Status: Experimental · Timeline: Next · Path: examples/showcase/secure_boot/,
examples/security/
Official Solution Blueprint for secure autonomous systems with tamper resistance, attestation, RBAC, and defense compliance evidence.
Full roadmap entry: ROADMAP.md § Defense
Deploy field systems where trust, tamper detection, secure operator commands, and audit trails are mandatory — composing Security and Verification pillars without defense-specific language keywords.
| Pillar | Capabilities |
|---|---|
| Security | Encryption, RBAC, tamper detection, attestation, package trust |
| Verification | Trust scoring, decision audit trail, explainability |
| Operations | Incident workflow, compliance export, Control Center RBAC |
| Device & Fleet | Quarantine, device pool failover, fleet mesh recovery |
Defense Stack
├── Secure-boot attestation chain
├── Signed operator commands (remote_signed)
├── Tamper verify-time + runtime checks
├── Program trust + package trust scoring
├── Mission approval queue
├── Quarantine on integrity failure
└── Compliance evidence bundle (defense profile)
| Node | Role |
|---|---|
platform |
Field autonomous unit |
c2_node |
Command and control |
operator |
Certified human operator |
Guides: trust-boundaries.md · operator-capabilities.md
| Package | Role |
|---|---|
spanda-security-audit |
Audit rollup |
spanda-tamper |
Tamper detection hooks |
spanda-trust-pi / spanda-trust-jetson |
Hardware trust backends |
spanda-ledger |
Evidence anchoring (community/experimental) |
spanda-discovery-tls |
TLS discovery policy |
| Example | Path |
|---|---|
| Secure operator command | examples/security/secure_operator_command.sd |
| Invalid signature (expect fail) | examples/security/invalid_signature.sd |
| Secure boot showcase | examples/showcase/secure_boot/ |
| Mission tampering | examples/showcase/mission_tampering/ |
| Fleet tamper | examples/showcase/fleet_tamper/ |
| GPS spoofing | examples/showcase/gps_spoofing/ |
Defense template: crates/spanda-compliance/templates/defense.json
Guide: compliance-profiles.md
RBAC matrix, audit export, quarantine workflows — control-center.md
spanda sim examples/showcase/mission_tampering/modified.sd --inject-failure
spanda audit decisions --trace mission.trace
spanda explain examples/security/secure_operator_command.sd
spanda check examples/security/secure_operator_command.sd
spanda verify examples/showcase/secure_boot/rover.sd --json
./scripts/secure_boot_smoke.sh
./scripts/tamper_smoke.sh
| Script | Focus |
|---|---|
secure_boot_smoke.sh |
Attestation chain |
tamper_smoke.sh |
Tamper framework |
security_assurance_smoke.sh |
Assurance rollup |
fleet_mesh_tamper_smoke.sh |
Fleet tamper relay |
trust_program_smoke.sh |
Program trust |
Index: scripts/gates/README.md
Third-party audit prep: security-audit-third-party.md
Related blueprints: Critical Infrastructure · Search & Rescue