HMAA-UAV Authority-Governed Drone Platform

Strategic Context

National Importance of Authority-Governed UAV Autonomy

Unmanned aerial vehicles are rapidly proliferating in defense, infrastructure inspection, disaster response, and contested-environment reconnaissance. Current UAV autonomy systems lack formal governance mechanisms that dynamically regulate flight authority based on computed sensor trust, creating vulnerabilities when operating under GPS denial, RF jamming, or adversarial sensor manipulation.

Authority-governed flight autonomy addresses this gap by making trust assessment, authority computation, and recovery enforcement first-class components of the UAV control stack. Research in resilient UAV autonomy has been identified as a strategic priority by organizations including DARPA, NASA, and the U.S. Air Force Research Laboratory. DoD Directive 3000.09 explicitly requires autonomous weapons systems to maintain appropriate levels of human judgment over the use of force.

Research Motivation

Research Problem

Autonomous UAVs increasingly operate in environments where GPS denial, sensor spoofing, RF jamming, and adversarial interference threaten flight safety. Current commercial autopilot systems use simple threshold-based failsafes (return-to-home, emergency land) that lack formal authority governance. They cannot dynamically degrade autonomy based on computed trust or enforce graded authority constraints on flight behavior.

This project extends the authority-governed autonomy concept from ground vehicles (Project 1: Rover Testbed) to aerial platforms. The UAV implements the same SATA/HMAA/CARA governance pipeline, demonstrating that authority-governed autonomy is platform-independent and applicable across robotic domains.

GPS spoofing causes unsafe navigation in autonomous UAVs

Camera and LiDAR failures degrade perception without formal response

RF jamming severs telemetry without authority-aware fallback

Compound sensor failures overwhelm simple threshold safeguards

Core Contribution

Governance Architecture

The UAV implements a complete authority-governed flight pipeline. Every autonomous flight command passes through trust evaluation, authority computation, and recovery logic before reaching the flight controller.

Sensor Inputs (GPS, LiDAR, Camera, IMU, Radar, UWB, Optical Flow, Barometer)Multi-modal perception and localization

↓

SATA Trust EvaluationPer-sensor trust scoring with cross-sensor validation and weighted Dempster-Shafer fusion

↓

HMAA Authority DecisionTrust scalar to authority level mapping: A3 (full) to A0 (revoked)

↓

Command GateProposed flight action clamped to authority limits (speed, altitude, maneuver envelope)

↓

Cube Orange+ Flight Controller (ArduPilot/PX4)Approved commands executed via MAVLink

↓

CARA Recovery BehaviorsSafe-land, return-safe, hover-hold, crawl-mode, degraded-teleop

Framework Extension

Autonomous Drone Swarm Governance Platform

This project extends authority-governed autonomy from single-agent systems to coordinated multi-agent aerial platforms. Building directly on the rover and UAV testbeds, each drone operates as an individually governed autonomy node using SATA trust evaluation, HMAA authority control, and CARA recovery logic, while participating in a mission governed by a higher-level authority layer.

Unlike conventional swarm systems that assume continuous participation of all agents, this platform introduces trust-conditioned participation, where each drone's ability to contribute to the mission is dynamically constrained by its current trust and authority state.

Autonomous Drone Swarm Governance Architecture showing Mission Authority Node, Swarm Governance Layer, per-drone SATA/HMAA/CARA nodes, compromised drone isolation, and swarm reconfiguration

Figure 1. Autonomous Drone Swarm Governance Architecture. The system implements a multi-layer authority-governed autonomy framework in which mission objectives are translated into swarm-level decisions through a mission authority node and a distributed governance layer. Each drone operates as an independently governed autonomy node using SATA-based trust evaluation, HMAA authority computation, and CARA recovery enforcement. Local trust and status information are continuously propagated upward, enabling swarm-level trust aggregation and participation control. When a drone experiences trust collapse due to sensor inconsistency or adversarial interference, its authority is reduced or revoked, triggering isolation and recovery behaviors while the remaining agents dynamically reconfigure to maintain mission continuity.

Mission Objectives / Operator IntentGlobal mission goals and constraints

↓

Mission Authority NodeSwarm-level authority decisions and coordination policies

↓

Swarm Governance LayerDistributed trust aggregation, agent validation, participation control

↓

Per-Drone Governance NodesSATA trust evaluation, HMAA authority control, CARA recovery logic

↓

Drone Flight ControllersCommand execution constrained by authority and safety conditions

Dual-Layer Governance Model

Each drone continuously evaluates its own sensor trust and computes a local authority level. These local states are transmitted to the mission authority node, which evaluates swarm-wide conditions and determines whether individual drones may continue participating, must operate under constrained authority, or must be removed from the active mission.

