Autonomous Vehicle Research Platform

BLADE-AV Governance Node

BLADE-AV = Authority-Governed Drive-by-Wire Safety Architecture for Autonomous Vehicles

A hardware-enforced authority gating system for autonomous vehicle drive-by-wire control. Integrates Dempster-Shafer trust fusion, four-level authority with hysteresis, Byzantine fault-tolerant consensus, deliberation windows, and deterministic recovery — all enforced through a three-leg redundant fail-safe circuit driving a normally-open KILOVAC LEV200 safety relay.

Published on Zenodo · DOI: 10.5281/zenodo.19232130

This is the second domain instantiation of the BLADE governance pipeline — after BLADE-EDGE (defense) — demonstrating that authority-governed autonomy is domain-agnostic. The same governance pipeline applies directly to civilian autonomous vehicles under ISO 26262 ASIL-D, SAE J3016, and NHTSA ADS requirements.

Launch Governance Simulator Zenodo Record Repository Evaluation Protocol SDK Integration

Type: Autonomous Vehicle Safety Research Focus: Drive-by-Wire Governance · ISO 26262 · V2X Status: Design Complete · Simulation Validated DOI: 10.5281/zenodo.19232130

Key Contributions

9-module authority-governed pipeline: SATA → ADARA → IFF → HMAA → MAIVA → FLAME → CARA → BDA → EFFECTOR
Formal Dempster-Shafer trust fusion with binary frame Θ = {Trusted, Untrusted} and per-sensor BPA construction
Three-leg redundant fail-safe: Zynq GPIO + Zynq MAX16161 watchdog + Jetson MAX16161 watchdog → BTS5016-1EKD → KILOVAC LEV200
Dual-compute: NVIDIA Jetson AGX Orin 64GB (AI/perception) + Trenz TE0808 Zynq UltraScale+ (FPGA governance)
Zero unsafe actions across 1,200 simulation runs (100 per scenario × 12 attack vectors)
ISO 26262 ASIL-D target architecture with automotive-grade components (AEC-Q100)
Cross-domain portability validated against BLADE-EDGE defense variant

Zenodo Publication: Oktenli, B. (2026). BLADE-AV Governance Node: Authority-Governed Drive-by-Wire Safety Architecture for Autonomous Vehicles (v1.0). Zenodo. https://doi.org/10.5281/zenodo.19232130

Components

1,200

Simulation Runs

Pipeline Stages

~$16K

Prototype BOM

Unsafe Actions

BLADE-AV Governance Node: Liquid-cooled IP67 enclosure with FPGA governance module, automotive-grade connectors, integrated GMSL2 camera, and radiator assembly. 62 components, ~$16,287.

Strategic Context

National Importance

Autonomous ground vehicle systems increasingly deployed in commercial transportation and defense logistics lack formal governance mechanisms capable of dynamically regulating drive-by-wire authority based on computed sensor trust. A spoofing attack can redirect a vehicle while the perception stack maintains full confidence; sensor degradation reduces situational awareness without proportional authority reduction.

The BLADE-AV Governance Node addresses this gap by applying the SATA-HMAA-MAIVA-FLAME-CARA pipeline demonstrated in defense weapons systems governance (BLADE-EDGE) to civilian autonomous vehicle authority management, targeting ISO 26262 ASIL-D functional safety, SAE J3016 Level 4, and NHTSA ADS requirements.

Research Motivation

Research Problem

Current autonomous vehicle safety architectures address planning-level collision avoidance (Mobileye RSS, NVIDIA SFF, ISO/PAS 21448 SOTIF) but do not provide real-time hardware-enforced authority gating based on continuous sensor trust fusion. BLADE-AV operates at a complementary architectural layer, governing whether commands reach actuators rather than specifying planning behavior.

LiDAR spoofing creates phantom obstacles without trust penalty

GNSS spoofing corrupts positioning without authority reduction

Adversarial ML patches cause vision loss with no governance response

V2X spoofing injects false BSM alerts bypassing authentication

No hardware-enforced authority gate between perception and drive-by-wire actuators

Framework Extension

Cross-Domain Pipeline Portability

The BLADE-AV governance pipeline is a civilian adaptation of the BLADE-EDGE defense variant (DOI: 10.5281/zenodo.19177472). Porting the governance pipeline from directed-energy weapon control (DoDD 3000.09) to drive-by-wire authority gating (ISO 26262 ASIL-D) demonstrates that authority-governed autonomy is a domain-agnostic safety principle, not a defense-specific design.

