TyrSecure is a prototype anti-cheat system built using eBPF, designed to demonstrate kernel-level monitoring and enforcement capabilities.
This project was developed as part of a Computer Science Master’s Specialization Project (9th semester, first half of specialization).
- Explore kernel-level observability using eBPF
- Detect suspicious behavior in games
- Serve as a research and educational prototype (not production-ready)
Tested primarily on Linux (Arch). Other modern Linux distributions with recent kernels should also work.
| Component | Requirement |
|---|---|
| Compiler | Clang ≥ 21.1.6 |
| Build Tools | CMake ≥ 3.25.1 |
| GNU Make ≥ 4.4.1 | |
| BPF Tools | bpftool ≥ 7.7.0 |
| Libraries | libbpf ≥ 1.7 |
| pkg-config ≥ 2.5.1 | |
| Kernel | Linux kernel with eBPF support (recommended: 5.x+) |
Note:
- A C23 / C++23-capable toolchain is required
- Root privileges are required to load and attach eBPF programs
git clone https://github.com/eske4/TyrSecure.git
cd TyrSecure
make buildThis builds both the eBPF programs and the userspace controller.
Attach the anti-cheat to a target process by providing its PID:
sudo ./TyrSecure <target_pid>Alternatively, use the default run target:
make runThe make run target attaches to a predefined PID (default: 1).
You can modify this value in the Makefile.