Local Governance

Determines whether a specific drone can safely act based on its own sensor trust and authority state

Mission Governance

Determines whether a drone should continue contributing to the swarm based on fleet-wide trust conditions

Compromised Agent Response

Sensor inconsistency or adversarial input triggers trust collapse on the affected drone
HMAA reduces or revokes local authority for the compromised drone
Mission authority node removes or restricts the drone's participation in the swarm
Remaining drones dynamically reconfigure roles and formation
CARA recovery initiates safe-hover, return-safe, or landing behavior on the isolated drone

Swarm Experimental Program

Compromised Drone Isolation: Inject GPS spoofing on one drone. Measure trust collapse, authority revocation, swarm exclusion, and role redistribution among remaining agents.
Swarm Degradation Under RF Loss: Remove multiple drones from communication. Measure mission continuity and objective reduction under reduced authority.
False Consensus Defense: One drone reports incorrect position or threat data. Evaluate cross-agent trust disagreement detection and influence suppression.
Recovery and Reintegration: Restore trust in a previously compromised drone. Measure controlled reintroduction under constrained participation before full authority restoration.

This platform demonstrates that authority-governed autonomy is not limited to individual systems, but can regulate coordinated autonomous teams operating under uncertainty, adversarial interference, and partial system compromise. The approach proposes a framework for swarm governance in which autonomy is continuously conditioned on trust, authority, and recovery state rather than assumed by default.

Research Summary

The proposed swarm governance platform extends authority-governed autonomy from single-agent systems to coordinated multi-agent environments. Each drone executes a local governance stack (SATA-HMAA-CARA) to evaluate sensor trust, compute authority levels, and enforce recovery behavior. These local authority states are integrated through a swarm governance layer that performs distributed trust aggregation and mission-level decision-making.

Unlike conventional swarm architectures that assume reliable participation of all agents, this system introduces trust-conditioned participation, where each drone's role in the mission is continuously evaluated and dynamically constrained. Compromised or unreliable agents are automatically isolated, while the swarm adapts by redistributing tasks among trusted drones. The architecture supports both degradation and recovery, enabling agents to be reintegrated under constrained authority once trust is restored.

"This work introduces authority-governed swarm autonomy, where each agent's participation is dynamically controlled based on trust, authority, and recovery state rather than assumed coordination."

This architecture addresses a critical gap in current autonomous systems, where multi-agent coordination lacks formal mechanisms for trust-aware participation control and structured recovery under adversarial conditions.

Electrical Design

System Schematic

Full electrical schematic showing flight controller, AI companion computer, sensor, actuator, power, and module interconnections. Color-coded by node type: blue (MCU), teal (Sensor), orange (Actuator), yellow (Power), green (Module), purple (Display).

HMAA-UAV full electrical schematic showing all component interconnections

Download Schematic (SVG) Download Full Blueprint (PDF)

Interactive Demonstration

Governance Simulation Environment

The HMAA-UAV simulation environment provides a controlled experimental platform for evaluating authority-governed flight autonomy under adversarial and degraded conditions. The simulator executes the complete SATA trust fusion, HMAA authority computation, command gating, and CARA recovery logic in real-time with configurable fault injection.

This simulation demonstrates executable validation of authority-governed autonomy rather than conceptual design alone. The simulation environment mirrors the real UAV hardware architecture, enabling direct transfer of validated governance behaviors from simulation to physical flight testing.

Adversarial Injection

GPS spoofing, GPS jamming, RF signal loss, motor cut, compound failures

Flight Governance

Real-time trust fusion, HMAA authority display, command gating, CARA recovery activation

Hardware-in-the-Loop

MAVLink / HIL bridge for Cube Orange+ and ArduPilot-PX4 workflow compatibility

Simulation Capabilities

Physics fidelityReal-time (~100 Hz) Environmental modelingWind, turbulence, gusts Sensor modelingIMU, GPS, LiDAR, barometer, optical flow Adversarial injectionGPS jam/spoof, RF loss, motor cut Authority enforcementSATA-HMAA-CARA full pipeline Multi-agent supportMAIVA swarm, fleet controls, Monte Carlo Hardware bridgeMAVLink HIL with Cube Orange+ Training moduleARIA operator certification scenarios

Experimental Simulation Environment (Research Use). This environment serves as a primary validation layer for testing authority transitions and recovery behaviors, enabling repeatable experimentation prior to real-world flight deployment.

