pith. sign in

arxiv: 2411.10612 · v4 · submitted 2024-11-15 · 💻 cs.CR · cs.OS

Contextualizing Security and Privacy of Software-Defined Vehicles: A Literature Review and Industry Perspectives

Marco De Vincenzi , Mert D. Pes\'e , Chiara Bodei , Ilaria Matteucci , Richard R. Brooks , Monowar Hasan , Andrea Saracino , Mohammad Hamad
show 1 more author
Sebastian Steinhorst
This is my paper

Pith reviewed 2026-05-23 16:48 UTC · model grok-4.3

classification 💻 cs.CR cs.OS
keywords software-defined vehiclessecurity frameworkprivacyliterature reviewautomotive cybersecuritymixed-criticalityV2X communicationintelligent transportation systems
0
0 comments X

The pith

A literature review and industry survey produce a security framework for software-defined vehicles that integrates mixed-criticality handling with layered defenses and privacy techniques.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper performs a systematic literature review alongside a questionnaire sent across the automotive supply chain to examine security and privacy issues in software-defined vehicles. It organizes findings around four research questions and extracts a security framework presented as a practical roadmap. The work stresses the need to manage mixed-criticality architectures, apply layered security, incorporate privacy-preserving methods, and align in-vehicle protections with cloud-based ones. A reader would care because rising software control in vehicles directly affects road safety, data privacy, and the reliability of connected transportation systems.

Core claim

Through a systematic literature review complemented by industry questionnaire responses, the analysis produces a security framework that serves as a roadmap for SDV protection. The framework calls for addressing mixed-criticality architectural challenges, deploying layered security mechanisms, integrating privacy-preserving techniques, and harmonizing in-vehicle and cloud-based defenses to strengthen cybersecurity and V2X resilience in Intelligent Transportation Systems.

What carries the argument

The security framework extracted from the literature review and questionnaire responses, which organizes defenses around mixed-criticality separation, layered mechanisms, privacy integration, and vehicle-cloud alignment.

If this is right

  • SDV architectures must separate safety-critical and non-critical functions to limit attack surfaces.
  • Multiple layers of security controls should be implemented at hardware, software, and network levels.
  • Privacy-preserving methods must be built into data collection and sharing processes.
  • In-vehicle security controls need to work together with cloud services for consistent protection.
  • V2X communication links require coordinated defenses to maintain resilience in intelligent transportation systems.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • The framework could serve as a template for automotive standards bodies seeking to update cybersecurity guidelines.
  • Testing the framework against real vehicle prototypes would reveal whether its layered approach scales under live attack conditions.
  • Extending the review to include quantitative risk metrics from recent incidents could strengthen the roadmap for future SDV generations.
  • The emphasis on harmonization points toward possible joint research between vehicle manufacturers and cloud providers on shared threat models.

Load-bearing premise

The papers chosen for the systematic literature review together with the questionnaire answers collected from the automotive supply chain form a sufficiently complete and representative foundation for building the security framework.

What would settle it

A new, widely confirmed SDV security breach or privacy failure that falls outside the framework's recommended measures or that industry experts in a follow-up survey say the framework does not adequately cover.

Figures

Figures reproduced from arXiv: 2411.10612 by Andrea Saracino, Chiara Bodei, Ilaria Matteucci, Marco De Vincenzi, Mert D. Pes\'e, Mohammad Hamad, Monowar Hasan, Richard R. Brooks, Sebastian Steinhorst.

