New Security Architecture for Software-Defined Vehicles

Software-defined vehicles (SDVs) represent the next evolution in the automotive industry. They enable flexible features, rapid updates, and innovative services. However, this shift also introduces new risks: today’s vehicles contain more than 100 million lines of code – each vulnerability can serve as an entry point for cyberattacks. Attacks on seemingly harmless systems, such as infotainment or radio, can escalate to safety-critical components. Closing security gaps often takes days or even weeks.

Dynamic Task Migration

ShiftGuard is a distributed, security-aware mechanism that migrates critical tasks, such as engine control, from a compromised Electronic Control Unit (ECU) to a trusted ECU without additional hardware and without stopping the vehicle.

The system continuously evaluates the security level of each task and the trust score of every ECU, making migration decisions within milliseconds. For example, if an infotainment component is compromised, other high-critical software tasks on the same ECU may become unsafe. ShiftGuard detects the attack and relocates the high-critical task to a trusted control unit.

Smart Software Instead of Extra Hardware

Hardware experiments show that task migration decisions take 13 to 17 milliseconds on a small CAN-based setup. Large-scale simulations report a migration success rate between 76% and 100% for networks with up to 70 ECUs.

Unlike traditional approaches, ShiftGuard requires no redundant hardware or backup instances. It combines security metrics with real-time scheduling, delivering a flexible and cost-efficient solution for the automotive industry.

With ShiftGuard, manufacturers can bridge the gap between an attack and the deployment of a security update – without compromising vehicle safety or functionality. This innovation marks a significant contribution by TUM to the resilience of software-defined vehicles and the security of connected mobility.