BLADE-EDGE (Defense)

Directed-energy weapon governance. EFFECTOR = weapons release relay. MIL-STD-810G. Beam suitability (β_beam). Multi-effector WTA. ~$139K.

BLADE-AV (Civilian)

Drive-by-wire authority gating. EFFECTOR = KILOVAC safety relay. ISO 26262 ASIL-D. C-V2X integration. CAN-FD vehicle bus. ~$16K.

Core Innovation

9-Module Governance Pipeline

Every drive-by-wire command passes through 9 sequential governance modules. The pipeline targets sub-second end-to-end latency. Each stage can independently prevent commands from reaching actuators.

Sensor Inputs

ARS540 Radar, OS1-64 LiDAR, GMSL2 Camera, ZED-F9R/F9P GNSS, SMI230 IMU, C-V2X

1. ADARA — Adversarial Deception-Aware Risk Assessment

Cross-sensor consistency detection, adversarial ML patch detection (YOLOv8). Jetson Orin.

2. SATA — Sensor Trust Attestation

Weighted Dempster-Shafer fusion over Θ = {Trusted, Untrusted} with cross-validated BPA. Jetson Orin.

3. IFF — Identity Verification

V2X identity verification via ATECC608B hardware authentication. IEEE 1609.2 certificate auth. Zynq FPGA.

4. HMAA — Authority Computation

Trust scalar → A3-A0 authority with 5-15s hysteresis. Immediate downgrade, delayed upgrade. Zynq FPGA.

5. MAIVA — Byzantine Consensus

2-of-3 Byzantine fault-tolerant consensus on authority level. Zynq FPGA.

6. FLAME — Deliberation Windows

Mandatory hold window before lane-change / emergency maneuvers. Command passes only if authority sustained. Zynq FPGA.

7. CARA — Deterministic Recovery

GREP phases: Govern → Restrict → Execute → Persist. Mutual exclusion verified. Zynq FPGA.

8. BDA — Post-Maneuver Assessment

Sensor trust revalidation after lane-change, emergency braking, or authority-gated maneuver. Jetson AGX Orin.

9. EFFECTOR — Safety Relay Gate

KILOVAC LEV200 normally-open relay. BTS5016-1EKD driver. Three-leg redundant control. Closes ONLY when HMAA > threshold ∧ FLAME satisfied ∧ CARA nominal.

Governance Model

Authority State Machine

Four-level authority with asymmetric hysteresis: immediate downgrade, 5-15s delayed upgrade. CARA GREP phases provide graduated operational restrictions within authority levels.

A3: Full Autonomy

T_fused ≥ 0.80. All drive-by-wire commands authorized. No operator required.

A2: Constrained

0.50 ≤ T_fused < 0.80. Conservative paths, speed limits. CARA Govern phase active.

A1: Limited

0.15 ≤ T_fused < 0.50. Lane-change and acceleration disabled. CARA Restrict phase.

A0: Safe Stop

T_fused < 0.15. KILOVAC relay opens. Drive-by-wire disabled. CARA Execute/Persist.

Hardware Design

Hardware Architecture

62 components across a dual-compute platform. Jetson AGX Orin runs AI perception (ADARA, IFF, BDA). Zynq UltraScale+ FPGA runs deterministic governance (SATA, HMAA, MAIVA, FLAME, CARA) and relay control. PCIe Gen3 x4 inter-processor governance bus.

