With the development of the E/E architecture of Intelligent and Connected Vehicle (ICV), its core platform has gradually evolved into the hardware with a domain controller / central computing platform, as well as the Vehicle-Control Operating System (OS) and automated driving applications running on it. As a result, ICV will become a “data center” on wheels, and its information security and data security are becoming more and more important. It is necessary to establish an information security protection system with in-depth defense architecture and involve the security technologies of other industries into ICV by integration and innovation. In terms of data security, it is needed to build a security system around the dual lifecycle of automated driving and data processing. In addition, the challenge of automotive-grade requirements should be taken into consideration. We propose a data security architecture and product based on the Vehicle-Control OS to help ICV industry to accomplish the data security and privacy protections.