Trustworthy Systems

Secure mathematically-assured composition of control models


Darren Cofer, John Backes, Andrew Gacek, Daniel DaCosta, Michael Whalen, Ihor Kuz, Gerwin Klein, Gernot Heiser, Lee Pike, Adam Foltzer, Michael Podhradsky, Douglas Stuart, Jason Graham and Brett Wilson



Rockwell Collins


University of Minnesota

UNSW Sydney


The Secure Mathematically-Assured Composition of Control Models project (SMACCM) has developed new tools for building UAV software that is provably secure against many classes of cyber-attack. The goal of the project is to provide verifiable security; that is, system designs which provide the highest levels of confidence in their security based upon verifiable evidence. The SMACCM team has developed system architecture models, software components for mission and control functions, and operating system software, all of which are mathematically analyzed to ensure key security properties.

BibTeX Entry

    author           = {Cofer, Darren and Backes, John and Gacek, Andrew and DaCosta, Daniel and Whalen, Michael and Kuz,
                        Ihor and Klein, Gerwin and Heiser, Gernot and Pike, Lee and Foltzer, Adam and Podhradsky, Michael
                        and Stuart, Douglas and Graham, Jason and Wilson, Brett},
    date             = {2017-9-27},
    institution      = {Data61, CSIRO},
    month            = sep,
    numpages         = {314},
    paperurl         = {},
    publisher        = {USA Department of Defence},
    title            = {Secure Mathematically-Assured Composition of Control Models},
    year             = {2017}