An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

• URL: http://arxiv.org/abs/2510.07941v1
• Date: Thu, 09 Oct 2025 08:38:06 GMT
• Title: An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software
• Authors: Srijita Basu, Haraldsson Bengt, Miroslaw Staron, Christian Berger, Jennifer Horkoff, Magnus Almgren,
• Abstract summary: This study analyzes 180 publicly reported automotive System-on-Chip (SoC) vulnerabilities.<n>We identify 16 root causes and 56 affected software modules, and examine layered delays across Common Weaknession (CWE) categories and architectural layers.<n>We uncover dominant vulnerability patterns and critical modules with prolonged patch delays, and provide actionable insights for securing automotive CPS platforms.
• Score: 6.313369851991342
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Cooperative, Connected and Automated Mobility (CCAM) are complex cyber-physical systems (CPS) that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip (SoC) platforms consolidate processing units, communication interfaces, AI accelerators, and security modules into a single chip. AUTOSAR (AUTomotive Open System ARchitecture) standard was developed in the automotive domain to better manage this complexity, defining layered software structures and interfaces to facilitate reuse of HW/SW components. However, in practice, this integrated SoC software architecture still poses security challenges, particularly in real-time, safety-critical environments. Recent reports highlight a surge in SoC-related vulnerabilities, yet systematic analysis of their root causes and impact within AUTOSAR-aligned architectures is lacking. This study fills that gap by analyzing 180 publicly reported automotive SoC vulnerabilities, mapped to a representative SoC software architecture model that is aligned with AUTOSAR principles for layered abstraction and service orientation. We identify 16 root causes and 56 affected software modules, and examine mitigation delays across Common Weakness Enumeration (CWE) categories and architectural layers. We uncover dominant vulnerability patterns and critical modules with prolonged patch delays, and provide actionable insights for securing automotive CPS platforms, including guides for improved detection, prioritization, and localization strategies for SoC software architectures in SoC-based vehicle platforms.

Related papers

• Advancing Security in Software-Defined Vehicles: A Comprehensive Survey and Taxonomy [0.9482369543628089]
  Software-Defined Vehicles (SDVs) introduce innovative features that extend the vehicle's lifecycle through the integration of outsourced applications and continuous Over-The-Air updates.<n>This paper provides a comprehensive examination of SDVs, detailing their ecosystem, enabling technologies, and the principal cyberattack entry points that arise from their architectural and operational characteristics.
  arXiv  Detail & Related papers  (2025-10-08T17:03:58Z)
• Adaptive Cybersecurity Architecture for Digital Product Ecosystems Using Agentic AI [0.0]
  This study introduces autonomous goal driven agents capable of dynamic learning and context-aware decision making.<n> Behavioral baselining, decentralized risk scoring, and federated threat intelligence sharing are important features.<n>The architecture provides an intelligent and scalable blueprint for safeguarding complex digital infrastructure.
  arXiv  Detail & Related papers  (2025-09-25T00:43:53Z)
• A Survey on Cloud-Edge-Terminal Collaborative Intelligence in AIoT Networks [49.90474228895655]
  Cloud-edge-terminal collaborative intelligence (CETCI) is a fundamental paradigm within the artificial intelligence of things (AIoT) community.<n>CETCI has made significant progress with emerging AIoT applications, moving beyond isolated layer optimization to deployable collaborative intelligence systems.<n>This survey describes foundational architectures, enabling technologies, and scenarios of CETCI paradigms, offering a tutorial-style review for CISAIOT beginners.
  arXiv  Detail & Related papers  (2025-08-26T08:38:01Z)
• CANDoSA: A Hardware Performance Counter-Based Intrusion Detection System for DoS Attacks on Automotive CAN bus [45.24207460381396]
  This paper presents a novel Intrusion Detection System (IDS) designed for the Controller Area Network (CAN) environment.<n>A RISC-V-based CAN receiver is simulated using the gem5 simulator, processing CAN frame payloads with AES-128 encryption as FreeRTOS tasks.<n>Results indicate that this approach could significantly improve CAN security and address emerging challenges in automotive cybersecurity.
  arXiv  Detail & Related papers  (2025-07-19T20:09:52Z)
• Security Enclave Architecture for Heterogeneous Security Primitives for Supply-Chain Attacks [7.9837065464150685]
  This paper explores the range of obstacles encountered when building a unified security architecture capable of addressing multiple attack vectors.<n>We present a thorough evaluation of its impact on silicon area and power consumption across various ASIC technologies.
  arXiv  Detail & Related papers  (2025-07-15T04:28:02Z)
• Towards Mixed-Criticality Software Architectures for Centralized HPC Platforms in Software-Defined Vehicles: A Systematic Literature Review [1.94470674081983]
  We set up a systematic review protocol grounded in established guidelines.<n>Third, we extract key functional domains, constraints, and enabling technologies that drive changes in automotive SWAs.<n>We propose an exemplary SWA for a microprocessor-based system-on-chip.
  arXiv  Detail & Related papers  (2025-06-06T07:40:30Z)
• CyberGym: Evaluating AI Agents' Real-World Cybersecurity Capabilities at Scale [45.97598662617568]
  We introduce CyberGym, a large-scale benchmark featuring 1,507 real-world vulnerabilities across 188 software projects.<n>We show that CyberGym leads to the discovery of 35 zero-day vulnerabilities and 17 historically incomplete patches.<n>These results underscore that CyberGym is not only a robust benchmark for measuring AI's progress in cybersecurity but also a platform for creating direct, real-world security impact.
  arXiv  Detail & Related papers  (2025-06-03T07:35:14Z)
• Understanding the Changing Landscape of Automotive Software Vulnerabilities: Insights from a Seven-Year Analysis [2.0871483263418806]
  This paper presents a study on automotive vulnerabilities from 2018 to September 2024.<n>1,663 automotive software vulnerabilities were found to have been reported in the studied time frame.<n>Our study provides the platform to understand the automotive software weaknesses and loopholes and paves the way for identifying the phases in the software development lifecycle where the vulnerability was introduced.
  arXiv  Detail & Related papers  (2025-03-21T21:04:39Z)
• Skills Composition Framework for Reconfigurable Cyber-Physical Production Modules [44.99833362998488]
  This paper proposes a framework for skills' composition and execution in skill-based reconfigurable cyber-physical production modules. It is based on distributed Behavior trees (BTs) and provides good integration between low-level devices' specific code and AI-based task-oriented frameworks.
  arXiv  Detail & Related papers  (2024-05-22T12:56:05Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• SISSA: Real-time Monitoring of Hardware Functional Safety and Cybersecurity with In-vehicle SOME/IP Ethernet Traffic [49.549771439609046]
  We propose SISSA, a SOME/IP communication traffic-based approach for modeling and analyzing in-vehicle functional safety and cyber security. Specifically, SISSA models hardware failures with the Weibull distribution and addresses five potential attacks on SOME/IP communication. Extensive experimental results show the effectiveness and efficiency of SISSA.
  arXiv  Detail & Related papers  (2024-02-21T03:31:40Z)
• Towards an Interface Description Template for AI-enabled Systems [77.34726150561087]
  Reuse is a common system architecture approach that seeks to instantiate a system architecture with existing components. There is currently no framework that guides the selection of necessary information to assess their portability to operate in a system different than the one for which the component was originally purposed. We present ongoing work on establishing an interface description template that captures the main information of an AI-enabled component.
  arXiv  Detail & Related papers  (2020-07-13T20:30:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.