Skip to content
Runtime Security Dossier

Sentinel Runtime

A Closed-Loop Runtime Control System for Linux.
Read the Research View on GitHub

System Status: M2.0 (Experimental)

Section titled “System Status: M2.0 (Experimental)”

Sentinel Runtime is a research-grade EDR (Endpoint Detection & Response) system. It intercepts Linux system calls to enforce semantic security policies in real-time.

Unlike standard syscall monitors, Sentinel M2.0 features Recursive Process Tracking, allowing it to monitor entire process trees (shells, scripts, and child processes) without losing context.

Systems Layer (C)

A high-performance ptrace engine that handles PTRACE_EVENT_FORK to automatically attach to child processes.

Analysis Layer (Python)

A WiSARD Weightless Neural Network that evaluates execution context against a semantic policy.

Enforcement

Active Blocking. Sentinel neutralizes malicious syscalls by injecting ENOSYS error codes at the kernel boundary.

Coverage

New in M2.0: Zero-blind-spot monitoring. Sentinel now sees “Grandchild” processes (e.g., bash spawning python spawning ransomware).