Figure 1
Figure 1. Figure 1: Our review structure with the new software centric ecosystem with the [PITH_FULL_IMAGE:figures/full_fig_p004_1.png] view at source ↗
Figure 2
Figure 2. Figure 2: Literature review workflow schema. 2.2 Expert Elicitation IIn this paper, we used Expert Elicitation [25] to complement the literature review. While the review provided valuable insights, some aspects (e.g., RQ1 and RQ4) were underrepresented due to limited available resources. Expert Elicitation was chosen to fill these gaps by drawing on the specialized knowledge of domain experts, offering credible, det… view at source ↗
Figure 3
Figure 3. Figure 3: Experts’ answers for the definition section, where a rating of 1 indicates irrelevance and 5 indicates [PITH_FULL_IMAGE:figures/full_fig_p010_3.png] view at source ↗
Figure 4
Figure 4. Figure 4: Possible attack surfaces in SDV, including both legacy attack surfaces (S0-1, S0-2, and S0-3) and those specific to SDVs (S1-S6). • S3 - Supply-Chain Security: This involves vulnerabilities in both hardware [53] and soft￾ware components [74], including injecting malicious code into legitimate packages and manipulating the development environment during the build process. Attackers can also distribute compr… view at source ↗
Figure 5
Figure 5. Figure 5: The experts’ answers to the RQ1, where a rating of 1 indicates irrelevance and 5 indicates high relevance for SDV security. Criminals Activists States Competitors 0 20 40 60 80 100 0 9 0 0 9 27 20 27 27 27 20 45 36 18 20 9 27 18 40 18 Type of Threat Actor Percentage (%) Irrelevant Slightly Moderately Strongly Highly Relevant [PITH_FULL_IMAGE:figures/full_fig_p013_5.png] view at source ↗
Figure 6
Figure 6. Figure 6: Expert responses on the relevance of various attackers for SDV. [PITH_FULL_IMAGE:figures/full_fig_p013_6.png] view at source ↗
Figure 7
Figure 7. Figure 7: The experts’ answers to RQ2, where a rating of 1 indicates irrelevance and 5 indicates high relevance for SDV security. ensuring that security is continuously monitored throughout the software lifecycle [85, 91]. Trust￾worthiness scores (M9) serve as a metric to evaluate overall security of automotive software. This approach involves calculating a composite score based on various security factors, such as … view at source ↗
Figure 8
Figure 8. Figure 8: OTA literature review outcomes. solutions on OTA updates for SDVs explores edge-based approaches, where, contrary to the cloud￾based approach, where the software is provided by a central entity, the update process is carried out in a distributed manner using the edge nodes of the designed architecture. In particular, [84], [13] explore edge-based solutions to address issues such as network availability, ba… view at source ↗
Figure 9
Figure 9. Figure 9: Expert responses on the significance of security elements/properties in OTA updates. [PITH_FULL_IMAGE:figures/full_fig_p021_9.png] view at source ↗
Figure 10
Figure 10. Figure 10: Data collection and sanitization explained [PITH_FULL_IMAGE:figures/full_fig_p023_10.png] view at source ↗
Figure 11
Figure 11. Figure 11: Experts’ answers on privacy and data collection for [PITH_FULL_IMAGE:figures/full_fig_p026_11.png] view at source ↗
read the original abstract

The growing reliance on software in road vehicles has led to the emergence of Software-Defined Vehicles (SDV). This work analyzes SDV security and privacy through a systematic literature review complemented by an industry questionnaire across the automotive supply chain. The analysis is structured as four research questions and results in a security framework serving as a roadmap for SDV protection. The findings emphasize addressing mixed-criticality architectural challenges, deploying layered security mechanisms, and integrating privacy-preserving techniques. The results highlight the need to harmonize in-vehicle and cloud-based defenses to strengthen cybersecurity and V2X resilience in Intelligent Transportation Systems (ITS).

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

3 major / 1 minor

Summary. The paper conducts a systematic literature review (SLR) combined with an industry questionnaire across the automotive supply chain to analyze security and privacy issues in Software-Defined Vehicles (SDVs). Structured around four research questions, the work synthesizes findings into a proposed security framework intended as a roadmap, emphasizing mixed-criticality architectural challenges, layered security mechanisms, privacy-preserving techniques, and harmonization of in-vehicle and cloud-based defenses for improved cybersecurity and V2X resilience in Intelligent Transportation Systems.

Significance. If the SLR papers and questionnaire responses form a representative basis, the resulting framework could offer a useful synthesis of academic and industry perspectives on an emerging topic, providing a structured starting point for SDV protection strategies. The methodological combination of SLR and survey is standard and appropriate for contextualizing a fast-evolving domain.

major comments (3)
  1. [Abstract / Methods] Abstract and Methods (inferred from structure): No details are provided on search strategy, databases queried, search strings, inclusion/exclusion criteria, or number of papers screened/selected for the SLR. This directly undermines assessment of whether the synthesized framework rests on a complete and unbiased sample, as required for the central claim of a reliable roadmap.
  2. [Methods / Results] Questionnaire description (inferred from structure): The manuscript supplies no information on sample size, response rate, respondent demographics across supply-chain tiers, or analysis method for the industry responses. Without these, the claim that findings highlight the need to harmonize in-vehicle and cloud defenses cannot be evaluated for representativeness.
  3. [Framework / Discussion] Framework derivation (inferred from structure): The mapping from the four RQs and selected sources to the specific framework elements (mixed-criticality challenges, layered mechanisms, privacy techniques) is presented without explicit traceability or discussion of how contradictory or sparse evidence was handled, making the roadmap's grounding in the data unclear.
minor comments (1)
  1. [Abstract] The abstract states the analysis 'results in a security framework' but does not preview the four RQs or the framework's structure, reducing immediate clarity for readers.

