AUTOSAR as a systemic support for cybersecurity in Automotive

AUTOSAR as the ECU architecture standard in vehicles

AUTOSAR is a consortium that delivers a standardized architecture for devices included in the electronic systems of vehicles — ECU (Electronic Control Units). It supports a modular, layered, and component-based approach. While the architecture itself is open, specific tools for configuration and software development are commercial and subject to separate licensing. 

Support for popular network protocols

AUTOSAR also supports previously mentioned network protocols and standards (CAN / LIN / FlexRay / Ethernet). The architecture provides tools and methodologies for configuring and integrating software components within ECUs, allowing them to be integrated into increasingly complex and larger software subsystems.

These tools automate the generation of configuration files, software component mapping to hardware resources, and system consistency and compatibility verification.

To illustrate this, below you can find a diagram showing the layered approach proposed by AUTOSAR.

Source: https://www.autosar.org/fileadmin/standards/R22-11/CP/AUTOSAR_EXP_LayeredSoftwareArchitecture.pdf

Source: https://www.autosar.org/fileadmin/standards/R20-11/CP/AUTOSAR_SWS_SocketAdaptor.pdf

Source: https://medium.com/@dpk139/autosar-automotive-open-system-architecture-537aa3908f40

Security and protection features in AUTOSAR

At its highest level of abstraction, the AUTOSAR architecture distinguishes three software layers:

• Application Layer — includes the vehicle’s functional logic.
• Run-Time Environment (RTE) — implements AUTOSAR interfaces for a specific ECU. This separation enables AUTOSAR software components to remain independent of specific ECU hardware.
• Basic Software (BSW) — runs directly on the microcontroller.

The architecture also addresses security and safety requirements in automotive systems, providing dedicated guidelines, standards, and design mechanisms. It implements critical functions and modules for both safety-critical and security-critical domains. These include error handling, fault tolerance, security protocols, and safety controls.

Remote updates and rollback protection

It is particularly worth noting that AUTOSAR enables remote firmware updates (FOTA — Firmware Over-The-Air). This includes the use of network protocols present in the network stack (such as TLS), which comprehensively secure transmissions through encryption. Furthermore, rollback protection can be implemented to prevent downgrading to unsecured or vulnerable software versions.

Compliance with safety and security regulations

These mechanisms allow compliance with, among others, ISO 24089:202 standards and Regulation R156 — crucial in light of the growing regulatory demands in the automotive industry. AUTOSAR plays a key role as a standard in the development of automotive software systems, providing standardized and interoperable frameworks for the design, integration, and deployment of software components in modern vehicles. By promoting collaboration and standardization across the automotive industry, AUTOSAR contributes to improved quality, reliability, and efficiency in automotive software development.

Challenges of AUTOSAR implementation in practice

In conclusion, I would like to draw the reader’s attention to the fact that one might mistakenly assume that this system standard is easy to implement. Nothing could be further from the truth — the integration of layers and components proposed by AUTOSAR remains a significant challenge for engineers in the automotive sector, not only at the development stage but especially during full system integration.