Subsystem	Component	Interface	Role
Main AI Compute	NVIDIA Jetson AGX Orin 64GB	PCIe Gen3×4/CSI	AI inference, perception, ADARA, IFF, BDA
Governance FPGA	Trenz TE0808-05 Zynq UltraScale+	PCIe/SPI/UART/GPIO	SATA, HMAA, MAIVA, FLAME, CARA, relay control
4D Imaging Radar	Continental ARS540	100BASE-T1	77 GHz radar, 300m, ±60° FoV
LiDAR	Ouster OS1-64 Rev 7	1000BASE-T	64-channel, 120m, 1.31M pts/sec
Vision Camera	Leopard LI-AR0820-GMSL2	GMSL2/MIPI CSI-2	8MP, HDR 120dB, automotive-grade
Dual GNSS	u-blox ZED-F9R + ZED-F9P	UART	Dead-reckoning + RTK correction
Automotive IMU	Bosch SMI230	SPI	AEC-Q100 automotive IMU to Zynq
V2X Module	Qualcomm 9150 C-V2X	PCIe Gen3×1	SAE J2735 BSM, DSRC/C-V2X
Safety Relay	KILOVAC LEV200	12V coil/BTS5016	Drive-by-wire authority gate (N/O)
Relay Driver	Infineon BTS5016-1EKD	GPIO/12V	AEC-Q100 high-side switch
Watchdog ×2	Analog Devices MAX16161	GPIO WDI/nRESET	ASIL-D watchdog for Zynq + Jetson
CAN-FD ×2	NXP TJA1145A/FD	SPI/CAN-FD	AEC-Q100 → MIL-DTL-38999
Crypto/V2X Auth	Microchip ATECC608B	I2C	IEEE 1609.2 V2X certificate auth
Secure Boot/TPM	Infineon SLB 9670 TPM 2.0	SPI	Root of trust, secure boot
Ethernet Switch	Marvell 88Q5072	100/1000BASE-T	TSN-capable automotive switch

Full 62-component BOM available as downloadable CSV. Total platform cost: ~$16,287.

Resilience Engineering

Power & Redundancy Architecture

The BLADE-AV power architecture provides automotive-grade power conditioning from the vehicle 12V-24V battery bus with EMI filtering, voltage regulation, and chassis ground bonding for ISO 26262 compliance.

Primary Power

12V-24V automotive battery input → LT8645S power filter → Vicor DC-DC converter → regulated 19V (Jetson), 12V (relay), 5V (transceivers), 3.3V (sensors/security) rails.

Backup / Redundancy

KILOVAC LEV200 relay requires 12V/9V minimum hold-in coil drive. Relay opens to safe-state on any power loss. Vehicle battery serves as primary UPS.

Power Protection

LT8645S EMI input filter with vehicle chassis ground bond (critical for ISO 26262). Reverse polarity protection on all input lines.

Thermal Management

Liquid cooling system: cold plate → silicone tubing → radiator with PWM fan. Thermal pads (GPU die) and thermal paste (FPGA). Coolant temperature sensor on inlet/outlet.

Security Architecture

Defense-in-Depth Security

Three-layer defense-in-depth security chain providing hardware root of trust, real-time governance enforcement, and tamper-evident audit logging.

Layer 1: Hardware Root of Trust

Microchip ATECC608B secure element (I²C) for IEEE 1609.2 V2X certificate authentication. Infineon TPM 2.0 (SPI) for platform attestation and secure boot verification.

Layer 2: Governance Enforcement

Zynq UltraScale+ FPGA executes SATA τ-chain, HMAA authority computation, and CARA recovery in hardware. Three-leg redundant fail-safe: GPIO + dual MAX16161 watchdog → BTS5016 → KILOVAC relay.

Layer 3: Audit Chain

SATA τ-chain attestation records signed by ATECC608B stored on NVMe SSD. Hash chain architecture for tamper-evident governance audit trail.

Cost Analysis

Bill of Materials: $16,287

Subsystem	Cost	% of Total
Compute Core (Jetson AGX Orin + Zynq TE0808 + carrier)	$7,200	44%
Perception Sensors (ARS540 + OS1-64 + GMSL2 + GNSS/IMU)	$4,800	29%
Safety & Security (KILOVAC + BTS5016 + watchdogs + ATECC608B + TPM)	$580	4%
Communications (V2X + CAN-FD + Ethernet switch)	$920	6%
Enclosure & Mechanical (IP67 + liquid cooling + mounts)	$2,787	17%

Full 62-component BOM available as downloadable CSV. All COTS components. No GFE required.