Simulated Author's Rebuttal

3 responses · 0 unresolved

We thank the referee for the constructive feedback on methodological transparency. We address each major comment below and will incorporate revisions to strengthen the manuscript.

read point-by-point responses

  1. Referee: [Abstract / Methods] Abstract and Methods (inferred from structure): No details are provided on search strategy, databases queried, search strings, inclusion/exclusion criteria, or number of papers screened/selected for the SLR. This directly undermines assessment of whether the synthesized framework rests on a complete and unbiased sample, as required for the central claim of a reliable roadmap.

    Authors: We agree that the SLR protocol details were not sufficiently explicit. The revised manuscript will expand the Methods section with the full search strategy, queried databases (IEEE Xplore, ACM DL, ScienceDirect, SpringerLink, Google Scholar), exact search strings, inclusion/exclusion criteria, and a PRISMA flow diagram reporting screened, eligible, and included papers. revision: yes

  2. Referee: [Methods / Results] Questionnaire description (inferred from structure): The manuscript supplies no information on sample size, response rate, respondent demographics across supply-chain tiers, or analysis method for the industry responses. Without these, the claim that findings highlight the need to harmonize in-vehicle and cloud defenses cannot be evaluated for representativeness.

    Authors: We acknowledge the omission of questionnaire reporting details. The revision will add sample size, response rate, respondent demographics by supply-chain tier (OEMs, Tier-1/2 suppliers, software vendors), and the analysis approach (thematic coding of open responses) to enable evaluation of representativeness. revision: yes

  3. Referee: [Framework / Discussion] Framework derivation (inferred from structure): The mapping from the four RQs and selected sources to the specific framework elements (mixed-criticality challenges, layered mechanisms, privacy techniques) is presented without explicit traceability or discussion of how contradictory or sparse evidence was handled, making the roadmap's grounding in the data unclear.

    Authors: We agree that traceability from RQs and sources to framework elements requires clarification. The revised Discussion will include a mapping table linking each framework component to specific RQs, literature citations, and survey responses, plus explicit discussion of how contradictory findings or sparse evidence were addressed (e.g., flagged as future research needs). revision: yes

Circularity Check

0 steps flagged

No circularity: framework is explicit synthesis from external SLR and survey

full rationale

The paper performs a systematic literature review structured around four research questions plus an industry questionnaire, then synthesizes a security framework as a roadmap. No equations, fitted parameters, predictions, or derivations exist. The central claim is a qualitative synthesis whose validity rests on the completeness of the selected papers and responses (an external assumption, not a self-referential reduction). No self-citation chains, ansatzes, or renamings of known results are load-bearing for the framework itself. The derivation chain is therefore self-contained against external benchmarks.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 0 invented entities

The security framework is constructed via synthesis of reviewed literature and survey responses. No new free parameters, invented entities, or ad-hoc axioms are introduced beyond reliance on standard review methodology.

axioms (1)
  • domain assumption Established methods for conducting systematic literature reviews and industry questionnaires are suitable for synthesizing security and privacy knowledge in the automotive domain.
    The paper invokes these methods without providing custom justification or deviations from standard practice.

pith-pipeline@v0.9.0 · 5660 in / 1171 out tokens · 38671 ms · 2026-05-23T16:48:54.350440+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Reference graph

Works this paper leans on

145 extracted references · 145 canonical work pages

  1. [1]

    Abualhoul, Oyunchimeg Shagdar, and Fawzi Nashashibi

    Mohammad Y. Abualhoul, Oyunchimeg Shagdar, and Fawzi Nashashibi. 2016. Visible Light inter-vehicle Com- munication for platooning of autonomous vehicles. In 2016 IEEE Intelligent Vehicles Symposium (IV) . 508–513. https://doi.org/10.1109/IVS.2016.7535434

    work page doi:10.1109/ivs.2016.7535434 2016

  2. [2]

    Sam Abuelsamid. 2024. Stellantis Focuses On ABC As It Develops Software-Defined Vehicles. https://www.forbes. com/sites/samabuelsamid/2024/06/13/stellantis-focuses-on-abc-as-it-develops-software-defined-vehicles/. Last Contextualizing Security and Privacy of Software-Defined Vehicles: State of the Art and Industry Perspectives 29 accessed November 6, 2024

    work page 2024

  3. [3]

