Direct mapping of AUTHREX governance components to the certification frameworks that defense and aviation reviewers actually use: DO-178C, DO-333 Formal Methods Supplement, MIL-STD-882E System Safety, MIL-HDBK-516C Airworthiness, ISO 26262 ASIL-D, and NIST AI RMF.
DO-178C governs software in airborne systems. Authority-governed autonomy software for UAVs and crewed aircraft falls under this standard. AUTHREX components map to DO-178C objectives at Software Level A (catastrophic failure condition).
| AUTHREX Component | DO-178C Objective Area | Mapping |
|---|---|---|
| HMAA Authority State Machine | §6.3.1 Software Architecture Verification | Four-level authority state machine (A0–A3) with formally specified transitions; provides verifiable software architecture suitable for high-criticality requirements traceability. |
| SATA Sensor Trust Evaluation | §6.3.2 Verification of Outputs of the Software Requirements Process | Continuous trust scalar with cryptographic attestation; supports requirements traceability for sensor-input integrity at Software Level A. |
| CARA Recovery Phases (GREP) | §6.4.3 Robustness Test Cases | Deterministic phased recovery (Guard, Reduce, Evaluate, Promote) provides explicit robustness test coverage for off-nominal sensor and authority conditions. |
| FLAME Deliberation Window | §6.3.4 Verification of Verification Process Results | Latency-injection layer for human-in-the-loop confirmation aligns with DO-178C's expectation of bounded execution time under defined operational conditions. |
| MAIVA Byzantine Consensus | §6.3.1 Software Architecture Verification (Redundancy) | Byzantine-fault-tolerant multi-agent consensus provides formal redundancy guarantees aligned with dissimilar-software-implementation strategies discussed in DO-178C §11. |
DO-333 is the formal-methods supplement to DO-178C. It is the certification path that explicitly accepts model-checking and theorem-proving artifacts as substitutes for testing-based verification. AUTHREX's TLA+ formal verification is precisely the type of evidence DO-333 was designed to accept.
| AUTHREX Component | DO-333 Annex Section | Mapping |
|---|---|---|
| HMAA TLA+ Specification | FM.6.3.1 — Formal Analysis (Property Verification) | HMAA authority state machine verified in TLA+ across 48,751 reachable states. No unsafe state reachable from any initial state under any sensor input. Direct DO-333 model-checking evidence. |
| Authority Transition Invariants | FM.6.3.6 — Property-Based Decomposition | Formal invariants on authority transitions (monotonic downgrade, bounded upgrade delay, hysteresis) verified as TLA+ properties; serve as decomposable formal requirements. |
| Dempster-Shafer Trust Fusion | FM.6.3.4 — Soundness of Formal Method | Dempster-Shafer evidence combination is mathematically well-defined; soundness arguments documented in the SATA architecture paper alongside the TLA+ proofs. |
| Reachability Proofs | FM.6.7 — Verification of Verification | Explicit reachability proofs (TLA+ TLC model checker output) provide auditable verification-of-verification artifacts. |
MIL-STD-882E governs system safety analysis across the DoD. Its FMEA, FTA, and risk-acceptance matrix define how autonomous systems are evaluated for catastrophic failure modes. AUTHREX is designed to drop directly into this framework as a hazard mitigation control.
| AUTHREX Component | MIL-STD-882E Task | Mapping |
|---|---|---|
| SATA Sensor Trust | Task 205 — Failure Mode and Effects Analysis (FMEA) | Per-sensor failure modes (jamming, spoofing, drift) explicitly modeled with detection coverage and authority response. SATA simulation includes 10-mode FMEA per MIL-STD-1629A. |
| HMAA Authority Computation | Task 207 — Health Hazard Assessment | Authority levels A0–A3 map to MIL-STD-882E severity categories I–IV; authority degradation provides direct hazard-control evidence. |
| CARA Recovery Protocol | Task 207 — Probability of Hazardous Operation | CARA's deterministic recovery transitions reduce P(hazardous operation) by enforcing safe-state transitions on trust collapse. |
| ERAM Escalation Risk Model | Task 209 — Sustained Operations Hazard Analysis | ERAM provides quantitative escalation-risk metrics for command-and-control environments operating under degraded conditions. |
MIL-HDBK-516C defines the airworthiness certification criteria for U.S. military aircraft. For autonomous and optionally-piloted military aircraft, AUTHREX provides the authority-governance layer required by Section 15 (Software / Avionics) and Section 7 (Crew Systems / Human-Machine Interface).
| AUTHREX Component | MIL-HDBK-516C Criterion | Mapping |
|---|---|---|
| HMAA Authority Layer | §15.2.1 — Software Safety | Hardware-anchored authority gating prevents software-only compromise from achieving flight-safety-critical actions; aligns with §15.2.1 software safety criteria. |
| FLAME Deliberation Window | §7.3 — Human-Machine Interface (HMI) Safety | Bounded latency injection enforces minimum human-decision time before irreversible action; supports MIL-HDBK-516C HMI safety expectations for optionally-piloted aircraft. |
| SATA Trust Attestation | §15.2.4 — Software Verification & Validation | Cryptographically attested sensor trust provides V&V-grade evidence that flight-control inputs have not been tampered with; complements traditional V&V testing. |
ISO 26262 ASIL-D is the highest automotive functional safety integrity level. BLADE-AV (the automotive variant of AUTHREX) is designed to provide the formal safety architecture ASIL-D requires for Level 4/5 autonomous vehicle authority management.
