Unmanned aerial vehicles (UAVs) face severe security threats—including covert attacks and zero-day exploit campaigns—when both ground stations and onboard software are simultaneously compromised. Method: This paper proposes a collaborative defense architecture built upon the seL4 microkernel, integrating software-defined isolation, lightweight runtime behavioral monitoring, and enhanced MAVLink protocol security mechanisms. Contribution/Results: To the best of our knowledge, this is the first solution enabling joint protection against dual-end compromise. The architecture is fully compatible with mainstream open-source flight controllers and legacy UAV platforms, requiring no modification to existing functional code for seamless deployment. Evaluated on real UAV hardware, the approach effectively blocks zero-day exploit attempts and covert channel attacks while significantly strengthening system-level defense-in-depth capabilities.

Unmanned aerial vehicles (UAVs) depend on untrusted software components to automate dangerous or critical missions, making them a desirable target for attacks. Some work has been done to prevent an attacker who has either compromised a ground control station or parts of a UAV's software from sabotaging the vehicle, but not both. We present an architecture running a UAV software stack with runtime monitoring and seL4-based software isolation that prevents attackers from both exploiting software bugs and utilizing stealthy attacks. Our architecture retrofits legacy UAVs and secures the popular MAVLink protocol, making wide adoption possible.