    Accenture. 2022. Moving into the Software-Defined Vehicle Fast Lane. https://www.accenture.com/content/dam/ accenture/final/industry/mobility/document/Accenture-Software-Defined-Vehicles-pov.pdf, Last accessed November 6, 2024

    work page 2022

  4. [4]

    ACM. 2024. ACM Digital Library. https://dl.acm.org/ Last accessed November 6, 2024

    work page 2024

  5. [5]

    Emad Aliwa, Omer Rana, Charith Perera, and Peter Burnap. 2021. Cyberattacks and Countermeasures for In-Vehicle Networks. ACM Comput. Surv. 54, 1, Article 21 (mar 2021), 37 pages. https://doi.org/10.1145/3431233

    work page doi:10.1145/3431233 2021

  6. [6]

    Allstate. 2024. Drivewise - Allstate. https://www.allstate.com/drive-wise/drivewise-device.aspx

    work page 2024

  7. [7]

    Allstate. 2024. Esurance Insurance Company. https://www.esurance.com/drivesense

    work page 2024

  8. [8]

    Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck. 2020. Dos and Don’ts of Machine Learning in Computer Security. CoRR abs/2010.09470 (2020). arXiv:2010.09470 https://arxiv.org/abs/2010.09470

    work page arXiv 2020

  9. [9]

    Nadarajah Asokan, Thomas Nyman, Norrathep Rattanavipanon, Ahmad-Reza Sadeghi, and Gene Tsudik. 2018. ASSURED: Architecture for secure software update of realistic embedded devices. IEEE Transactions on Computer- Aided Design of Integrated Circuits and Systems 37, 11 (2018), 2290–2300

    work page 2018

  10. [10]

    BBC. 2020. Trier: Five die as car ploughs through Germany pedestrian zone . https://www.bbc.com/news/world-europe- 55148518 Last accessed November 6, 2024

    work page 2020

  11. [11]

    Jan Becker. 2022. A Safety-Certified Automotive SDK to Enable Software-Defined Vehicles. InWorkshop Fahrerassistenz und automatisiertes Fahren. https://www.uni-das.de/images/pdf/fas-workshop/2022/FAS2022-12-Becker.pdf

    work page 2022

  12. [12]

    Giampaolo Bella and Pietro Biondi. 2023. Car Drivers’ Privacy Awareness and Concerns. (09 2023). https://doi.org/ 10.13140/RG.2.2.14411.98080

    work page doi:10.13140/rg.2.2.14411.98080 2023

  13. [13]

    Arpan Bhattacharjee, Hamza Mahmood, Sidi Lu, Nejib Ammar, Akila Ganlath, and Weisong Shi. 2023. Edge-Assisted Over-the-Air Software Updates. In 2023 IEEE 9th International Conference on Collaboration and Internet Computing (CIC). IEEE Computer Society, Los Alamitos, CA, USA, 18–27. https://doi.org/10.1109/CIC58953.2023.00013

    work page doi:10.1109/cic58953.2023.00013 2023

  14. [14]

    Tommaso Bianchi, Alessandro Brighente, Mauro Conti, and Andrea Valori. 2024. Your Car Tells Me Where You Drove: A Novel Path Inference Attack via CAN Bus and OBD-II Data. arXiv preprint arXiv:2407.00585 (2024)

    work page arXiv 2024

  15. [15]

    David Blanco, Frédéric Le Mouël, Trista Lin, and Marie-Pierre Escudié. 2023. A Comprehensive Survey on Software as a Service (SaaS) Transformation for the Automotive Systems. IEEE Access PP (01 2023), 1–1. https://doi.org/10. 1109/ACCESS.2023.3294256

    work page arXiv 2023

  16. [16]

    Chiara Bodei, Marco De Vincenzi, and Ilaria Matteucci. 2023. From Hardware-Functional to Software-Defined Vehicles and their Security Issues. In 2023 IEEE 21st International Conference on Industrial Informatics (INDIN) . 1–10. https://doi.org/10.1109/INDIN51400.2023.10217971

    work page doi:10.1109/indin51400.2023.10217971 2023

  17. [17]

    Molly Boigon. 2024. Software-defined vehicles are all the rage. Too bad they don’t exist yet . https://www. autonews.com/mobility-report/software-defined-vehicles-will-require-supply-chain-and-revenue-strategy-shifts https://www.autonews.com/mobility-report/software-defined-vehicles-will-require-supply-chain-and-revenue- strategy-shifts, Last accessed Nov...

    work page 2024

  18. [18]

