🤖 AI Summary
Software-Defined Vehicles (SDVs) face unprecedented cybersecurity risks and resilience challenges due to deep integration of third-party applications, continuous over-the-air (OTA) updates, and pervasive connectivity—exceeding those of conventional vehicles. Existing research predominantly addresses connected and autonomous vehicles (CAVs) without explicitly distinguishing SDV-specific characteristics or systematically analyzing novel attack surfaces introduced by their software-centric, service-decoupled architecture.
Method: We propose a novel, layered SDV-specific attack taxonomy that uniquely maps concrete attack techniques to core SDV attributes—including programmability, remote upgradability, and service decoupling—as well as multi-dimensional attack vectors. Our methodology combines systematic literature review, taxonomic analysis, case studies, and evaluation of experimental defense mechanisms.
Contribution: This work establishes the first comprehensive SDV cybersecurity research framework spanning ecosystem, architecture, and threat dimensions, providing a foundational theoretical basis and systematic reference for advancing both offensive and defensive technologies in the SDV domain.
📝 Abstract
Software-Defined Vehicles (SDVs) introduce innovative features that extend the vehicle's lifecycle through the integration of outsourced applications and continuous Over-The-Air (OTA) updates. This shift necessitates robust cybersecurity and system resilience. While research on Connected and Autonomous Vehicles (CAV) has been extensive, there is a lack of clarity in distinguishing SDVs from non-SDVs and a need to consolidate cybersecurity research. SDVs, with their extensive connectivity, have a broader attack surface. Besides, their software-centric nature introduces additional vulnerabilities. This paper provides a comprehensive examination of SDVs, detailing their ecosystem, enabling technologies, and the principal cyberattack entry points that arise from their architectural and operational characteristics. We also introduce a novel, layered taxonomy that maps concrete exploit techniques onto core SDV properties and attack paths, and use it to analyze representative studies and experimental approaches.