Advancing Security in Software-Defined Vehicles: A Comprehensive Survey and Taxonomy
Khaoula Sghaier, Badis Hammi, Ghada Gharbi, Pierre Merdrignac, Pierre Parrend, Didier Verna
TL;DR
SDVs replace hardware-centric paradigms with software-defined architectures that enable OTA-driven lifecycles and cloud-connected services, expanding the attack surface. The paper develops a layered threat model and a novel SDV-specific taxonomy that maps concrete exploit techniques to SDV properties and attack paths. It analyzes enabling technologies (central HPC, AI, OTA, V2X) and distinguishes SDVs from traditional vehicles, highlighting how software-centricity raises cybersecurity stakes. Recommendations emphasize secure-by-design OTA protocols, standardized evaluation benchmarks, and regulatory alignment to ensure resilience across the SDV ecosystem.
Abstract
Software-Defined Vehicles (SDVs) introduce innovative features that extend the vehicle's lifecycle through the integration of outsourced applications and continuous Over-The-Air (OTA) updates. This shift necessitates robust cybersecurity and system resilience. While research on Connected and Autonomous Vehicles (CAV) has been extensive, there is a lack of clarity in distinguishing SDVs from non-SDVs and a need to consolidate cybersecurity research. SDVs, with their extensive connectivity, have a broader attack surface. Besides, their software-centric nature introduces additional vulnerabilities. This paper provides a comprehensive examination of SDVs, detailing their ecosystem, enabling technologies, and the principal cyberattack entry points that arise from their architectural and operational characteristics. We also introduce a novel, layered taxonomy that maps concrete exploit techniques onto core SDV properties and attack paths, and use it to analyze representative studies and experimental approaches.