{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,14]],"date-time":"2026-03-14T17:55:14Z","timestamp":1773510914597,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":57,"publisher":"ACM","funder":[{"DOI":"10.13039\/501100001809","name":"National Natural Science Foundation of China","doi-asserted-by":"publisher","award":["62402225"],"award-info":[{"award-number":["62402225"]}],"id":[{"id":"10.13039\/501100001809","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2025,11,19]]},"DOI":"10.1145\/3719027.3765200","type":"proceedings-article","created":{"date-parts":[[2025,11,22]],"date-time":"2025-11-22T23:33:16Z","timestamp":1763854396000},"page":"3855-3869","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":1,"title":["Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction"],"prefix":"10.1145","author":[{"ORCID":"https:\/\/orcid.org\/0009-0005-6873-5710","authenticated-orcid":false,"given":"Ming","family":"Zhou","sequence":"first","affiliation":[{"name":"SCS, Nanjing University of Science and Technology, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0009-0002-8896-1203","authenticated-orcid":false,"given":"Xupu","family":"Hu","sequence":"additional","affiliation":[{"name":"SCS, Nanjing University of Science and Technology, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0144-889X","authenticated-orcid":false,"given":"Zhihao","family":"Wang","sequence":"additional","affiliation":[{"name":"Purple Mountain Laboratories, Nanjing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9665-7511","authenticated-orcid":false,"given":"Haining","family":"Wang","sequence":"additional","affiliation":[{"name":"ECE, Virginia Tech, Arlington, Virginia, USA"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-3786-3358","authenticated-orcid":false,"given":"Hui","family":"Wen","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6578-0680","authenticated-orcid":false,"given":"Limin","family":"Sun","sequence":"additional","affiliation":[{"name":"Institute of Information Engineering, CAS, Beijing, China"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9518-5914","authenticated-orcid":false,"given":"Peng","family":"Zhang","sequence":"additional","affiliation":[{"name":"SCS, Nanjing University of Science and Technology, Nanjing, China"}]}],"member":"320","published-online":{"date-parts":[[2025,11,22]]},"reference":[{"key":"e_1_3_2_2_1_1","unstructured":"National Security Agency. 2019. Ghidra. https:\/\/ghidra-sre.org\/."},{"key":"e_1_3_2_2_2_1","volume-title":"Photoplethysmography and its application in clinical physiological measurement. Physiological measurement","author":"Allen John","year":"2007","unstructured":"John Allen. 2007. Photoplethysmography and its application in clinical physiological measurement. Physiological measurement, Vol. 28, 3 (2007), R1."},{"key":"e_1_3_2_2_3_1","unstructured":"Android. 2025. A\/B (seamless) System Updates in Android Devices. https:\/\/source.android.com\/docs\/core\/ota\/ab."},{"key":"e_1_3_2_2_4_1","unstructured":"ARM. 2025. The Flash Patch and Breakpoint Unit (FPB) in ARM Cortex M3\/M4. https:\/\/developer.arm.com\/documentation\/ddi0337\/h\/debug\/about-the-flash-patch-and-breakpoint-unit-fpb-."},{"key":"e_1_3_2_2_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/1519065.1519085"},{"key":"e_1_3_2_2_6_1","unstructured":"Altran EESY Belgium. 2025. The PicoTCP Library. https:\/\/github.com\/tass-belgium\/picotcp."