Oreulius Kernel

@oreulius
2 Followers
19 Following
22 Posts
Capability-native OS kernel. WASM execution, typed IPC, temporal state, CapNet authority transfer, and formal verification. Make the advanced ordinary.
Oreulius Project Websitehttps://www.oreulius.com
Oreulius Github Repohttps://github.com/reeveskeefe/Oreulius-Kernel
Oreulius Kernel19h ago

I’ve completed a deep audit of the Oreulius Kernel fetch service, covering its networking, security boundaries, sessions, capabilities, TLS, parsing, caching, cookies, downloads, storage, temporal restoration, audit evidence, and production-readiness testing.

The architecture is taking shape, but the audit also identifies the work needed to turn it into a trustworthy kernel-owned web request layer.

https://oreulius.com/blog/code-review-fetch-service

Code Review | Fetch-Service — Oreulius Kernel

An intensive security and architecture audit of the Oreulius Kernel fetch service, a bounded kernel-owned web request layer built in Rust. The review examines capability authority, session isolation, URL and HTTP parsing, TLS identity, redirects, cookies, caching, downloads, VFS storage, cancellation, timeouts, temporal restoration, audit evidence, and the testing required for production readiness.

Oreulius Kernel
Oreulius Kernel6d ago

I finished the first full pass of mechanically verified Rust proofs, all 11 checks done and verifier-backed. The post walks through what that actually means: the Coq work, Kani, fuzzing, the test suite, where the proof boundaries sit, and what's still on the table. Merkle soundness, non-empty revocation witnesses, encode/decode round-trips, and the seal/open semantics are all coming next.

#RustLang #FormalVerification #Kani #Cryptography

https://oreulius.com/blog/project-update-formal-verification-fuzzing-and-tests-of-the-arc-encryption-schem

The Verification Architecture of the ARC Encryption Scheme — Oreulius Kernel

ARC combines formal proofs in Coq, fuzz-hardened Rust code, and a reflective test suite into a unified verification architecture for authenticated multi-hop encrypted routing.

Oreulius Kernel
Oreulius KernelMay 28

Oreulius’s compositor ends raw framebuffer access by wrapping drawing in capabilities. The new path adds policy and audit; the legacy one preserves demos. CVE‑2024‑46826 shows how ELF loader bugs like double reading randomize_va_space cause unpredictable behaviour. Memory‑safe Rust and strict capability checks are essential.

#CapabilityBasedSecurity #MicrokernelArchitecture #TrustedDisplayServer #OreuliusOS
https://oreulius.com/blog/code-review-the-compositor

Code Review | The compositor — Oreulius Kernel

A technical look at the compositor subsystem, its two-path architecture, and what it takes to move from demos to a trusted display server.

Oreulius Kernel
Oreulius KernelMay 27

Kernel cryptography review: the crypto folder was the least mature part of this pass, so the review focused on plumbing it correctly into capability authority, typed trust data, key derivation, Ed25519 verification, and AES-GCM sealing.

https://oreulius.com/blog/code-review-the-crypto-folder

#OSDev #Cryptography #KernelEngineering #SystemSecurity

Code Review | The Cryptographic Primitives — Oreulius Kernel

A technical look at the crypto folder, how it routes authority through the kernel in the current stage, and what still needs to mature before production.

Oreulius Kernel
Oreulius KernelMay 19

Execution engine review: this one is long because ELF loading, WASM runtime behavior, binary loading, JIT paths, traps, and portability can introduce a lot of subtle kernel bugs.

This post looks at what still needs to be implemented before the execution engine should be pushed through the final dev cycle, after the architecture and abstraction layer.

How do you handle portability testing near the end of an OS dev cycle?

#Wasm #KernelDev #SystemsProgramming
https://oreulius.com/blog/code-review-the-wasm-runtime-and-elf-execution-engine

Code Review | The WASM runtime and ELF Execution Engine — Oreulius Kernel

This review looks at the Oreulius execution engine, where WASM modules, ELF binaries, JIT compilation, replay, threading, and capability security all meet.

Oreulius Kernel
Show threadOreulius KernelMay 3
Heres a breakdown of how I used it and how I didn't, to help clarify any misconception of what's included, and to exemplify the included, vs host side I implemented so you can see how it's been designed to be adaptable to your own sites or authentication systems.
Oreulius KernelMay 3

Introducing ReKurn; A git like version control system, + securable decentralized log in system and authentication system for node.js npm and typescript heavy sites.

Built originally for the Oreulius site to host our own code, repos, packages, and oreulius applications be they open source, source available, as a binary that rekurn will one day be able to install.

Allows authentication where necessary against a site + Many plans for the oreulius ecosystem with this.

https://github.com/reeveskeefe/Rekurn

GitHub - reeveskeefe/Rekurn: A lightweight software versioning and retrieval system designed to be used for typescript/javascript sites, and is compatible with vercel projects where git or other existing versioning systems are either not lightweight enough, or typescript language would need to be required

A lightweight software versioning and retrieval system designed to be used for typescript/javascript sites, and is compatible with vercel projects where git or other existing versioning systems ar...

GitHub
Oreulius KernelApr 29

Heres the explanation of why I went with the name Oreulius, it is not simply a name based off similarities, it is a name I chose as a unified design principle

#kernel #OS #namechoice #development

https://oreulius.com/blog/why-i-went-with-the-name-oreulius

Why I went with the name Oreulius — Oreulius Kernel

Oreulius is a name built from Marcus Aurelius and Abraham Ortelius, combining Stoic restraint with cartographic clarity. The name reflects the kernel’s design principle: govern power by mapping it, making authority explicit, inspectable, bounded, and principled.

Oreulius Kernel
Oreulius KernelApr 27

This is the first code review of the capability system in the oreulius kernel, as-well as what isn't complete, what is complete, and assuring it has the design premise that is intended. As-well, I have done a thorough analysis of the attack surface potential and how they were mitigated, and if they have been mitigated.

#rust #capabilitysystem #OSDEV #Kernel #development

Read the blog on this here:
https://oreulius.com/blog/code-review-the-oreulius-capability-capnet-and-its-provenance-graph

Code Review | The Oreulius Capability system, CapNet and it's Provenance Graph — Oreulius Kernel

This is the first code review of the capability system, what isnt complete, what is complete, and assuring it has the design premise that is intended. As-well as a thourough review of the attack surface potential and how they were mitigated, and if they have been mitigated.

Oreulius Kernel
Oreulius KernelApr 20

The second code review has been completed.

It's important that the architectural and abstraction layer remains as small as possible and bridged between assembly and rust so that the rust code stays as isolated from the machine as possible. so its more than just memory safe, it is memory secured!

But there are some big changes that can be made without changing or drastically increasing the size of the abstraction and architectural layer.

The related blog is here:

https://www.oreulius.com/blog/code-review-the-architecture-and-abstraction-layer-arch

Code Review | The Architecture and Abstraction layer (Arch) — Oreulius Kernel

The code review that was performed for the Architecture layer has been completed, and some important dev decisions have been made, as-well as some gaps have been discovered.

Oreulius Kernel