    Nick Bondaug-Winn. 2023. Understanding the Impact of Autonomous Vehicles on Insurance Agencies . https:// www.hbwleads.com/blog/understanding-the-impact-of-autonomous-vehicles-on-insurance-agencies/, Last accessed November 6, 2024

    work page 2023

  19. [19]

    Andrew Booth, Anthea Sutton, and Diana Papaioannou. 2016. Systematic Approaches to a Successful Literature Review . SAGE Publications. https://books.google.com/books?id=JD1DCgAAQBAJ

    work page 2016

  20. [20]

    Bosch. 2023. Bosch software-defined vehicle. https://www.bosch-mobility.com/en/mobility-topics/software-defined- vehicle/. Last accessed November 6, 2024

    work page 2023

  21. [21]

    Christoph Bösch, Benjamin Erb, Frank Kargl, Henning Kopp, and Stefan Pfattheicher. 2016. Tales from the dark side: Privacy dark strategies and privacy dark patterns. Proceedings on Privacy Enhancing Technologies (2016)

    work page 2016

  22. [22]

    Siham Bouchelaghem, Abdelmadjid Bouabdallah, and Mawloud Omar. 2021. Autonomous Vehicle Security: Literature Review of Real Attack Experiments . 255–272. https://doi.org/10.1007/978-3-030-68887-5_15

    work page doi:10.1007/978-3-030-68887-5_15 2021

  23. [23]

    Yulong Cao, Ningfei Wang, Chaowei Xiao, Dawei Yang, Jin Fang, Ruigang Yang, Qi Alfred Chen, Mingyan Liu, and Bo Li. 2021. Invisible for both Camera and LiDAR: Security of Multi-Sensor Fusion based Perception in Autonomous Driving Under Physical-World Attacks. In 2021 IEEE Symposium on Security and Privacy (SP) . 176–194. https: //doi.org/10.1109/SP40001.2...

    work page doi:10.1109/sp40001.2021.00076 2021

  24. [24]

    Miller Charlie and Valasek Chris. 2015. Remote Exploitation of an Unaltered Passenger Vehicle. https://illmatics. com/Remote%20Car%20Hacking.pdf Last accessed November 6, 2024

    work page 2015

  25. [25]

    Abigail R Colson and Roger M Cooke. 2018. Expert elicitation: using the classical model to validate experts’ judgments . The University of Chicago Press

    work page 2018

  26. [26]

    Cookiebot. 2020. California Privacy Rights Act (CPRA): CCPA VS CPRA. https://www.cookiebot.com/en/cpra/ Last accessed November 6, 2024. 30 De Vincenzi et al

    work page 2020

  27. [27]

    Renesas Electronics Corporation. 2024. The Art of Networking Series 9: SDN - The Next Hype after Automotive Ethernet? https://www.renesas.com/en/blogs/art-networking-series-9-sdn-next-hype-after-automotive-ethernet, Last accessed November 6, 2024

    work page 2024

  28. [28]

    Gianpiero Costantino, Marco De Vincenzi, and Ilaria Matteucci. 2024. A vehicle firmware security vulnerability: an IVI exploitation. J. Comput. Virol. Hacking Tech. 20, 4 (2024), 681–696. https://doi.org/10.1007/S11416-024-00522-4

    work page doi:10.1007/s11416-024-00522-4 2024

  29. [29]

    Sam Curry. 2024. Hacking Kia: Remotely Controlling Cars With Just a License Plate . https://samcurry.net/hacking-kia, Last accessed November 6, 2024

    work page 2024

  30. [30]

    Cybersecurity and Infrastructure Security Agency (CISA). 2022. Vehicle Ramming: Security Awareness for Soft Targets and Crowded Places. https://www.cisa.gov, Last accessed November 6, 2024

    work page 2022

  31. [31]

    National Vulnerability Database. 2023. CVE-2023-1709: Vulnerability in [Vulnerable Product/Component]. https: //nvd.nist.gov/vuln/detail/CVE-2023-1709 Last accessed November 6, 2024

    work page 2023

  32. [32]

    Marco De Vincenzi, Chiara Bodei, and Ilaria Matteucci. 2023. Securing Automotive Ethernet: Design and Imple- mentation of Security Data Link Solutions. In 2023 20th ACS/IEEE International Conference on Computer Systems and Applications (AICCSA). 1–9. https://doi.org/10.1109/AICCSA59173.2023.10479353

    work page doi:10.1109/aiccsa59173.2023.10479353 2023

  33. [33]

