{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:55:15Z","timestamp":1773510915654,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":50,"publisher":"ACM","license":[{"start":{"date-parts":[[2024,4,22]],"date-time":"2024-04-22T00:00:00Z","timestamp":1713744000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"NSFC","award":["V1640354653903"],"award-info":[{"award-number":["V1640354653903"]}]},{"name":"MIIT","award":["0747236ISCCZA193"],"award-info":[{"award-number":["0747236ISCCZA193"]}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2024,4,22]]},"DOI":"10.1145\/3627703.3650068","type":"proceedings-article","created":{"date-parts":[[2024,4,18]],"date-time":"2024-04-18T06:28:28Z","timestamp":1713421708000},"page":"1192-1207","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Save the Bruised Striver: A Reliable Live Patching Framework for Protecting Real-World PLCs"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6873-5710","authenticated-orcid":false,"given":"Ming","family":"Zhou","sequence":"first","affiliation":[{"name":"School of Cyber Science and Engineering, Nanjing University of Science and Technology and visiting Virginia Tech"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-4174-3009","authenticated-orcid":false,"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Virginia Tech"}]},{"ORCID":"https:\/\/orcid.org\/0009-0001-2539-4531","authenticated-orcid":false,"given":"Ke","family":"Li","sequence":"additional","affiliation":[{"name":"NARI Group Corporation State Grid, Electric Power Research Institute"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3720-7403","authenticated-orcid":false,"given":"Hongsong","family":"Zhu","sequence":"additional","affiliation":[{"name":"School of Cyber Security, University of Chinese Academy of Sciences; Institute of Information Engineering, CAS"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2745-7521","authenticated-orcid":false,"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"School of Cyber Security, University of Chinese Academy of Sciences; Institute of Information Engineering, CAS"}]}],"member":"320","published-online":{"date-parts":[[2024,4,22]]},"reference":[{"key":"e_1_3_2_1_1_1","unstructured":"ARM. 2021. About the Flash Patch and Breakpoint Unit (FPB). https:\/\/developer.arm.eom\/documentation\/ddi0337\/h\/debug\/about-the-flash-patch-and-breakpoint-unit--fpb- (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_2_1","unstructured":"ARM. 2021. The EmbeddedICE-RT macrocell. https:\/\/developer.arm.com\/documentation\/ddi0234\/b\/debugging-your-system\/the-embeddedice-rt-macrocell (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_3_1","volume-title":"4th ACM European Conference on Computer Systems (EuroSys). ACM","author":"Arnold Jeff","unstructured":"Jeff Arnold and M. Frans Kaashoek. 2009. Ksplice: automatic rebootless kernel updates. In 4th ACM European Conference on Computer Systems (EuroSys). ACM, Nuremberg, Germany, 187--198."},{"key":"e_1_3_2_1_4_1","volume-title":"Industrial Cybersecurity: Security Solutions from Plant to Enterprise. https:\/\/www.rockwellautomation.com\/en-ua\/capabilities\/industrial-securityhtml (visited on 03\/01\/2022).","author":"Automation Rockwell","year":"2021","unstructured":"Rockwell Automation. 2021. Industrial Cybersecurity: Security Solutions from Plant to Enterprise. https:\/\/www.rockwellautomation.com\/en-ua\/capabilities\/industrial-securityhtml (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_5_1","unstructured":"Rockwell Automation. 2021. Release Notes for ControlLogix Controllers. htps:\/\/compatibility.rockwellautomation.com\/GeneratedReleaseNote.aspx?v1=54988&v2=55442&o=&pdf=0 (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_6_1","volume-title":"Firmware Counterfeiting and Modification Attacks on Programmable Logic Controllers. Master's thesis","author":"Basnight Zachary H.","unstructured":"Zachary H. Basnight. 2013. Firmware Counterfeiting and Modification Attacks on Programmable Logic Controllers. Master's thesis. Air Force Institute of Technology (USAF)."},{"key":"e_1_3_2_1_7_1","unstructured":"Paige Beach. 