| AUTHREX / BLADE-AV Component | ISO 26262 Part / Clause | Mapping |
|---|---|---|
| HMAA Authority State Machine | Part 3 §7 — HARA (Hazard Analysis & Risk Assessment) | Four-level authority states map directly to ASIL-D HARA categories; authority degradation provides quantitative ASIL decomposition evidence. |
| SATA Sensor Trust + MAIVA Consensus | Part 6 §7 — Software Architectural Design (Redundancy) | Heterogeneous sensor reasoning with Byzantine-fault-tolerant consensus aligns with ASIL-D dissimilar-redundancy expectations. |
| CARA Safe-State Transitions | Part 4 §6 — Safety Goals & Safe State | Deterministic safe-state transitions on trust collapse provide auditable Safety Goal compliance for ASIL-D items. |
| TLA+ Formal Verification | Part 6 §9 — Software Unit Verification | Formal verification is explicitly recognized in ISO 26262 Part 6 §9 as a verification method; AUTHREX provides this evidence directly. |
NIST AI RMF defines four functions for AI risk management. Where the RMF establishes principles, AUTHREX provides operational mechanisms that satisfy each function for autonomous-systems use cases.
| AI RMF Function | AUTHREX Operational Evidence | Mapping |
|---|---|---|
| GOVERN | HMAA authority computation + audit log | Hardware-anchored authority decisions with cryptographic audit trail provide governance evidence at runtime, not just at design time. |
| MAP | Domain-specific scenario libraries (drone, AV, ship, UGV, ICS) | Operational scenarios mapped per-domain in BLADE platforms; failure modes catalogued with detection coverage. |
| MEASURE | SATA sensor trust scalars + ADARA adversarial probability | Continuous quantitative measures of sensor trust and adversarial-deception probability provide measurable AI risk metrics in milliseconds. |
| MANAGE | FLAME deliberation + CARA recovery | Active risk management through latency injection (human review windows) and deterministic recovery protocols on trust degradation. |
DoDD 3000.09 requires appropriate human judgment in lethal autonomous and semi-autonomous weapon systems. The directive establishes policy but does not prescribe technical mechanisms for enforcement. AUTHREX provides those mechanisms.
| DoDD 3000.09 Requirement | AUTHREX Mechanism | Mapping |
|---|---|---|
| Appropriate human judgment | FLAME deliberation window + HMAA authority gating | Authority levels A0–A3 enforce human judgment proportional to sensor trust; FLAME injects bounded latency before irreversible action. |
| Reliable performance under realistic conditions | SATA + MAIVA + ADARA pipeline | Heterogeneous sensor reasoning with Byzantine consensus and adversarial-deception detection establishes reliability evidence under contested-domain conditions. |
| Adequate operator training & HSI | Authority-level transparency + audit trail | Operators see current authority level and reason for any change; cryptographic audit trail supports post-event review. |
| Failure prevention | CARA deterministic recovery + TLA+ verified state machine | Formally verified state machine provably cannot enter unsafe states; CARA enforces deterministic recovery on any trust collapse. |
BLADE-INFRA, the AUTHREX variant for industrial control systems, targets NERC CIP–regulated environments where AI integration into ICS/SCADA must meet strict cyber security and reliability standards.
| AUTHREX / BLADE-INFRA Component | NERC CIP Standard | Mapping |
|---|---|---|
| SATA Hardware Trust Anchor | CIP-013 — Supply Chain Risk Management | TPM-anchored trust attestation provides supply-chain integrity evidence aligned with CIP-013 vendor and equipment provenance requirements. |
| SATA Continuous Sensor Monitoring | CIP-007 — System Security Management | Continuous integrity monitoring of cyber-asset sensor inputs supports CIP-007 controls (security event monitoring, malicious code prevention, system status monitoring). |
| HMAA Authority Audit | CIP-008 — Incident Reporting & Response Planning | Cryptographic audit trail provides incident-response evidence per CIP-008. |
| ADARA Adversarial Detection | CIP-005 — Electronic Security Perimeters | Continuous adversarial-deception probability serves as electronic-perimeter monitoring for AI-integrated control loops. |
The mappings on this page are technical alignment claims, not certification claims. AUTHREX has not been certified under any of these standards. The mappings describe how AUTHREX components could be used as evidence within a certification package, subject to:
A formal traceability matrix from each AUTHREX architecture paper (HMAA, SATA, CARA, FLAME, MAIVA, ADARA, ERAM) to specific clauses of these standards is part of ongoing work and will be released as Zenodo deposits as it matures.
Each AUTHREX architecture paper on Zenodo includes formal specifications, simulation results, and bills of materials. The TLA+ source files are part of the open-source release.