    Marco De Vincenzi, Gianpiero Costantino, Ilaria Matteucci, Florian Fenzl, Christian Plappert, Roland Rieke, and Daniel Zelle. 2024. A Systematic Review on Security Attacks and Countermeasures in Automotive Ethernet. ACM Comput. Surv. 56, 6, Article 135 (Jan. 2024), 38 pages. https://doi.org/10.1145/3637059

    work page doi:10.1145/3637059 2024

  34. [34]

    Deloitte. 2023. Software-defined Vehicles. https://www2.deloitte.com/us/en/pages/consumer-business/articles/the- software-defined-vehicle-revolution.html. Last accessed November 6, 2024

    work page 2023

  35. [35]

    GM Developers. 2024. GM Developers. https://developer.gm.com/in-vehicle-apps Last accessed November 6, 2024

    work page 2024

  36. [36]

    Rinku Dewri, Prasad Annadata, Wisam Eltarjaman, and Ramakrishna Thurimella. 2013. Inferring trip destinations from driving habits data. In Proc. of the 12th ACM workshop on Workshop on privacy in the electronic society . 267–272

    work page 2013

  37. [37]

    Eaton. 2023. Toyota C360 Hack. https://eaton-works.com/2023/03/06/toyota-c360-hack/. Last accessed November 6, 2024

    work page 2023

  38. [38]

    Aya El-Fatyany, Xiaohang Wang, Parasara Duggirala, Samarjit Chakraborty, Sudeep Pasricha, and Amit Singh. 2024. Special Session: Emerging Architecture Design, Control, and Security Challenges in Software Defined Vehicles

    work page 2024

  39. [39]

    William Enck, Damien Octeau, Patrick D McDaniel, and Swarat Chaudhuri. 2011. A study of android application security.. In USENIX security symposium, Vol. 2

    work page 2011

  40. [40]

    Miro Enev, Alex Takakuwa, Karl Koscher, and Tadayoshi Kohno. 2016. Automobile driver fingerprinting. Proceedings on Privacy Enhancing Technologies (2016)

    work page 2016

  41. [41]

    European Parliament and Council of the European Union. 2016. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). http://data.eu...

    work page 2016

  42. [42]

    Saad Ezzini, Ismail Berrada, and Mounir Ghogho. 2018. Who is behind the wheel? Driver identification and finger- printing. Journal of Big Data 5, 1 (2018), 1–15

    work page 2018

  43. [43]

    State Farm. 2018. Drive Safe & Save™ – State Farm®. https://www.statefarm.com/insurance/auto/discounts/drive- safe-save, Last accessed November 6, 2024

    work page 2018

  44. [44]

    Ford. 2024. Ford Developer Marketplace. https://developer.ford.com/infotainment/in-vehicle-downloadable-apps Last accessed November 6, 2024

    work page 2024

  45. [45]

    Mozilla Foundation. 2023. ‘Privacy Nightmare on Wheels’. https://foundation.mozilla.org/en/blog/privacy-nightmare- on-wheels-every-car-brand-reviewed-by-mozilla-including-ford-volkswagen-and-toyota-flunks-privacy-test Last accessed November 6, 2024

    work page 2023

  46. [46]

    Xianyi Gao, Bernhard Firner, Shridatt Sugrim, Victor Kaiser-Pendergrast, Yulong Yang, and Janne Lindqvist. 2014. Elastic pathing: Your speed is enough to track you. In Proceedings of the 2014 ACM international joint conference on pervasive and ubiquitous computing . 975–986

    work page 2014

  47. [47]

    András Gazdag, Szilvia Lestyán, Mina Remeli, Gergely Ács, Tamás Holczer, and Gergely Biczók. 2023. Privacy pitfalls of releasing in-vehicle network data. Vehicular Communications 39 (2023), 100565

    work page 2023

  48. [48]

    Amrita Ghosal and Mauro Conti. 2020. Security issues and challenges in V2X: A survey. Computer Networks 169 (2020), 107093

    work page 2020

  49. [49]

    GlobeNewsWire. 2019. Daimler Partners with Otonomo to Provide Connected Car Customers with New Services while Delivering on the Promise of Data Privacy. https://www.globenewswire.com/news- release/2019/01/10/1685883/0/en/UPDATED-Daimler-Partners-with-Otonomo-to-Provide-Connected-Car- Customers-with-New-Services-while-Delivering-on-the-Promise-of-Data-Priv...

    work page 2019

  50. [50]

    Google Scholar. 2024. Google Scholar. https://scholar.google.com/ Last accessed November 6, 2024. Contextualizing Security and Privacy of Software-Defined Vehicles: State of the Art and Industry Perspectives 31

    work page 2024

  51. [51]

