An AUTOSAR-Aligned Architectural Study of Vulnerabilities in Automotive SoC Software

Cooperative, Connected and Automated Mobility (CCAM) are complex cyber-physical systems (CPS) that integrate computation, communication, and control in safety-critical environments. At their core, System-on-Chip (SoC) platforms consolidate processing units, communication interfaces, AI accelerators, and security modules into a single chip. AUTOSAR (AUTomotive Open System ARchitecture) standard was developed in the automotive domain to better manage this complexity, defining layered software structures and interfaces to facilitate reuse of HW/SW components. However, in practice, this integrated SoC software architecture still poses security challenges, particularly in real-time, safety-critical environments. Recent reports highlight a surge in SoC-related vulnerabilities, yet systematic analysis of their root causes and impact within AUTOSAR-aligned architectures is lacking. This study fills that gap by analyzing 180 publicly reported automotive SoC vulnerabilities, mapped to a representative SoC software architecture model that is aligned with AUTOSAR principles for layered abstraction and service orientation. We identify 16 root causes and 56 affected software modules, and examine mitigation delays across Common Weakness Enumeration (CWE) categories and architectural layers. We uncover dominant vulnerability patterns and critical modules with prolonged patch delays, and provide actionable insights for securing automotive CPS platforms, including guides for improved detection, prioritization, and localization strategies for SoC software architectures in SoC-based vehicle platforms.