2017. ABB Jokab Safety Pluto safety PLC features hot-swap capabilities for in-the-field replacement. https:\/\/www.designworldonline.com\/abb-jokab-safety-pluto-safety-plc-features-hot-swap-capabilities-field-replacement\/ (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_8_1","volume-title":"IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In 23rd Annual Network and Distributed System Security Symposium (NDSS). The Internet Society","author":"Chen Jiongyi","year":"2018","unstructured":"Jiongyi Chen, Wenrui Diao, Qingchuan Zhao, Chaoshun Zuo, Zhiqiang Lin, XiaoFeng Wang, Wing Cheong Lau, Menghan Sun, Ronghai Yang, and Kehuan Zhang. 2018. IoTFuzzer: Discovering Memory Corruptions in IoT Through App-based Fuzzing. In 23rd Annual Network and Distributed System Security Symposium (NDSS). The Internet Society, San Diego, CA, USA, 1--14."},{"key":"e_1_3_2_1_9_1","volume-title":"InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. In 25th Annual Network and Distributed System Security Symposium (NDSS). Internet Society","author":"Chen Yaohui","year":"2018","unstructured":"Yaohui Chen, Yuping Li, Long Lu, Yueh-Hsun Lin, Hayawardh Vijayakumar, Zhi Wang, and Xinming Ou. 2018. InstaGuard: Instantly Deployable Hot-patches for Vulnerable System Programs on Android. In 25th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego, California, USA, 1--15."},{"key":"e_1_3_2_1_10_1","volume-title":"Adaptive Android Kernel Live Patching. In 26th USENIX Security Symposium. USENIX Association","author":"Chen Yue","year":"2017","unstructured":"Yue Chen, Yulong Zhang, Zhi Wang, Liangzhao Xia, Chenfu Bao, and Tao Wei. 2017. Adaptive Android Kernel Live Patching. In 26th USENIX Security Symposium. USENIX Association, Vancouver, BC, Canada, 1253--1270."},{"key":"e_1_3_2_1_11_1","volume-title":"Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium. USENIX Association","author":"Corteggiani Nassim","year":"2018","unstructured":"Nassim Corteggiani, Giovanni Camurati, and Aur\u00e9lien Francillon. 2018. Inception: System-Wide Security Testing of Real-World Embedded Systems Software. In 27th USENIX Security Symposium. USENIX Association, Baltimore, MD, USA, 309--326."},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/3173162.3177157"},{"key":"e_1_3_2_1_13_1","volume-title":"Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In 28th USENIX Security Symposium. USENIX Association","author":"Dong Ying","year":"2019","unstructured":"Ying Dong, Wenbo Guo, Yueqi Chen, Xinyu Xing, Yuqing Zhang, and Gang Wang. 2019. Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. In 28th USENIX Security Symposium. USENIX Association, Santa Clara, CA, USA, 869--885."},{"key":"e_1_3_2_1_14_1","volume-title":"Timing-based Side Channel Analysis for Anomaly Detection in the Industrial Control System Environment. Master's thesis","author":"Dunlap Stephen J.","unstructured":"Stephen J. Dunlap. 2013. Timing-based Side Channel Analysis for Anomaly Detection in the Industrial Control System Environment. Master's thesis. Air Force Institute of Technology (USAF)."},{"key":"e_1_3_2_1_15_1","unstructured":"Schneider Electric. 2021. Cybersecurity Solutions. htps:\/\/www secom\/ww\/en\/work\/solutions\/cybersecurity (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.14722\/ndss.2016.23185"},{"key":"e_1_3_2_1_17_1","volume-title":"2nd International Conference on Software Engineering (ICSE). IEEE Computer Society","author":"Fabry Robert S.","year":"1976","unstructured":"Robert S. Fabry. 1976. How to design a system in which modules can be changed on the fly. In 2nd International Conference on Software Engineering (ICSE). IEEE Computer Society, San Francisco, CA, USA, 470--476."},{"key":"e_1_3_2_1_18_1","volume-title":"Detecting Safety and Security Faults in PLC Systems with Data Provenance. In 2019 IEEE International Symposium on Technologies for Homeland Security (HST). IEEE","author":"Farooq Abdullah Al","year":"2019","unstructured":"Abdullah Al Farooq, Jessica Marquard, Kripa George, and Thomas Moyer. 2019. Detecting Safety and Security Faults in PLC Systems with Data Provenance. In 2019 IEEE International Symposium on Technologies for Homeland Security (HST). IEEE, Woburn, MA, USA, 1--6."},{"key":"e_1_3_2_1_19_1","volume-title":"24th Annual Network and Distributed System Security Symposium (NDSS). Internet Society","author":"Garcia Luis A.","unstructured":"Luis A. Garcia, Ferdinand Brasser, Mehmet H. Cintuglu, Ahmad-Reza Sadeghi, Osama Mohammed, and Saman A. Zonouz. 