},{"key":"e_1_3_2_2_7_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.65"},{"key":"e_1_3_2_2_8_1","doi-asserted-by":"publisher","DOI":"10.5555\/3241189.3241287"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/INFCOM.2013.6566786"},{"key":"e_1_3_2_2_10_1","volume-title":"Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019","author":"Duan Ruian","year":"2019","unstructured":"Ruian Duan, Ashish Bijlani, Yang Ji, Omar Alrawi, Yiyuan Xiong, Moses Ike, Brendan Saltaformaggio, and Wenke Lee. 2019a. Automating Patching of Vulnerable Open-Source Software Versions in Application Binaries. In 26th Annual Network and Distributed System Security Symposium, NDSS 2019, San Diego, California, USA, February 24-27, 2019. The Internet Society, San Diego, CA, USA. https:\/\/www.ndss-symposium.org\/ndss-paper\/automating-patching-of-vulnerable-open-source-software-versions-in-application-binaries\/"},{"key":"e_1_3_2_2_11_1","first-page":"277","volume-title":"Automatic Generation of Non-intrusive Updates for Third-Party Libraries in Android Applications. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019","author":"Duan Yue","year":"2019","unstructured":"Yue Duan, Lian Gao, Jie Hu, and Heng Yin. 2019b. Automatic Generation of Non-intrusive Updates for Third-Party Libraries in Android Applications. In 22nd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2019). USENIX Association, Chaoyang District, Beijing, 277-292. https:\/\/www.usenix.org\/conference\/raid2019\/presentation\/duan"},{"key":"e_1_3_2_2_12_1","unstructured":"Espressif. 2025a. A\/B Method with Over The Air Updates (OTA) in Espressif Systems. https:\/\/docs.espressif.com\/projects\/esp-idf\/en\/latest\/esp32\/api-reference\/system\/ota.html."},{"key":"e_1_3_2_2_13_1","unstructured":"Espressif. 2025b. ESP-IDF. https:\/\/idf.espressif.com\/."},{"key":"e_1_3_2_2_14_1","unstructured":"Nicolas Falliere Liam O Murchu Eric Chien et al. 2011. W32. stuxnet dossier. White paper symantec corp. security response Vol. 5 6 (2011) 29."},{"key":"e_1_3_2_2_15_1","unstructured":"GigaDevice. 2025. GD32VF103 has 4 harfware breakpoints. 45-46. https:\/\/www.gigadevice.com.cn\/Public\/Uploads\/uploadfile\/files\/20240403\/GD32VF103_Datasheet_Rev1.9.pdf."},{"key":"e_1_3_2_2_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/APSEC.2012.55"},{"key":"e_1_3_2_2_17_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2008.31"},{"key":"e_1_3_2_2_18_1","unstructured":"Red Hat. 2025. Introducing kpatch: Dynamic Kernel Patching. https:\/\/www.redhat.com\/de\/blog\/introducing-kpatch-dynamic-kernel-patching."},{"key":"e_1_3_2_2_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/2629460"},{"key":"e_1_3_2_2_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2011.101"},{"key":"e_1_3_2_2_21_1","first-page":"2225","volume-title":"RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In 31st USENIX Security Symposium (USENIX Security 22)","author":"He Yi","year":"2022","unstructured":"Yi He, Zhenhua Zou, Kun Sun, Zhuotao Liu, Ke Xu, Qian Wang, Chao Shen, Zhi Wang, and Qi Li. 2022. RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. In 31st USENIX Security Symposium (USENIX Security 22). USENIX Association, Boston, MA, 2225-2242. https:\/\/www.usenix.org\/conference\/usenixsecurity22\/presentation\/he-yi"},{"key":"e_1_3_2_2_22_1","volume-title":"Lightweight Framework for Runtime Updating of C-Based Software in Embedded Systems. In 5th Workshop on Hot Topics in Software Upgrades, HotSWUp'13","author":"Holmbacka Simon","year":"2013","unstructured":"Simon Holmbacka, Wictor Lund, S\u00e9bastien Lafond, and Johan Lilius. 2013. Lightweight Framework for Runtime Updating of C-Based Software in Embedded Systems. In 5th Workshop on Hot Topics in Software Upgrades, HotSWUp'13, San Jose, CA, USA, June 28, 2013, Cristian Cadar and Jeff Foster (Eds.). USENIX Association, San Jose, CA, USA. https:\/\/www.usenix.org\/conference\/hotswup13\/workshop-program\/presentation\/holmbacka"},{"key":"e_1_3_2_2_23_1","unstructured":"JSOF. 2025. Ripple20: 19 Zero-Day Vulnerabilities Amplified by the Supply Chain. https:\/\/www.jsof-tech.com\/ripple20\/."