Analysis estimates that more than 80% of all current innovations within vehicles are based on distributed electronic systems. Critical to the functionality and application domain of such systems are the services provided by the underlying distributed control networks. Current advances in control networking technology indicate that time-triggered architectures offer improvements in the deterministic behavior of such networks and as such make them particularly appropriate for safety- critical and real-time applications. This book presents novel work on the formal specification and formal verification of a new time-triggered protocol: ISO 11898-4 (draft), time triggered communication on Controller Area Network (TTCAN). TTCAN is based on the most widely adopted in-vehicle network - Controller Area Network (CAN). The formal verification research described has been conducted in parallel with the development of the International Standards Organisation TTCAN protocol specification.