PARASITE is a hyper-efficient firmware sentinel for detecting, containing, and reporting threats in embedded systems for Critical National Infrastructure. This repository contains a functional, end-to-end prototype demonstrating the core "detect, contain, report" workflow of the PARASITE security system.
This prototype consists of two primary components that work in tandem to simulate the entire PARASITE ecosystem:
-
The PARASITE Agent (Rust): A host-based application written in Rust that simulates the logic of the on-device security agent. It demonstrates the security workflow by simulating the detection of a mock implant, logging the containment action, and then sending a real threat report over HTTP to the backend.
-
The Verifier Backend (Go): A lightweight HTTP server written in Go that acts as the endpoint for the agent. It listens for incoming threat reports on a specific API endpoint (
/v1/intel/report), decodes the JSON payload, and logs the data to the console, acknowledging receipt to the agent.
Together, these components provide a full proof-of-concept for the system's core architecture and end-to-end data flow.
.
├── src/
│ └── main.rs # Rust Host-Runner Agent
└── Cargo.toml
(Note: The verifier-backend directory is a sibling to project-parasite in the root of the overall project.)
To run this prototype, you will need the following installed on your system:
You will need two separate terminals open to run the backend and the agent simultaneously.
Terminal 1: Start the Go Backend
-
Navigate to the backend directory (from the root of the overall project):
cd verifier-backend -
Run the server:
go run .The server will start and log that it is listening on
http://localhost:8080.
Terminal 2: Run the Rust Agent
-
In your second terminal, navigate to the agent's directory (from the root of the overall project):
cd project-parasite -
Run the agent:
cargo run
When you run the Rust agent, it will execute its simulation and send a report to the Go backend.
-
The Rust terminal will show the agent's workflow:
-- PARASITE HOST-RUNNER PROTOTYPE: STARTING -- [Setup] Memory layout configured. [Sentinel] Scanning memory... [Sentinel] High-entropy anomaly DETECTED at address: 0x20010000 [Guardian] Reacting to alert. Quarantining memory region... [Guardian] Containment VERIFIED. Access to 0x20010000 is now blocked. [Reporter] Preparing threat report for transmission... [Reporter] Transmitting report to backend at http://localhost:8080/v1/intel/report... [Reporter] Report successfully sent and acknowledged by backend! -- PARASITE HOST-RUNNER PROTOTYPE: FINISHED -- -
The Go terminal will simultaneously log the reception of the report:
--- [INCOMING THREAT REPORT] --- Received Encrypted Payload: DETECT:ANOMALY_HIGH_ENTROPY;ADDR:0x20010000;ACTION:QUARANTINE_SUCCESS --- [THREAT REPORT PROCESSED] ---
- The Rust Agent simulates the PARASITE workflow by printing status messages for the
Sentinel(detection) andGuardian(containment) phases. - The
Reportermodule within the Rust agent creates a JSON payload containing a summary of the simulated threat. - It then makes a real HTTP POST request to the Go backend using the
reqwestlibrary. - The Go Backend receives this request, decodes the JSON, and prints the payload to the console, confirming that the end-to-end communication loop is successful.
- Agent Prototype:
- Language: Rust
- Key Libraries:
tokio(for async runtime),reqwest(for HTTP client),serde(for JSON serialization).
- Backend Prototype:
- Language: Go
- Key Libraries:
net/http(for the web server),encoding/json.