Part 2 — Automotive Software Security: Beyond Compliance, Toward Proof

From Checklists to Context

Regulations define what must exist.

Runtime intelligence proves whether it actually works.

Kodem’s research focuses on bridging that divide.

The Compliance Baseline

The next stage of maturity is runtime validation of each control.

Runtime Evidence as Compliance Currency

Kodem research across production fleets shows that most teams cannot differentiate between potential vulnerabilities and executed ones.

Using eBPF-based observability and memory correlation, runtime telemetry can demonstrate:

• Which vulnerable functions actually executed
• Which ECUs invoked unsafe calls
• Whether an update introduced exploitable behavior
• The mean remediation time from detection to deployment
  

Runtime data converts compliance from static documentation into verifiable proof.

Control Mapping, Revisited

From Secure Development to Executed Securely

Evidence-based security requires three data layers:

1. Static and Reachability Analysis – identifies exposed code paths
2. Runtime Analysis – confirms execution in production
3. Exploit Intelligence – maps observed behavior to adversary TTPs
   

Together they form a continuous validation loop for automotive software integrity.

Readiness Benchmarks for 2025

• TARA coverage for every ECU and connected service
• 100 % of updates cryptographically signed and telemetry-verified
• Vulnerabilities tracked until runtime confirmation of remediation
• Supplier modules continuously monitored within the CSMS boundary
• Unified evidence trail spanning safety and security systems
  

Research Directions

Current Kodem research focuses on:

• Efficient kernel-level sensors for embedded automotive OSs
• Cross-ECU exploit-chain reconstruction and memory forensics
• Automated compliance evidence pipelines aligned to R155 audits
  

SUMS adversarial simulation frameworks for OTA security testing

Conclusion

Regulation established the baseline.

Runtime proof defines leadership.

Kodem continues to investigate how runtime telemetry and exploit intelligence can provide measurable assurance that vehicle software executes securely.

References

• European Commission. (2024). Cyber Resilience Act: Product cybersecurity requirements for digital elements.
• International Organization for Standardization. (2021). ISO/SAE 21434: Road vehicles – Cybersecurity engineering.
• International Organization for Standardization. (2023). ISO 24089: Road vehicles – Software update engineering.
• National Highway Traffic Safety Administration. (2022). Cybersecurity best practices for the safety of modern vehicles (Report DOT HS 813 417).
• United Nations Economic Commission for Europe. (2021). UN Regulation No. 155: Cybersecurity and cybersecurity management system requirements.
• United Nations Economic Commission for Europe. (2021). UN Regulation No. 156: Software update processes and management systems.
• Verband der Automobilindustrie (VDA). (2023). Trusted Information Security Assessment Exchange (TISAX) Assessment Levels Guide.
• Kodem Research Team. (2025). Runtime intelligence and exploit-chain validation in connected automotive systems.