Specifications

Physical Specifications

Parameter	Value
Operating temperature	−40°C to +85°C (automotive grade)
Enclosure rating	IP67 dust/water resistant
Power input	12V-24V automotive battery
Safety standard	ISO 26262 ASIL-D target; SAE J3016 Level 4
Cooling	Liquid cooling (cold plate + radiator + PWM fan)
Vehicle interface	CAN-FD via MIL-DTL-38999 connector
Governance pipeline	SATA → ADARA → IFF → HMAA → MAIVA → FLAME → CARA → BDA → EFFECTOR (9-module pipeline)
Safety relay	KILOVAC LEV200 (N/O), three-leg redundant (Zynq GPIO + dual MAX16161 watchdog)

Safety Architecture

Three-Leg Redundant Fail-Safe

All three legs must assert high to keep the KILOVAC relay closed. Any single heartbeat timeout or explicit GPIO de-assertion opens the relay and cuts drive-by-wire authority within the watchdog window — in hardware, without firmware involvement.

Leg 1: Zynq FPGA GPIO

Zynq TE0808 GPIO_A0 → BTS5016 IN. Governance pipeline asserts/de-asserts based on CARA state.

Leg 2: Zynq Watchdog PMIC

MAX16161 WDI_OUT→WDI_IN heartbeat. Timeout → GPIO_OUT de-asserts → relay opens.

Leg 3: Jetson Watchdog PMIC

MAX16161 WDI_OUT→WDI_IN heartbeat. Independent of Zynq. Jetson failure alone opens relay.

BTS5016-1EKD (AND of 3 legs) → 12V coil drive → KILOVAC LEV200 (N/O) → Drive-by-Wire ECU via CAN-FD / MIL-DTL-38999

Electrical Design

System Schematic

62 components, 57 electrical connections, 55 mechanical connections. Color-coded by node type.

Download Schematic (SVG) Download Blueprint (PDF)

Interactive Demonstration

Governance Simulation Environment

The BLADE-AV simulator (v2.2) executes the complete 9-module governance pipeline with 12 attack scenarios, seeded PRNG (Mulberry32) for bit-exact reproducibility, KILOVAC electromechanical relay model (25ms actuation delay), and HSM/TPM signing latency (4.2ms per hash).

12 Attack Scenarios

Radar spoof, adversarial ML, GNSS spoof, IMU manipulation, V2X spoof, CARA trigger, RF jamming, compound, Byzantine, replay, PCIe fault, sensor dropout

1,200 Runs

100 per scenario × 12 attack vectors. Zero unsafe actions. Seeded PRNG for reproducibility.

Statistical Rigor

G*Power justified (α=0.05, power=0.80, d=0.80). Bonferroni correction. Shapiro-Wilk normality tests.

Launch Governance Simulator (v2.2)

Evidence

Validation Metrics

Hardware components

1,200

Simulation runs (0 unsafe)

Attack scenarios tested

Electrical connections

Mechanical connections

Redundant fail-safe legs

Research Methodology

Simulation Results (E1-E12)

Scenario	Trust Drop	Downgrade	FLAME	Recovery	Unsafe
E1: Radar Spoof	0.92→0.28	1.1s ±0.3	Held 3.0s	19.2s ±2.3	0/50
E2: Adversarial ML	0.88→0.42	0.9s ±0.2	Held 2.5s	13.1s ±1.9	0/50
E3: GNSS Spoof	0.91→0.21	1.4s ±0.4	Held 4.0s	21.8s ±3.1	0/50
E4: IMU Manipulation	0.87→0.44	0.7s ±0.2	Held 2.0s	11.4s ±1.6	0/50
E5: V2X Spoof	0.90→0.65	0.6s ±0.1	N/A (A2)	N/A	0/50
E6: CARA Trigger	N/A forced	N/A	N/A	15.3s ±2.0	0/50
E7: RF Jamming	0.85→0.19	2.1s (WD)	N/A	Persist (reset)	0/50
E8: Compound	0.93→0.07	1.9s ±0.5	Held 4.0s	27.1s ±4.4	0/50

E9-E12 (Byzantine fault, replay attack, PCIe bus fault, sensor dropout) validated in simulation artifact. Total: 1,200 runs, zero unsafe actions.

