Gorde:
| Egile nagusia: | |
|---|---|
| Formatua: | Recurso digital |
| Hizkuntza: | ingelesa |
| Argitaratua: |
Zenodo
2026
|
| Gaiak: | |
| Sarrera elektronikoa: | https://doi.org/10.5281/zenodo.18936251 |
| Etiketak: |
Etiketa erantsi
Etiketarik gabe, Izan zaitez lehena erregistro honi etiketa jartzen!
|
Aurkibidea:
- <p>Sensor Attestation and Trust Anchoring (SATA) is a hardware-anchored trust architecture that produces a continuous trust scalar τ ∈ [0,1] from a TPM-anchored τ-Chain of cryptographically committed sensor attestation records. Unlike traditional remote attestation systems that treat trust as binary, SATA models trust as a continuously updated scalar derived from a sliding window of recent attestations, enabling graded operational authority decisions rather than single point-in-time authentication.</p> <p>SATA forms the hardware-anchored trust layer of a three-component authority stack together with the Hierarchical Mission Authority Architecture (HMAA) and the Cognitive Authority Recovery Architecture (CARA). In this architecture, SATA provides the trust signal τ, HMAA translates τ into graded operational authority A and mission tiers Tier(A) ∈ {T0–T4}, and CARA performs structured recovery through GREP phases I–IV when authority collapses.</p> <p>This technical assurance report presents the formal and empirical foundation of the SATA protocol, including:</p> <p>• Mathematical specification of the τ-Chain trust computation<br>• Six-barrier replay-resistance architecture (nonce, signature, PCR, sequence, counter, freshness)<br>• Deterministic boundary test vectors and CI verification (45 tests)<br>• Monte Carlo evaluation (N = 10,000 runs) with explicitly defined generative models<br>• Bounded TLA+ model checking (18,892 reachable states) validating safety invariants<br>• A Goal Structuring Notation (GSN) safety argument covering ten hazard scenarios aligned with MIL-STD-882E system safety methodology<br>• A reproducibility artifact set including simulation dashboard, CI harness, and TLA+ specification</p> <p>SATA is designed for adversary classes A1 (network attacker) and A2 (OS-level attacker) with an intact TPM root of trust. Under these conditions the six-barrier replay-resistance architecture yields a conservative composite bound P(T5) < 2⁻¹²⁸. Physical adversary scenarios (A3) and hardware dependency modeling remain open assurance gaps.</p> <p>This record is part of a three-report technical assurance series describing a complete authority stack for autonomous systems:</p> <p>• HMAA — Hierarchical Mission Authority Architecture<br>• CARA — Cognitive Authority Recovery Architecture<br>• SATA — Sensor Attestation and Trust Anchoring (this report)</p> <p>Supplementary files include the primary simulation artifact (sata_dashboard.html), CI test harness (sata_ci_test.js), and TLA+ specification (CSTP_SATA_v3.2.tla) to enable independent verification of the results.</p> <p>Scope: research simulation artifact. Hardware-in-the-loop validation and formal refinement remain open assurance gaps prior to operational deployment.</p>