2017. Hey, My Malware Knows Physics! Attacking PLCs with Physical Model Aware Rootkit. In 24th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, San Diego, CA, USA, 1--15."},{"key":"e_1_3_2_1_20_1","unstructured":"Red Hat. 2014. Introducing kpatch: Dynamic Kernel Patching. https:\/\/www.redhat.com\/en\/blog\/introducing-kpatch-dynamic-kernel-patching (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_21_1","volume-title":"RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In 31st USENIX Security Symposium. USENIX Association","author":"He Yi","year":"2022","unstructured":"Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. 2022. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In 31st USENIX Security Symposium. USENIX Association, Boston, MA, USA, 2225--2242."},{"key":"e_1_3_2_1_22_1","unstructured":"Jim Keniston Prasanna S Panchamukhi and Masami Hiramatsu. 2022. Kernel Probes (Kprobes). https:\/\/www.kernel.org\/doc\/Documentation\/kprobes.txt (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-021-09055-1"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1109\/32.60317"},{"key":"e_1_3_2_1_25_1","volume-title":"Ernst","author":"McCamant Stephen","year":"2003","unstructured":"Stephen McCamant and Michael D. Ernst. 2003. Predicting problems caused by component upgrades. In 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering. ACM, Helsinki, Finland, 287--296."},{"key":"e_1_3_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.14722\/bar.2018.23017"},{"key":"e_1_3_2_1_27_1","volume-title":"J. Urrea, and Alex Pease.","author":"Mulder J.","year":"2012","unstructured":"J. Mulder, M. Schwartz, M. Berg, Jonathan Van Houten, J. Urrea, and Alex Pease. 2012. Reverse engineering industrial control system field devices. Technical Report. Sandia National Laboratories."},{"key":"e_1_3_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/2523649.2523679"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1109\/ASE.2013.6693078"},{"key":"e_1_3_2_1_30_1","volume-title":"HERA: Hotpatching of Embedded Real-time Applications. In 28th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, Virtual Event, 1--16","author":"Niesler Christian","year":"2021","unstructured":"Christian Niesler, Sebastian Surminski, and Lucas Davi. 2021. HERA: Hotpatching of Embedded Real-time Applications. In 28th Annual Network and Distributed System Security Symposium (NDSS). Internet Society, Virtual Event, 1--16."},{"key":"e_1_3_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.fsidi.2021.301196"},{"key":"e_1_3_2_1_32_1","volume-title":"VUzzer: Application-aware Evolutionary Fuzzing. In 22nd Annual Network and Distributed System Security Symposium (NDSS). The Internet Society","author":"Rawat Sanjay","year":"2017","unstructured":"Sanjay Rawat, Vivek Jain, Ashish Kumar, Lucian Cojocar, Cristiano Giufrida, and Herbert Bos. 2017. VUzzer: Application-aware Evolutionary Fuzzing. In 22nd Annual Network and Distributed System Security Symposium (NDSS). The Internet Society, San Diego, CA, USA, 1--14."},{"key":"e_1_3_2_1_33_1","unstructured":"F-Secure Labs Security Response. 2016. BLACKENERGY and QUEDAGH: the convergence of crimeware and APT attacks. Technical Report. F-Secure."},{"key":"e_1_3_2_1_34_1","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation (OSDI). USENIX Association, Virtual Event, 651--666","author":"Rommel Florian","year":"2020","unstructured":"Florian Rommel, Christian Dietrich, Peng Huang, Daniel Friesel, Sangeetha Abdu Jyothi, Karan Grover, Marcel K\u00f6ppen, Nina Narodytska, Muthian Sivathanu, Christoph Borchert, et al. 2020. From Global to Local Quiescence: Wait-Free Code Patching of Multi-Threaded Processes. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI). USENIX Association, Virtual Event, 651--666."},{"key":"e_1_3_2_1_35_1","volume-title":"2015 Industrial Control System Security (ICSS) Workshop. ACM","author":"Rrushi Julian","year":"2015","unstructured":"Julian Rrushi, Hassan Farhangi, Clay Howey, Kelly Carmichael, and Joey Dabell. 2015. A quantitative evaluation of the target selection of havex ics malware plugin. In 2015 Industrial Control System Security (ICSS) Workshop. ACM, Los Angeles, CA, USA, 1--5."},{"key":"e_1_3_2_1_36_1","unstructured":"Phil Salkie. 