MAVLink protocol vulnerabilities arise from “legitimate but dangerous” message sequences—syntactically valid yet semantically harmful messages sent by compromised nodes—that undermine multi-UAV system safety. Method: This work introduces Refined Multiparty Session Types (R-MPST) to embedded aviation communication protocols for the first time, constructing a context-aware, temporally constrained semantic model of MAVLink. It formally models interaction intents and interface behaviors to enable static detection of illicit state transitions and runtime enforcement of safety policies. Results: Evaluation in representative UAV coordination scenarios demonstrates zero false positives, effective mitigation of attacks bypassing conventional interface validation, and a significant bridge between intent-level and interface-level semantics. This constitutes the first successful application of R-MPST to real-time aviation protocols, establishing a verifiable, high-assurance communication security enhancement paradigm for autonomous systems.

A compromised system component can issue message sequences that are perfectly legal while also leading the system itself into unsafe states. Such attacks are challenging to characterize, because message interfaces in standard languages define the individual messages possible but cannot express designers' intentions for how they should be used. We present initial results from ongoing work applying refined multiparty session types as a mechanism for expressing and enforcing proper message usage to exclude legal, but unsafe, sequences. We illustrate our approach by using refined multiparty session types to mitigate safety and security issues in the MAVLink protocol commonly used in UAVs.