},{"key":"e_1_3_2_2_24_1","unstructured":"Foresout Research Labs. 2020. AMNESIA:33 \u2013 Forescout Research Labs discovered 33 vulnerabilities impacting millions of IoT OT and IT devices. https:\/\/www.forescout.com\/resources\/amnesia33-research-report-executive-summary\/."},{"key":"e_1_3_2_2_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE43902.2021.00067"},{"key":"e_1_3_2_2_26_1","doi-asserted-by":"publisher","DOI":"10.1145\/3468264.3468580"},{"key":"e_1_3_2_2_27_1","volume-title":"Proceedings of the 2009 Conference on USENIX Annual Technical Conference","author":"Makris Kristis","unstructured":"Kristis Makris and Rida A. Bazzi. 2009. Immediate multi-threaded dynamic software updates using stack reconstruction. In Proceedings of the 2009 Conference on USENIX Annual Technical Conference (San Diego, California) (USENIX'09). USENIX Association, USA, 31."},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1272996.1273031"},{"key":"e_1_3_2_2_29_1","unstructured":"MbedTLS. 2025. Mbed TLS. https:\/\/github.com\/Mbed-TLS\/mbedtls."},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/3510003.3510147"},{"key":"e_1_3_2_2_31_1","unstructured":"MITRE. 2025. CVE Website. https:\/\/www.cve.org\/."},{"key":"e_1_3_2_2_32_1","doi-asserted-by":"publisher","DOI":"10.5555\/647478.727796"},{"key":"e_1_3_2_2_33_1","volume-title":"HERA: Hotpatching of Embedded Real-time Applications.","author":"Niesler Christian","year":"2021","unstructured":"Christian Niesler, Sebastian Surminski, and Lucas Davi. 2021. HERA: Hotpatching of Embedded Real-time Applications.. In NDSS. The Internet Society, Virtual."},{"key":"e_1_3_2_2_34_1","doi-asserted-by":"crossref","unstructured":"NVD. 2018. CVE-2018-16601. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2018-16601.","DOI":"10.5465\/AMBPP.2018.16601abstract"},{"key":"e_1_3_2_2_35_1","volume-title":"Proceedings of the 2009 Conference on USENIX Annual Technical Conference","author":"Panta Rajesh Krishna","unstructured":"Rajesh Krishna Panta, Saurabh Bagchi, and Samuel P. Midkiff. 2009. Zephyr: efficient incremental reprogramming of sensor nodes using function call indirections and difference computation. In Proceedings of the 2009 Conference on USENIX Annual Technical Conference (San Diego, California) (USENIX'09). USENIX Association, USA, 32."},{"key":"e_1_3_2_2_36_1","volume-title":"Proceedings of the 32nd USENIX Conference on Security Symposium","author":"Narayan Rajput Prashant Hari","year":"2023","unstructured":"Prashant Hari Narayan Rajput, Constantine Doumanidis, and Michail Maniatakos. 2023. ICSPatch: automated vulnerability localization and non-intrusive hotpatching in industrial control systems using data dependence graphs. In Proceedings of the 32nd USENIX Conference on Security Symposium (Anaheim, CA, USA) (SEC '23). USENIX Association, USA, Article 384, 16 pages."},{"key":"e_1_3_2_2_37_1","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2010.112"},{"key":"e_1_3_2_2_38_1","first-page":"651","volume-title":"14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20)","author":"Rommel Florian","year":"2020","unstructured":"Florian Rommel, Christian Dietrich, Birte Friesel, Marcel K\u00f6ppen, Christoph Borchert, Michael M\u00fcller, Olaf Spinczyk, and Daniel Lohmann. 