Launch Governance Simulator Zenodo Record Repository

Sensor Trust

Sensor-Anchored Trust Assessment (SATA)

The UAV trust evaluation subsystem computes a continuous trust scalar from multi-sensor fusion across GPS, LiDAR, camera, IMU, barometer, optical flow, radar altimeter, and UWB inputs using weighted Dempster-Shafer belief functions with cross-sensor validation:

Trust(s_i) = weighted belief function with cross-sensor consistency checks, disagreement penalties, asymmetric decay (fast) and recovery (slow), and single-sensor veto capability

For UAV operations, trust fusion is critical because GPS spoofing can create false position confidence while visual odometry and UWB provide ground truth. The SATA engine cross-validates localization sources and penalizes inconsistencies, ensuring that spoofed GPS cannot maintain high trust when other sensors disagree.

Governance Model

Authority State Machine

A3: Full Flight Autonomy

All sensors trusted. Autonomous waypoint mission, full speed, full maneuver envelope. No operator input required.

A2: Restricted Flight

Partial trust degradation. Speed limits enforced, altitude ceiling reduced, conservative pathing only. Operator alerted.

A1: Minimal Flight

Significant trust loss. Hover-hold or slow reposition only. Operator supervision required for any flight command.

A0: Authority Revoked

Critical trust failure. CARA activates safe-land or return-safe protocol. All autonomous flight commands disabled.

Experimental Platform

Hardware Architecture

The UAV uses a dual-compute architecture separating flight control (Cube Orange+ autopilot) from AI governance (Jetson Orin NX), connected via MAVLink over UART.

Flight Controller

Cube Orange+ with ArduPilot/PX4: ESC control (DShot600), sensor fusion, GPS/IMU integration, RC receiver, kill switch

AI Companion Computer

NVIDIA Jetson Orin NX: SATA trust engine, HMAA authority, CARA recovery, camera/LiDAR processing, digital twin, ROS 2

Sensor Suite

RGB camera (CSI), thermal camera, LiDAR (Ethernet), dual GPS (CAN), BMP280 barometer, PMW3901 optical flow, radar altimeter, secondary IMU, UWB

Airframe and Power

500mm carbon fiber frame, 6S 8000mAh LiPo (22.2V), 15-inch props, 4x upgraded ESC/motors, inline 100A fuse, redundant power distribution, kill switch

Key Components

Component	Model	Purpose
Flight Controller	Cube Orange+	Autopilot, sensor fusion, ESC control
AI Companion	NVIDIA Jetson Orin NX	Governance engine, perception, ROS 2
LiDAR	Upgraded LiDAR Sensor	3D obstacle mapping (Ethernet)
Primary Camera	Upgraded RGB Camera	Visual perception (MIPI CSI-2)
Thermal Camera	Thermal Imaging Module	Night/adverse weather sensing
GPS (Primary)	Upgraded GPS (CAN)	Position and navigation
GPS (Secondary)	Secondary GPS Module	Redundant localization, cross-validation
Radar Altimeter	Radar Alt (CAN)	Precision altitude measurement
UWB Module	UWB Localization	Indoor/GPS-denied positioning
Communication	Telemetry Radio + WiFi	MAVLink telemetry, debug interface
Power	6S 8000mAh LiPo + PDB + BECs	22.2V propulsion, regulated avionics power

Platform Summary

Total components52 verified Electrical connections48 specified Mechanical assemblies49 specified Estimated platform cost~$4,200

Full BOM available as downloadable CSV.

Evidence

Validation Metrics

Hardware components integrated

Electrical connections defined

Mechanical assemblies specified

Adversarial flight experiments

Sensor modalities fused

~$4,200

Total platform cost

Research Methodology

Experimental Program

Five core experiments designed to validate trust-governed flight autonomy under adversarial and degraded conditions.

GPS Spoofing Governance: Inject false GPS signals. Measure GPS trust drop, cross-validation with visual odometry, authority A3 to A2 transition, and navigation mode switch.
Camera Occlusion Test: Partially block camera during waypoint mission. Verify vision confidence drop, trust fusion degradation, speed limit enforcement.
RF Communication Loss: Sever telemetry link. Verify RF trust collapse, authority reduction, CARA return-safe or hover-hold activation.
IMU/Sensor Disagreement: Inject IMU drift conflicting with GPS and optical flow. Measure cross-sensor inconsistency penalty and authority downgrade behavior.
Compound Failure (Critical): Simultaneous degraded vision + weak GPS + RF loss. Verify rapid authority collapse, CARA activation, controlled emergency landing.

