A Security Process for the Automotive Service-Oriented Software Architecture

The Automotive Service-Oriented software Architecture (ASOA) is a framework for the effective design, fast deployment, and efficient maintenance of automotive software architectures, facilitating reliable communication among loosely coupled services. It maintains a global view of functional units, allowing them to be updated, replaced, and reconnected so that road vehicles obtain or lose capabilities. While the ASOA lives up to expectations regarding reliability and real-time behavior, it lacks a security concept and, therefore, cannot be safely deployed in automotive systems. This work presents a security process to protect ASOA-based communication from compromise and prevent passenger harm. We propose annotating dataflows with security attributes in a web-based architecture design tool and introducing a central component responsible for converting the communication model into tokens securely distributed to ASOA services. They enable secure communication among components while preserving the desired loose coupling, a critical factor for cost-effective system maintainability. Moreover, we support shielded and technically constrained devices in a heterogeneous domain or zonal vehicle network. After formally verifying our token distribution protocol, we evaluate our security process in a self-driving vehicle and prove that it imposes only negligible overhead during operation.