{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,11]],"date-time":"2026-04-11T05:58:25Z","timestamp":1775887105110,"version":"3.50.1"},"reference-count":37,"publisher":"MDPI AG","issue":"7","license":[{"start":{"date-parts":[[2025,6,21]],"date-time":"2025-06-21T00:00:00Z","timestamp":1750464000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"National Key Research and Development Program of China (Project No. 2022YFB3104300).","award":["2022YFB3104300"],"award-info":[{"award-number":["2022YFB3104300"]}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Recent advances in technologies such as blockchain, the Internet of Things (IoT), Cyber\u2013Physical Systems (CPSs), and the Industrial Internet of Things (IIoT) have driven the digitalization and intelligent transformation of modern industries. However, embedded control devices within power system communication infrastructures have become increasingly susceptible to cyber threats due to escalating software complexity and extensive network exposure. We have seen that symmetric conventional patching techniques\u2014both static and dynamic\u2014often fail to satisfy the stringent requirements of real-time responsiveness and computational efficiency in resource-constrained environments of all kinds of power grids. To address this limitation, we have proposed a hardware-assisted runtime patching framework tailored for embedded systems in critical power system networks. Our method has integrated binary-level vulnerability modeling, execution-trace-driven fault localization, and lightweight patch synthesis, enabling dynamic, in-place code redirection without disrupting ongoing operations. By constructing a system-level instruction flow model, the framework has leveraged on-chip debug registers to deploy patches at runtime, ensuring minimal operational impact. Experimental evaluations within a simulated substation communication architecture have revealed that the proposed approach has reduced patch latency by 92% over static techniques, which are symmetrical in a working way, while incurring less than 3% CPU overhead. This work has offered a scalable and real-time model-driven defense strategy that has enhanced the cyber\u2013physical resilience of embedded systems in modern power systems, contributing new insights into the intersection of runtime security and grid infrastructure reliability.<\/jats:p>","DOI":"10.3390\/sym17070983","type":"journal-article","created":{"date-parts":[[2025,6,24]],"date-time":"2025-06-24T10:44:41Z","timestamp":1750761881000},"page":"983","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Research on a Secure and Reliable Runtime Patching Method for Cyber\u2013Physical Systems and Internet of Things Devices"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-9870-284X","authenticated-orcid":false,"given":"Zesheng","family":"Xi","sequence":"first","affiliation":[{"name":"State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology, State Grid Smart Grid Research Institute Co., Ltd., Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bo","family":"Zhang","sequence":"additional","affiliation":[{"name":"State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology, State Grid Smart Grid Research Institute Co., Ltd., Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0777-7918","authenticated-orcid":false,"given":"Aniruddha","family":"Bhattacharjya","sequence":"additional","affiliation":[{"name":"Department of Electronic Engineering, Tsinghua University, Beijing 100190, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0008-2260-5170","authenticated-orcid":false,"given":"Yunfan","family":"Wang","sequence":"additional","affiliation":[{"name":"State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology, State Grid Smart Grid Research Institute Co., Ltd., Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Chuan","family":"He","sequence":"additional","affiliation":[{"name":"State Grid Laboratory of Power Cyber-Security Protection and Monitoring Technology, State Grid Smart Grid Research Institute Co., Ltd., Nanjing 210003, China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,6,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Bhattacharjya, A., Kozdroj, K., Bazydlo, G., and Wisniewski, R. (2022). Trusted and Secure Blockchain-Based Architecture for Internet-of-Medical-Things. Electronics, 11.","DOI":"10.3390\/electronics11162560"},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Jeong, H., Baik, J., and Kang, K. (2017, January 5\u20138). Functional level hot-patching platform for executable and linkable format binaries. Proceedings of the 2017 IEEE International Conference on Systems, Man, and Cybernetics (SMC), Banff, AB, Canada.","DOI":"10.1109\/SMC.2017.8122653"},{"key":"ref_3","unstructured":"Bhattacharjya, A., Zhong, X., and Xing, L. (2020). Secure Hybrid RSA (SHRSA) based multilayered authenticated, efficient and End to End secure 6-layered personal messaging communication protocol. Digital Twin Technologies and Smart Cities, Internet of Things (IoT), Springer Nature. Available online: https:\/\/www.springer.com\/gb\/book\/9783030187316#aboutBook."