    Colin M Gray, Yubo Kou, Bryan Battles, Joseph Hoggatt, and Austin L Toombs. 2018. The dark (patterns) side of UX design. In Proceedings of the 2018 CHI conference on human factors in computing systems . 1–14

    work page 2018

  52. [52]

    BMW Group. 2017. BMW Group launches BMW CarData: new and innovative services for customers, safely and transparently. https://www.press.bmwgroup.com/global/article/detail/T0271366EN/bmw-group-launches- bmw-cardata:-new-and-innovative-services-for-customers-safely-and-transparently?language=en Last accessed November 6, 2024

    work page 2017

  53. [53]

    Ujjwal Guin, Ke Huang, Daniel DiMase, John M Carulli, Mohammad Tehranipoor, and Yiorgos Makris. 2014. Counter- feit integrated circuits: A rising threat in the global semiconductor supply chain. Proc. IEEE 102, 8 (2014), 1207–1228

    work page 2014

  54. [54]

    Subir Halder, Amrita Ghosal, and Mauro Conti. 2020. Secure over-the-air software updates in connected vehicles: A survey. Computer Networks 178 (2020), 107343

    work page 2020

  55. [55]

    Mohammad Hamad and Vassilis Prevelakis. 2017. Secure APIs for Applications in Microkernel-based Systems. In Proceedings of the 3rd International Conference on Information Systems Security and Privacy - Volume 1: ICISSP,. INSTICC, SciTePress, 553–558. https://doi.org/10.5220/0006265805530558

    work page doi:10.5220/0006265805530558 2017

  56. [56]

    Mohammad Hamad and Vassilis Prevelakis. 2020. SAVTA: A hybrid vehicular threat model: Overview and case study. Information 11, 5 (2020), 273

    work page 2020

  57. [57]

    Mona Helmy and Mohamed Mahmoud. 2023. Enhanced Multi-Level Secure Over-the-Air Update System using Adaptive AUTOSAR. In 2023 International Conference on Computer and Applications (ICCA) . 1–4. https://doi.org/10. 1109/ICCA59364.2023.10401797

    work page arXiv 2023

  58. [58]

    Kashmir Hill. 2024. General Motors quits sharing driving behavior with data brokers. https://www.nytimes.com/ 2024/03/22/technology/gm-onstar-driver-data.html

    work page 2024

  59. [59]

    Kashmir Hill. 2024. How G.M. Tricked Millions of Drivers Into Being Spied On (Including Me). N.Y. Times (April 2024). https://www.nytimes.com/2024/04/23/technology/general-motors-spying-driver-data-consent.html

    work page 2024

  60. [60]

    Honda. 2024. Honda Vehicles with Google built-in. https://automobiles.honda.com/google-built-in Last accessed November 6, 2024

    work page 2024

  61. [61]

    Lois Hoyal. 2024. Automakers forecast to earn tenfold more revenue from digital services. https://europe.autonews. com/automakers/why-software-defined-vehicles-offer-big-profit-potential, Last accessed November 6, 2024

    work page 2024

  62. [62]

    Jeremy Hsu. 2014. Toyota recalls 1.9 million prius hybrids over software flaw. IEEE Spectrum, Feb (2014)

    work page 2014

  63. [63]

    IBM. 2023. The Software Defined Vehicle - IBM Blog - Digitale Perspektive. https://www.ibm.com/blogs/digitale- perspektive/2023/06/the-software-defined-vehicle/. Last accessed November 6, 2024

    work page 2023

  64. [64]

    IEEEXplore. 2024. IEEE Xplore Library. https://ieeexplore.ieee.org/Xplore/home.jsp Last accessed November 6, 2024

    work page 2024

  65. [65]

    ISO. 2021. Road vehicles — Functional safety . Standard ISO 26262:2018. International Organization for Standardization, Geneva, CH. https://www.iso.org/standard/68383.html

    work page 2021

  66. [66]

    ISO. 2021. Road vehicles — Cybersecurity engineering . Standard ISO/SAE FDIS 21434:2021 Ed.1. International Organization for Standardization, Geneva, CH. https://www.iso.org/standard/70918.html

    work page 2021

  67. [67]

    Japan Today. 2019. 8 injured as man rams car into pedestrians in Harajuku in ’retaliation for exe- cution’. https://japantoday.com/category/crime/8-injured-as-man-rams-car-into-pedestrians-in-Harajuku-in- %27retaliation-for-execution%27 Last accessed November 6, 2024

    work page 2019

  68. [68]