Current Status

Project Status

System architecture design

Hardware specification (52 components)

Electrical wiring (48 connections)

Mechanical assembly (49 connections)

Bill of materials verified

Governance architecture specified

Experiment program defined

Hardware procurement and assembly

ArduPilot/ROS 2 integration

Flight testing and data collection

The platform design and specification are complete. Hardware procurement and implementation are currently underway.

Limitations: Flight testing currently planned for controlled indoor environments. Adversarial scenarios (GPS spoofing, RF jamming) primarily simulated during the initial experimental phase.

Open Research

Reproducible Research Artifacts

This project provides reproducible artifacts enabling researchers to replicate the authority-governed UAV experiments and system architecture. All documentation, schematics, and specifications are available for download.

System Design

Complete blueprint PDF, electrical schematic SVG, wiring connections JSON, mechanical assemblies JSON, system configuration

Hardware

52-component BOM with verified sources. All commercially available. Total cost approximately $4,200. Assembly guide included.

Experiment Protocol

5 defined experiments with fault injection procedures, expected authority transitions, and measurement requirements.

Metrics

Fused trust scores, per-sensor trust values, authority state transitions, recovery latency, flight command clamping data.

Resilience Engineering

Power Architecture

The UAV platform operates from a 6S LiPo battery (22.2V nominal) with regulated power distribution for compute, sensors, and motor controllers.

Primary Power

6S LiPo → Cube Orange+ autopilot power module → 5V BEC (Jetson Orin NX) → 3.3V regulated (sensors). ESCs powered directly from battery.

Safety & Failover

MAVLink failsafe triggers on governance authority loss. CARA GREP phases command RTL or land. Cube Orange+ maintains independent flight safety.

Security Architecture

Trust & Verification Chain

The UAV platform integrates SATA-HMAA-CARA governance with Cube Orange+ autopilot safety systems via MAVLink/HIL bridge.

Governance Bridge

MAVLink/HIL bridge connects Jetson Orin NX governance engine to Cube Orange+ autopilot. Authority commands translated to MAVLink COMMAND_LONG.

Monte Carlo Validation

250 simulation runs across 5 adversarial scenarios. 6DOF physics engine with EKF2 navigation filter. Zero unsafe actions.

MAIVA Byzantine Consensus

Multi-agent integrity verification for swarm authority coordination. Byzantine fault tolerance (f<n/3) across mesh network.

Cost Analysis

Bill of Materials: ~$4,200

Subsystem	Cost	% of Total
Compute (Jetson Orin NX + Cube Orange+)	$1,200	29%
Sensors (GPS/GNSS + IMU + barometer + camera)	$450	11%
Airframe & Motors (frame + ESCs + propellers)	$850	20%
Communications (telemetry + RC + mesh radio)	$380	9%
Power (6S LiPo + BEC + power module)	$320	8%
Structure, wiring, connectors	$1,000	24%

52-component UAV platform with MAVLink/HIL integration. Estimated platform cost ~$4,200. All COTS components.

Specifications

Physical Specifications

Parameter	Value
Components	52 (Jetson Orin NX + Cube Orange+ autopilot)
Simulation runs	250 across 5 adversarial scenarios, zero unsafe actions
Physics engine	6DOF with EKF2 navigation filter
Governance pipeline	SATA → HMAA → CARA (with MAIVA for swarm)
Autopilot interface	MAVLink/HIL bridge to Cube Orange+
Power	6S LiPo (22.2V nominal)
BOM	~$4,200

Research Roadmap

Future Work

The HMAA-UAV extends the authority-governed autonomy research program from ground to aerial platforms.

Multi-UAV Swarm Governance

Distributed authority coordination across UAV fleet with trust-conditioned participation, compromised agent isolation, and dynamic reconfiguration

ADARA Integration

Adversarial deception detection for proactive authority adjustment during GPS spoofing attacks

FLAME Latency Windows

Deliberation windows for critical flight commands to prevent flash-escalation scenarios

Cross-Platform Governance

Unified authority framework governing rover + UAV + future platforms under single HMAA stack

Swarm Recovery and Reintegration

Controlled reintroduction of previously compromised drones under constrained participation before full authority restoration

Researcher

About This Project

This project is the second platform in the authority-governed autonomy research program by Burak Oktenli at Georgetown University (M.P.S. Applied Intelligence). It extends the SATA/HMAA/CARA governance architectures from ground vehicles to aerial platforms, demonstrating platform-independent authority governance. The next phase scales this architecture from single-UAV governance to multi-agent drone swarm authority coordination, where each drone's participation is conditioned on trust and recovery state.