Trustworthy Systems

A formal approach to constructing secure air vehicle software


Darren Cofer, Andrew Gacek, John Backes, Michael Whalen, Lee Pike, Adam Foltzer, Michael Podhradsky, Gerwin Klein, Ihor Kuz, June Andronick, Gernot Heiser and Douglas Stuart



Rockwell Collins


University of Minnesota

UNSW Sydney


Current approaches to cyberresiliency rely on patching systems after a vulnerability is discovered. What is needed is a clean-slate, mathematically based approach for building secure software. We developed new tools based on formal methods for building software for unmanned air vehicles that is provably secure against cyberattacks.

BibTeX Entry

    author           = {Cofer, Darren and Gacek, Andrew and Backes, John and Whalen, Michael and Pike, Lee and Foltzer, Adam
                        and Podhradsky, Michael and Klein, Gerwin and Kuz, Ihor and Andronick, June and Heiser, Gernot and
                        Stuart, Douglas},
    date             = {2018-11-15},
    doi              = {},
    issn             = {0018-9162},
    issue            = {11},
    journal          = {IEEE Computer},
    month            = nov,
    pages            = {14-23},
    paperurl         = {},
    publisher        = {IEEE},
    title            = {{A} Formal Approach to Constructing Secure Air Vehicle Software},
    volume           = {51},
    year             = {2018}