azaion/gps-denied-onboard
1
0
Fork 0
mirror of https://github.com/azaion/gps-denied-onboard.git synced 2026-06-21 09:51:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revise acceptance criteria and restrictions documentation to clarify recent updates and specifications. Key changes include enhanced definitions for position accuracy, image processing quality, and operational parameters, as well as updates to camera specifications and validation requirements. This revision aims to improve clarity and ensure alignment with project goals.

Browse Source
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-05-01 16:24:46 +03:00
parent 3f173c1bb7
commit 7e15868d39
62 changed files with 6878 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
_docs/02_document/tests/security-tests.md
+62
View File
@@ -0,0 +1,62 @@
# Security Tests
### NFT-SEC-01: Signed Cache Manifest Enforcement
**Summary**: Validate that unsigned or tampered cache manifests cannot produce trusted anchors.
**Traces to**: AC-8.2, AC-8.3, AC-NEW-4, AC-NEW-7
| Step | Consumer Action | Expected Response |
|------|-----------------|-------------------|
| 1 | Provide valid signed manifest | System accepts cache fixture if all freshness and resolution checks pass |
| 2 | Provide unsigned manifest | System rejects cache fixture and logs security event |
| 3 | Provide hash-mismatched tile sidecar | System rejects affected tile and emits no trusted anchor from it |
**Pass criteria**: 0 unsigned or hash-mismatched fixtures produce `satellite_anchored` output or trusted generated tile promotion.
---
### NFT-SEC-02: Cache Poisoning Write Gate
**Summary**: Validate that generated onboard tiles are not written or promoted when parent-pose covariance is too weak.
**Traces to**: AC-8.4, AC-NEW-7
| Step | Consumer Action | Expected Response |
|------|-----------------|-------------------|
| 1 | Replay generated tile candidate with parent sigma <=3 m | Tile may be written as candidate with full quality metadata |
| 2 | Replay candidate with parent sigma in (3 m, 5 m] | Tile is marked lower trust per sidecar policy |
| 3 | Replay candidate with parent sigma >5 m | Tile is not eligible for write/promotion |
**Pass criteria**: Tile trust level and write eligibility match AC-NEW-7; no over-threshold tile becomes trusted basemap.
---
### NFT-SEC-03: MAVLink Source And Spoofing Rejection
**Summary**: Validate that spoofed real-GPS measurements and unauthorized MAVLink sources do not override trusted estimator state.
**Traces to**: AC-3.5, AC-4.3, AC-NEW-2, AC-NEW-8
| Step | Consumer Action | Expected Response |
|------|-----------------|-------------------|
| 1 | Inject spoofed `GPS_RAW_INT` during normal visual operation | Estimator rejects inconsistent GPS based on FC health and visual/satellite consistency |
| 2 | Inject spoofed GPS during visual blackout | Spoofed GPS remains excluded until health and visual consistency gates pass |
| 3 | Inject MAVLink messages from unauthorized source ID | Message is ignored and security/status event is logged |
**Pass criteria**: No unauthorized or spoofed input causes a confident position estimate; promotion/demotion status is visible to QGC and FDR.
---
### NFT-SEC-04: No In-Flight Satellite Provider Access
**Summary**: Validate that the runtime system does not call commercial or Suite satellite services during flight.
**Traces to**: AC-8.1, AC-8.3, Restrictions Satellite Imagery
| Step | Consumer Action | Expected Response |
|------|-----------------|-------------------|
| 1 | Run replay with network blocked | System continues using local cache |
| 2 | Run replay requiring missing tile | System reports degraded/relocalization-needed status, not an external fetch |
**Pass criteria**: 0 outbound satellite-provider or Suite Service calls during runtime; missing cache data produces controlled degraded behavior.