2020. From Global to Local Quiescence: Wait-Free Code Patching of Multi-Threaded Processes. In 14th USENIX Symposium on Operating Systems Design and Implementation (OSDI 20). USENIX Association, USA, 651-666. https:\/\/www.usenix.org\/conference\/osdi20\/presentation\/rommel"},{"key":"e_1_3_2_2_39_1","doi-asserted-by":"publisher","DOI":"10.1145\/3658644.3690255"},{"key":"e_1_3_2_2_40_1","unstructured":"Amazon Web Services. 2025a. Amazon FreeRTOS. https:\/\/aws.amazon.com\/freertos\/."},{"key":"e_1_3_2_2_41_1","unstructured":"Amazon Web Services. 2025b. AWS IoT Over the Air (OTA). https:\/\/www.freertos.org\/ota\/index.html."},{"key":"e_1_3_2_2_42_1","unstructured":"Amazon Web Services. 2025c. FreeRTOS idle task. https:\/\/www.freertos.org\/Documentation\/02-Kernel\/02-Kernel-features\/01-Tasks-and-co-routines\/15-Idle-task."},{"key":"e_1_3_2_2_43_1","unstructured":"STMicroelectronics. 2025. STM32CubeFunctionPack_PLCWIFI. https:\/\/github.com\/yisea123\/STM32CubeFunctionPack_PLCWIFI1_V1.0.1\/tree\/master."},{"key":"e_1_3_2_2_44_1","unstructured":"SUSE. 2025. Live patching the Linux kernel using kGraft. https:\/\/documentation.suse.com\/sles\/12-SP5\/html\/SLES-all\/cha-kgraft.html."},{"key":"e_1_3_2_2_45_1","doi-asserted-by":"publisher","DOI":"10.1109\/ETFA.2014.7005075"},{"key":"e_1_3_2_2_46_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDEW.2011.5767631"},{"key":"e_1_3_2_2_47_1","doi-asserted-by":"publisher","DOI":"10.1145\/1656437.1656440"},{"key":"e_1_3_2_2_48_1","unstructured":"WolfSSL. 2025. WolfSSL Embedded SSL\/TLS Library. https:\/\/www.wolfssl.com\/."},{"key":"e_1_3_2_2_49_1","first-page":"2397","volume-title":"Automatic Hot Patch Generation for Android Kernels. In 29th USENIX Security Symposium (USENIX Security 20)","author":"Xu Zhengzi","year":"2020","unstructured":"Zhengzi Xu, Yulong Zhang, Longri Zheng, Liangzhao Xia, Chenfu Bao, Zhi Wang, and Yang Liu. 2020. Automatic Hot Patch Generation for Android Kernels. In 29th USENIX Security Symposium (USENIX Security 20). USENIX Association, Boston, MA, USA, 2397-2414. https:\/\/www.usenix.org\/conference\/usenixsecurity20\/presentation\/xu"},{"key":"e_1_3_2_2_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/3597503.3623342"},{"key":"e_1_3_2_2_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/3650212.3652108"},{"key":"e_1_3_2_2_52_1","unstructured":"Zephyr. 2025a. Over-the-Air Update in Zephyr OS. https:\/\/docs.zephyrproject.org\/latest\/services\/device_mgmt\/ota.html."},{"key":"e_1_3_2_2_53_1","unstructured":"Zephyr. 2025b. Zephyr OS. https:\/\/www.zephyrproject.org\/."},{"key":"e_1_3_2_2_54_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSME.2017.15"},{"key":"e_1_3_2_2_55_1","doi-asserted-by":"publisher","DOI":"10.1145\/3627703.3650068"},{"key":"e_1_3_2_2_56_1","volume-title":"Embedded Systems Handbook","author":"Zurawski Richard","unstructured":"Richard Zurawski. 2018. Embedded Systems Handbook., CRC press, Boca Raton."},{"key":"e_1_3_2_2_57_1","unstructured":"Zynamics. 2022. BinDiff Homepage. https:\/\/www.zynamics.com\/."}],"event":{"name":"CCS '25: ACM SIGSAC Conference on Computer and Communications Security","location":"Taipei Taiwan","acronym":"CCS '25","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3719027.3765200","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,12,22]],"date-time":"2025-12-22T22:16:44Z","timestamp":1766441804000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3719027.3765200"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,19]]},"references-count":57,"alternative-id":["10.1145\/3719027.3765200","10.1145\/3719027"],"URL":"https:\/\/doi.org\/10.1145\/3719027.3765200","relation":{},"subject":[],"published":{"date-parts":[[2025,11,19]]},"assertion":[{"value":"2025-11-22","order":3,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}