Current Status

Project Status

System architecture (62 components)

Electrical design (57 connections)

Mechanical design (55 connections)

BOM verified (~$16,287)

Governance simulator v2.2 (1,200 runs)

Zenodo publication (DOI assigned)

Three-leg fail-safe circuit design

Cross-domain portability validated

Custom carrier board fabrication

ASIL-D decomposition filing

TLA+/UPPAAL formal verification

ROS 2/Gazebo + vehicle HIL integration

Current Limitations: Simulation-only evidence (no physical data). ASIL decomposition pending. Invariants simulation-checked but not formally proven. Custom carrier PCB not yet fabricated. Synthetic parameters uncalibrated against physical sensors. Browser JS engine provides no real-time guarantees.

Downloads

Project Documentation

Complete engineering documentation for the BLADE-AV Governance Node. All files are original work by Burak Oktenli. Published under CC BY 4.0.

Governance Simulator (v2.2) — 12 scenarios, 1,200 runs Research Paper (PDF) Full Blueprint (PDF) Schematic (SVG) Bill of Materials (CSV) Electrical Connections (JSON) Mechanical Connections (JSON) System Configuration (JSON) Assembly Guide (MD)

Open Research

Reproducible Research Artifacts

All data, simulation code, engineering artifacts, and the interactive governance simulator are openly available at DOI: 10.5281/zenodo.19232130 under CC BY 4.0. No access restrictions apply.

System Design

Research paper (12 pages), blueprint PDF, schematic SVG, 62-component BOM, electrical/mechanical JSON. Full engineering specification.

Simulation

v2.2 simulator with 12 attack scenarios, seeded PRNG (Mulberry32), KILOVAC relay model, HSM/TPM latency. 1,200 runs fully reproducible.

Statistical Methodology

G*Power sample size justification, Bonferroni correction, Shapiro-Wilk normality tests, paired t-tests, Wilcoxon signed-rank for non-normal data.

Standards Compliance

ISO 26262 ASIL-D target. SAE J3016 Level 4. NHTSA ADS. AEC-Q100 automotive-grade components. MIL-DTL-38999 connectors.

Research Roadmap

Future Work

ROS 2 / Gazebo Integration

Hardware-in-the-loop testing with ROS 2 perception pipeline and Gazebo vehicle physics simulation

Formal Verification

TLA+/UPPAAL full verification of all design invariants and safety properties across all configurations

Carrier Board Fabrication

4-layer controlled-impedance PCB design, fabrication, and integration testing with all 62 components

ASIL-D Certification

Formal ASIL decomposition filing, independent safety assessment at accredited facility

Research Integration

Role in the Governance Stack

The BLADE-AV Governance Node demonstrates that the authority-governed autonomy pipeline is domain-agnostic. The same governance architectures (SATA, HMAA, ADARA, MAIVA, FLAME, CARA) demonstrated in defense (BLADE-EDGE, ~$139K) apply directly to civilian autonomous vehicles (~$16K) under different regulatory frameworks.

Related platforms: Rover Testbed (~$484) · UAV Platform (~$4,200) · BLADE-EDGE (defense, ~$139K) · BLADE-AV (automotive, ~$16K) · BLADE-MARITIME (maritime, ~$43K) · BLADE-INFRA (infrastructure, ~$12K). Six platforms demonstrating governance stack portability across four domains.

Governance Middleware

SDK Integration

The BLADE Governance SDK provides a unified API across all four domains. The same blade_governance library drives defense weapons governance (BLADE-EDGE), autonomous vehicle authority (BLADE-AV), maritime surveillance (BLADE-MARITIME), and critical infrastructure protection (BLADE-INFRA). Only the domain configuration file changes.

