Hi everyone,

I've been working on a sovereign defense framework called Shifting Ghost. It’s a kernel-space IDS built in Rust using eBPF/XDP, designed to move beyond passive detection toward active adversarial attrition.

The Architecture:

• Zero-Allocation / No-std: To meet the strict requirements of kernel-space and safety-critical standards, I implemented an Arena Allocator to avoid dynamic heap issues.
• NASA P10 Compliance: I followed the "Power of Ten" rules for safety-critical code to ensure the system is as deterministic as hardware.
• Performance: Leveraging XDP for near-zero latency packet rejection (~50ns overhead).

The "Poisoning" Doctrine: The project includes a strategic White Paper on Adversarial Inhibition. Instead of just dropping packets, the system uses Singular Spectrum Analysis (SSA) and Extended Kalman Filters (EKF) to identify attackers and feed them deterministic noise, effectively poisoning their exfiltration cycle.

Stack: Rust, eBPF (Aya/Libbpf), Linux (Debian 13), and a lot of LaTeX for the theoretical framework.

I'd love to get your feedback on:

1. My approach to Arena Allocation in a no_std kernel context.
2. The safety of the eBPF map sharing logic between the 3 crates.
3. The integration of signal processing (SSA) for deceptive security.

**Link to Repo & White Papers: shiva-protocol

Thanks for your critiques!

12 posts - 3 participants

Read full topic