Modern automotive CAN networks face emerging security threats due to functional expansion and enhanced interconnectivity, yet conventional Hardware-in-the-Loop (HIL) testbeds lack support for timing-sensitive attack injection and real-time validation of controller-proximate defense mechanisms. This paper proposes a reconfigurable FPGA-based HIL framework integrating real-time CAN bus simulation, ECU behavioral modeling, internal signal observability, and fine-grained attack injection. It enables, for the first time, end-to-end functional and performance validation of intrusion detection/prevention systems (IDS/IPS), domain-specific hardware accelerators, and software-hardware co-deployment strategies. Unlike traditional approaches, the framework supports deployment near the CAN controller, reducing detection latency by 6.3× and eliminating dependence on proprietary hardware. Consequently, it significantly enhances the flexibility, fidelity, and practicality of automotive cybersecurity countermeasure evaluation.

Complex electronic control unit (ECU) architectures, software models and in-vehicle networks are consistently improving safety and comfort functions in modern vehicles. However, the extended functionality and increased connectivity introduce new security risks and vulnerabilities that can be exploited on legacy automotive networks such as the controller area network (CAN). With the rising complexity of vehicular systems and attack vectors, the need for a flexible hardware-in-the-loop (HIL) test fixture that can inject attacks and validate the performance of countermeasures in near-real-world conditions in real time is vital. This paper presents an FPGA-based HIL framework tailored towards validating network security approaches (IDS, IPS) and smart integration strategies of such capabilities for an automotive CAN bus. FAV-NSS replicates an actual vehicular system environment with functional ECUs and network infrastructure on an FPGA, allowing functional validation of IDS/IPS algorithms, accelerator designs and integration schemes (software task on ECU, dedicated accelerator). To show the efficacy of FAV-NSS, we evaluate an IDS accelerator integration problem, both as a traditional coupled accelerator (to the ECU), and secondly close to the CAN controller (mimicking an extended CAN controller). We show that the latter strategy can be fully validated by our framework, which would otherwise require integration of specialised CAN modules into otherwise standard HIL fixtures with ability to instrument internal signals for characterising timing performance. The tests demonstrate a promising latency reduction of 6.3x when compared to the traditional coupled accelerator. Our case study demonstrates the potential of FAV-NSS for accelerating the optimisation, integration and verification of smart ECUs and communication controllers in current and future vehicular systems.