Advancing Security in Software-Defined Vehicles: A Comprehensive Survey and Taxonomy

Software-Defined Vehicles (SDVs) introduce innovative features that extend the vehicle's lifecycle through the integration of outsourced applications and continuous Over-The-Air (OTA) updates. This shift necessitates robust cybersecurity and system resilience. While research on Connected and Autonomous Vehicles (CAV) has been extensive, there is a lack of clarity in distinguishing SDVs from non-SDVs and a need to consolidate cybersecurity research. SDVs, with their extensive connectivity, have a broader attack surface. Besides, their software-centric nature introduces additional vulnerabilities. This paper provides a comprehensive examination of SDVs, detailing their ecosystem, enabling technologies, and the principal cyberattack entry points that arise from their architectural and operational characteristics. We also introduce a novel, layered taxonomy that maps concrete exploit techniques onto core SDV properties and attack paths, and use it to analyze representative studies and experimental approaches.