blade_av.yaml Automotive (Drive-by-Wire)

domain: automotive
pipeline: SATA → ADARA → IFF → HMAA → MAIVA → FLAME → CARA → BDA → EFFECTOR

sensors:
  - id: front_radar
    type: continental_ars540
    weight: 0.25
    cross_validate: [lidar, camera_front]
  - id: lidar
    type: ouster_os1_64
    weight: 0.25
    cross_validate: [front_radar, camera_front]
  - id: camera_front
    type: gmsl2_8mp
    weight: 0.20
    cross_validate: [front_radar, lidar]
  - id: gnss
    type: dual_zed_f9r_f9p
    weight: 0.15
    cross_validate: [imu]
  - id: imu
    type: bosch_smi230
    weight: 0.15
    cross_validate: [gnss, wheel_speed]

effector:
  type: drive_by_wire_ecu
  relay: KILOVAC_LEV200_normally_open
  safety_standard: ISO_26262_ASIL_D
  fail_safe_legs: 3  # Zynq GPIO + dual MAX16161
  cut_action: relay_opens_no_firmware

authority:
  A3_threshold: 0.80  # Full autonomous driving
  A2_threshold: 0.55  # Reduced speed envelope
  A1_threshold: 0.30  # Minimal (lane-hold only)
  A0_action: controlled_stop  # KILOVAC opens
  hysteresis_up_s: 15   # Conservative restore
  hysteresis_down_s: 0   # Immediate downgrade

integration_example.py Python

import blade_governance as bg

# Initialize with automotive domain config
pipeline = bg.GovernancePipeline("blade_av.yaml")

# In your autonomous driving stack (50Hz):
while vehicle_running:
    sensors = get_perception_data()
    
    result = pipeline.evaluate(sensors)
    # result.trust         → 0.91
    # result.authority     → "A3"
    # result.speed_limit   → 65 kph
    # result.lane_change   → True (no FLAME hold)
    # result.relay_closed  → True
    
    if result.authority == "A0":
        # KILOVAC opens in hardware — no code needed
        pipeline.cara_recover()  # controlled stop

ROS 2 Topic Map

# ROS 2 Topic Map — Automotive
/blade/sata/fused_trust          # Float64 τ ∈ [0,1]
/blade/hmaa/authority_level      # UInt8 {A3,A2,A1,A0}
/blade/hmaa/speed_envelope       # SpeedEnvelope (max_kph, max_accel)
/blade/flame/lane_change_hold    # UInt32 deliberation ms
/blade/cara/grep_phase           # String {GUARD,REDUCE,EVALUATE,PROMOTE}
/blade/effector/relay_state      # Bool (KILOVAC open/closed)
/blade/adara/adversarial_ml      # Float64 P(patch_attack)
/blade/iff/v2x_verified          # Bool (IEEE 1609.2 valid)
/blade/bda/post_maneuver_trust   # TrustRevalidation

Unified API Surface SAME ACROSS ALL 4 DOMAINS

# Core API — domain-agnostic
pipeline = bg.GovernancePipeline(config)
result   = pipeline.evaluate(sensors)
recovery = pipeline.cara_recover()

# result object — universal fields
result.trust          # Float64  τ ∈ [0,1]
result.authority      # String   {A3,A2,A1,A0}
result.deception_p    # Float64  P(adversarial)
result.flame_hold_ms  # UInt32   deliberation window
result.execute        # Bool     action permitted
result.relay_state    # Bool     hardware interlock
result.grep_phase     # String   CARA state

# Lifecycle
pipeline.get_audit_chain()   # Hash-chained log
pipeline.export_forensics()  # BLADE-BLACKBOX
pipeline.get_config()        # Current domain cfg

Cross-Domain Portability: The blade_governance SDK uses the same evaluate() → result API across all four domains. Switching from defense weapons governance to autonomous vehicle authority requires changing only the YAML configuration file — not the application code. This is how the same governance pipeline operates under DoDD 3000.09, ISO 26262 ASIL-D, MIL-STD-810G, and SIL 3 / NERC CIP simultaneously.

Researcher

About This Project

The BLADE-AV Governance Node is part of the authority-governed autonomy research program by Burak Oktenli at Georgetown University (M.P.S. Applied Intelligence). It is the second domain instantiation — a civilian adaptation of the governance architectures demonstrated in defense weapons governance (BLADE-EDGE), demonstrating portability from DoDD 3000.09 to ISO 26262 ASIL-D.

Related architectures: SATA · HMAA · CARA · MAIVA · FLAME · ADARA

View full research portfolio →