BLADE-INFRA-OT Simulation Engine v5 · IT/OT Bridge Governance

SHA-256 self-test: …

Scenario mode - tier-gated computed pipeline

Four input sequences run through the executable AUTHREX-style decision pipeline. Every stage verdict is computed and every stage gates the terminal decision - SATA provenance, the ADARA research detector, IFF roster, independent-node MAIVA consensus (fail-closed), the HMAA authority tier, a bus-latency TIMING gate, FLAME deliberation, and ERAM risk. Hover any stage for its decision trace.

FMEA - fault injection (all faults active in the pipeline)

Mirror-tap feed loss (zeroes the burst feature + blinds one node) MAIVA node dissent (per-node observation noise sd 0.06→0.22) Inter-plane bus latency (TIMING stage → stale-verdict hold) Byzantine MAIVA node (node 0: 50% chance to maliciously flag - DoS) IT/OT clock drift (time-dependent desync continuously degrades SATA over the run)

Authority Tier

Msgs

Propagated

Held / Delib.

Isolated

Sim Time (s)

0.0

Bridge State

ARMED

IT / Bridge / OT - live inspection path

IT Zone - Purdue 4/5

scada-op-01authorized

eng-ws-02authorized

corp-svc-04authorized

vendor-jump-12on roster

IT/OT Bridge - BLADE-INFRA-OT

awaiting message…

pass deliberate isolate active hover a stage for its decision trace

OT Zone - Purdue 2/3

plc-pump-01nominal

rtu-valve-04nominal

ied-fdr-12nominal

bms-ctrl-03nominal

Audit Ledger tamper-evident · SHA-256 chain

Detection Metrics (scenario)

Sys TPR

Sys FPR

ADARA TPR

ADARA FPR

System detection includes the IFF roster rule. ADARA-only rates isolate the anomaly detector's skill.

ADARA-only ROC, swept over the detector threshold at Δ0.005 (not full-system). Operating point (●) is the current threshold; the diagonal is random guessing.

AUC = -

Avg Time-in-System: -

Assumptions & known limitations (read before citing any number)

The five-feature vector is an abstraction, not parsed protocol frames; protocol/op strings only affect the high-stakes classification.
Feature distributions and detector weights are hand-specified, not calibrated to a captured OT corpus. Absolute TPR/FPR illustrate the architecture, not field rates. Use External-dataset mode to evaluate against data the detector did not generate.
ADARA is a computed research detector (logistic model), not a validated industrial detector. Reported metrics separate ADARA-only skill from the IFF roster rule.
Detection delay is a message-count within a burst, not wall-clock seconds. FLAME windows are in simulated seconds.
The ledger is a tamper-evident SHA-256 hash chain, not an authenticated/externally-anchored log. Genesis is seed-deterministic so a run is replayable.
The four authority tiers shape the hold-rate, not the classifier: detection TPR/FPR are tier-invariant by design (T3 autonomous → T2 supervised → T1 confirm → T0 manual-only each hold progressively more traffic).
Malformed/missing feature inputs fail closed (isolated as DATA_FAULT), never scored as benign.
Traffic export is replay-grade (seed, FMEA state, threshold, node count, per-message tier before/after); re-running the engine with that config reproduces the run exactly.
This is a research prototype / simulation-only artifact (architectural tier). It is not a digital twin: there is no plant-physics or mission-consequence model.

Scenario mode - tier-gated computed pipeline

Monte Carlo mode - seeded stochastic batch

External dataset mode - break the synthetic loop

IT / Bridge / OT - live inspection path

Audit Ledger tamper-evident · SHA-256 chain

Detection Metrics (scenario)

Assumptions & known limitations (read before citing any number)

Scenario mode - tier-gated computed pipeline

Monte Carlo mode - seeded stochastic batch

External dataset mode - break the synthetic loop

IT / Bridge / OT - live inspection path

Audit Ledger tamper-evident · SHA-256 chain

Detection Metrics (scenario)⬇ CSV

Assumptions & known limitations (read before citing any number)

Detection Metrics (scenario)