    Boosun Jeon, Hongil Ju, Boheung Jung, Kyungtae Kim, and Duyeon Lee. 2019. A Study on Traffic Characteristics for Anomaly Detection of Ethernet-based IVN. In 2019 International Conference on Information and Communication Technology Convergence (ICTC). 951–953. https://doi.org/10.1109/ICTC46691.2019.8940022

    work page doi:10.1109/ictc46691.2019.8940022 2019

  69. [69]

    Gorkem Kar, Shubham Jain, Marco Gruteser, Jinzhu Chen, Fan Bai, and Ramesh Govindan. 2017. PredriveID: Pre-trip driver identification from in-vehicle data. In Proc. of the Second ACM/IEEE Symposium on Edge Computing . 1–12

    work page 2017

  70. [70]

    Kaspersky. 2024. Kaspersky survey: 71% of drivers would buy a car with less tech to protect their pri- vacy. https://usa.kaspersky.com/about/press-releases/2024_kaspersky-survey-71-of-drivers-would-buy-a-car- with-less-tech-to-protect-their-privacy Last accessed November 6, 2024

    work page 2024

  71. [71]

    Pearse Keane. 2024. The Software-Defined Vehicle: Impacts Across the Automotive Ecosystem . Jabil. https://www.jabil. com/blog/software-defined-vehicle.html, Last accessed November 6, 2024

    work page 2024

  72. [72]

    Casper Kessels. 2024. The state of Android Automotive in 2024 - Snapp Automotive. https://www.snappautomotive. io/blog/the-state-of-android-automotive-in-2024 Last accessed November 6, 2024

    work page 2024

  73. [73]

    Patrick Kingsley, Euan Ward, Ronen Bergman, and Michael Levenson. 2024. Exploding Pagers Targeting Hezbollah Kill 11 and Wound Thousands . https://www.nytimes.com/2024/09/17/world/middleeast/hezbollah-pager-explosions- lebanon.html, Last accessed November 6, 2024

    work page 2024

  74. [74]

    Piergiorgio Ladisa, Henrik Plate, Matias Martinez, and Olivier Barais. 2023. SoK: Taxonomy of Attacks on Open-Source Software Supply Chains. In 2023 IEEE Symposium on Security and Privacy (SP) . 1509–1526. https://doi.org/10.1109/ SP46215.2023.10179304

    work page arXiv 2023

  75. [75]

    Brooke Lampe and Weizhi Meng. 2023. Intrusion Detection in the Automotive Domain: A Comprehensive Review. IEEE Communications Surveys & Tutorials 25, 4 (2023), 2356–2426. https://doi.org/10.1109/COMST.2023.3309864 32 De Vincenzi et al

    work page doi:10.1109/comst.2023.3309864 2023

  76. [76]

    Aljoscha Lautenbach, Magnus Almgren, and Tomas Olovsson. 2021. Proposing HEAVENS 2.0–an automotive risk assessment model. In Proceedings of the 5th ACM Computer Science in Cars Symposium . 1–12

    work page 2021

  77. [78]

    Namcheol Lee, Seongsoo Hong, and Saehwa Kim. 2024. Dynamic Mapping of Mixed-Criticality Applications onto a Mixed-Criticality Runtime System with Probabilistic Guarantees. In 2024 IEEE 44th International Conference on Distributed Computing Systems (ICDCS) . IEEE, 1466–1467

    work page 2024

  78. [79]

    Ninghui Li, Tiancheng Li, and Suresh Venkatasubramanian. 2007. t-Closeness: Privacy Beyond k-Anonymity and l-Diversity. In 2007 IEEE 23rd International Conference on Data Engineering . 106–115. https://doi.org/10.1109/ICDE. 2007.367856

    work page doi:10.1109/icde 2007

  79. [80]

    Zongwei Liu, Wang Zhang, and Fuquan Zhao. 2018. Security and privacy for innovative automotive applications: A survey. Computer Communications 5 (2018), 17–41. https://doi.org/10.1016/j.comcom.2018.09.010

    work page doi:10.1016/j.comcom.2018.09.010 2018

  80. [82]

    Zongwei Liu, Wang Zhang, and Fuquan Zhao. 2022. Impact, Challenges and Prospect of Software-Defined Vehicles. Automotive Innovation 5 (2022), 180–194. https://doi.org/10.1007/s42154-022-00179-z

    work page doi:10.1007/s42154-022-00179-z 2022

Showing first 80 references.