2017. Legacy Industrial Control Systems - Secure \/ Replace \/ Ignore? Technical Report. Jenariah Industrial Automation. https:\/\/static1.squarespace.com\/static\/5047a5a6e4b0dcecada15549\/t\/5ff8ca2ff96b3c097b38b7ec\/1610140229707\/Legacy+Industrial+Control+Systems+-+Salkie (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_37_1","volume-title":"Programmable Logic Controller Modification Attacks for Use in Detection Analysis. Master's thesis","author":"Schuett Carl D.","unstructured":"Carl D. Schuett. 2014. Programmable Logic Controller Modification Attacks for Use in Detection Analysis. Master's thesis. Air Force Institute of Technology (USAF), Wright-Patterson Air Force Base, Ohio."},{"key":"e_1_3_2_1_38_1","volume-title":"Atkins","author":"Schwartz Moses D.","year":"2010","unstructured":"Moses D. Schwartz, John Mulder, Jason Trent, and William D. Atkins. 2010. Control system devices: architectures and supply channels overview. Technical Report. Sandia National Laboratories."},{"key":"e_1_3_2_1_39_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.199735"},{"key":"e_1_3_2_1_40_1","unstructured":"Siemens. 2021. Cybersecurity at Siemens. https:\/\/new.siemens.com\/global\/en\/company\/topic-areas\/cybersecurity.html (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_41_1","unstructured":"Siemens Product Support. 2020. Which modules can you replace with S7-1500 running? https:\/\/support.industry.siemens.com\/cs\/document\/109744698\/which-modules-can-you-replace-with-s7-1500-running-?dti=0&lc=en-WW (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_42_1","unstructured":"SUSE. 2014. SUSE Linux Enterprise Live Patching. https:\/\/www.suse.com\/products\/live-patching\/ (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDEW.2011.5767631"},{"key":"e_1_3_2_1_44_1","doi-asserted-by":"publisher","DOI":"10.1145\/1656437.1656440"},{"key":"e_1_3_2_1_45_1","unstructured":"Thomas Weber. 2021. Reverse Engineering Architecture And Pinout of Custom Asics. https:\/\/sec-consult.com\/blog\/detail\/reverse-engineering-architecture-pinout-plc\/ (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"publisher","DOI":"10.1038\/474142a"},{"key":"e_1_3_2_1_47_1","unstructured":"Wikipedia. 2022. Colonial Pipeline Ransomware Attack. htps:\/\/en.wikipedia.org\/wiki\/Colonial_Pipeline_ransomware_attack (visited on 03\/01\/2022)."},{"key":"e_1_3_2_1_48_1","volume-title":"29th USENIX Security Symposium. USENIX Association, Virtual Event, 2397--2414","author":"Xu Zhengzi","year":"2020","unstructured":"Zhengzi Xu, Yulong Zhang, Longri Zheng, Liangzhao Xia, Chenfu Bao, Zhi Wang, and Yang Liu. 2020. Automatic hot patch generation for android kernels. In 29th USENIX Security Symposium. USENIX Association, Virtual Event, 2397--2414."},{"key":"e_1_3_2_1_49_1","volume-title":"PatchScope: Memory Object Centric Patch Diffing. In 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, Virtual Event, 149--165","author":"Zhao Lei","year":"2020","unstructured":"Lei Zhao, Yuncong Zhu, Jiang Ming, Yichen Zhang, Haotian Zhang, and Heng Yin. 2020. PatchScope: Memory Object Centric Patch Diffing. In 2020 ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, Virtual Event, 149--165."},{"key":"e_1_3_2_1_50_1","unstructured":"Zynamics. 2021. BinDiff Homepage. https:\/\/www.zynamics.com\/(visited on 03\/01\/2022)."}],"event":{"name":"EuroSys '24: Nineteenth European Conference on Computer Systems","location":"Athens Greece","acronym":"EuroSys '24","sponsor":["SIGOPS ACM Special Interest Group on Operating Systems"]},"container-title":["Proceedings of the Nineteenth European Conference on Computer Systems"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627703.3650068","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3627703.3650068","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T01:13:44Z","timestamp":1755825224000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3627703.3650068"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,4,22]]},"references-count":50,"alternative-id":["10.1145\/3627703.3650068","10.1145\/3627703"],"URL":"https:\/\/doi.org\/10.1145\/3627703.3650068","relation":{},"subject":[],"published":{"date-parts":[[2024,4,22]]},"assertion":[{"value":"2024-04-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}