The development of vehicle technologies such as connected and autonomous vehicle environments provide drivers with functions for convenience and safety that are highly capable of remote vehicle diagnosis or lane-keeping assistance. Unfortunately, despite impressive advantages for drivers, these functions also have various vulnerabilities that could lead to cyber-physical attacks on automotive Controller Area Networks (i.e., automotive CAN). To deal with these security issues, a multitude of issue-specific countermeasures have already been proposed. In this paper, we introduce existing research on automotive CAN attacks and evaluate several state-of-the-art countermeasures. Particularly, we provide a comprehensive adversary model for automotive CAN and classify existing countermeasures into four system categories: (1) preventative protection, (2) intrusion detection, (3) authentication, and (4) post-protection. From the extensive literature review, we attempt to summarize the security research regarding automotive CAN and identify open research directions for in-vehicle networks of autonomous vehicle.