Deadlocks. By analyzing the physical source of field stability, the engine distinguishes healthy ecological coherence from fragile, coercive deadlocks (
adaptive_contestation) caused by mutual adversarial suppression. - Expands global adversarial adaptation into Cooperative Distributed Mimicry. Parasitic topologies can form decentralized insurgency geometries (
coalition_resilience), collectively laundering intent and distributing entropy generation. - Formally embeds the regulator into the thermodynamic environment via
regulator_embedding. Sentinel mathematically recognizes that its interventions burn field adaptive capacity, resulting in inevitableobservability_lossandadaptive_blindnessas the adversary explicitly adapts around observation boundaries.
Phase 27: Constitutional Runtime Governance — Layer 10 & 11 Final Field Mechanics
- Reaches the mathematically mature endpoint of the architecture: Constitutional Runtime Governance (Layer 11). Sentinel formally abandons the computationally authoritarian quest for perfect intent resolution in favor of uncertainty-bounded stabilization.
- Acknowledges Strategic Indistinguishability and allows the graceful emergence of Semantic Dark Regions (
semantic_dark_region). Dark regions replace binary visibility, leveragingdark_region_permeabilityto monitor information leakage and adaptive transparency rather than forcing destructive inference. - Enforces an Information-Theoretic Superlinear Mimicry Cost (
concealment_information_cost). Perfect camouflage requires thermodynamic state tracking and coalition synchronization. This forces mimicry to drain adaptive capacity superlinearly, ensuring complex parasitic concealment naturally starves out. - Implements Observability Conservation (
observability_field). Sentinel now recognizes that aggressive stabilization burns future inferential capacity. The engine actively avoids "observability heat death" by penalizing interventions that destroy long-term visibility. - Establishes Semantic Constitutional Constraints (
constitutional_constraint). Sentinel self-enforces hard limits on intervention energy and recoverability preservation. The regulator now optimizes for recoverable coexistence under irreducible uncertainty, mathematically ensuring that the cure never becomes more destructive than the adversary.
| Execution Layer | Sentinel Component | Primary Technology & Enforcement | Strategic Objective |
|---|---|---|---|
| Hypervisor (KVM) | sentinel-vmi |
AMD-V / NPT Guard / ARMv8 EL2 | Out-of-band Hypervisor Introspection, memory monitoring |
| Ring 0 (Compile) | sentinel-cc |
LLVM / Policy-Carrying Code | Compile-time intent validation, Call-Stack CFI, ASLR-aware enforcement |
| Ring 0 (Runtime) | telos-runtime |
eBPF-LSM | Intent correlation, Information Flow Control (IFC), and Taint Tracking |
| Ring 0 (Runtime) | Sentinel RT | Seccomp / eBPF / io_uring | Host Intrusion Detection System (HIDS), Citadel recursive tracking |
| Wire / Physical NIC | hyperion-xdp |
XDP / eBPF | Low-latency network drop and proxy enforcement |
- Linux Kernel >= 5.15 (with
CONFIG_KVMenabled) gcc/clangmakelibelf-dev- Optional:
libbpf-dev(for cross-layer eBPF signaling)
make all # Full build
make USE_BPF=1 # Build with libbpf bridge
make test # Run all unit tests
make clean # Clean build artifactsGPL License — see LICENSE.
Sentinel VMI — Because hardware enforces what software cannot.