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Ziems, N., and Wu, S. (2021, January 10\u201313). Security vulnerability detection using deep learning natural language processing. Proceedings of the IEEE INFOCOM 2021\u2014IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS), Vancouver, BC, Canada.","DOI":"10.1109\/INFOCOMWKSHPS51825.2021.9484500"},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Nweke, L.O. (2021). A survey of specification-based intrusion detection techniques for cyber-physical systems. Int. J. Adv. Comput. Sci. Appl., 5.","DOI":"10.14569\/IJACSA.2021.0120506"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"107328","DOI":"10.1016\/j.infsof.2023.107328","article-title":"A software vulnerability detection method based on deep learning with complex network analysis and subgraph partition","volume":"164","author":"Cai","year":"2023","journal-title":"Inf. Softw. Technol."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Gu, H., Shang, J., Wang, P., Mi, J., and Bhattacharjya, A. (2024). A Secure Protocol Authentication Method Based on the Strand Space Model for Blockchain-Based Industrial Internet of Things. Symmetry, 16.","DOI":"10.3390\/sym16070851"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Kumar, J.R.H., Bhargavramu, N., Durga, L.S.N., Nimmagadda, D., and Bhattacharjya, A. (2023, January 9\u201310). Blockchain Based Traceability in Computer Peripherals in Universities Scenarios. Proceedings of the 2023 3rd International Conference on Electronic and Electrical Engineering and Intelligent System (ICE3IS), Yogyakarta, Indonesia.","DOI":"10.1109\/ICE3IS59323.2023.10335420"},{"key":"ref_9","first-page":"63","article-title":"An end-to-end user two-way authenticated double encrypted messaging scheme based on hybrid RSA for the future internet architectures","volume":"10","author":"Bhattacharjya","year":"2018","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"ref_10","first-page":"418","article-title":"Hybrid RSA-based highly efficient, reliable and strong personal full mesh networked messaging scheme","volume":"10","author":"Bhattacharjya","year":"2018","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"ref_11","first-page":"214","article-title":"On mapping of address and port using translation","volume":"11","author":"Bhattacharjya","year":"2019","journal-title":"Int. J. Inf. Comput. Secur."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Zhang, Z., Wang, X., Hao, Q., Xu, D., Wang, J., Liu, J., Ma, J., and Zhang, J. (2022). Hardware-Implemented Security Processing Unit for Program Execution Monitoring and Instruction Fault Self-Repairing on Embedded Systems. Appl. Sci., 12.","DOI":"10.3390\/app12073584"},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"58","DOI":"10.23919\/cje.2022.00.173","article-title":"FlowGANAnomaly: Flow-based anomaly network intrusion detection with adversarial learning","volume":"33","author":"Li","year":"2024","journal-title":"Chin. J. Electron."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"103091","DOI":"10.1016\/j.sysarc.2024.103091","article-title":"Network traffic classification based on federated semi-supervised learning","volume":"149","author":"Wang","year":"2024","journal-title":"J. Syst. Archit."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Li, Z., Zhang, Z., Fu, M., and Wang, P. (2023, January 1\u20133). A novel network flow feature scaling method based on cloud-edge collaboration. Proceedings of the 2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), Exeter, UK.","DOI":"10.1109\/TrustCom60117.2023.00265"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Niesler, C., Surminski, S., and Davi, L. (2021, January 21\u201325). HERA: Hotpatching of Embedded Real-time Applications. Proceedings of the Network and Distributed Systems Security (NDSS) Symposium 2021, Virtual.","DOI":"10.14722\/ndss.2021.24159"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"105083","DOI":"10.1016\/j.jpdc.2025.105083","article-title":"Multi-ARCL: Multimodal Adaptive Relay-Based Distributed Continual Learning for Encrypted Traffic Classification","volume":"201","author":"Li","year":"2025","journal-title":"J. Parallel Distrib. Comput."},{"key":"ref_18","unstructured":"Payer, M., Bluntschli, B., and Gross, T.R. (2013, January 24\u201328). DynSec: On-the-fly Code Rewriting and Repair. Proceedings of the 5th Workshop on Hot Topics in Software Upgrades (HotSWUp 13), San Jose, CA, USA."},{"key":"ref_19","unstructured":"Holmbacka, S., Lund, W., Lafond, S., and Lilius, J. (2013, January 24\u201328). Lightweight Framework for Runtime Updating of C-Based Software in Embedded Systems. Proceedings of the 5th Workshop on Hot Topics in Software Upgrades (HotSWUp 13), San Jose, CA, USA."},{"key":"ref_20","first-page":"18","article-title":"Research on hot-patching technology based on VXWORKS system","volume":"27","author":"Jiang","year":"2017","journal-title":"Comput. Technol. Dev."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Zhou, M., Wang, H., Li, K., Zhu, H., and Sun, L. (2024, January 22\u201325). Save the Bruised Striver: A Reliable Live Patching Framework for Protecting Real-World PLCs. Proceedings of the EuroSys\u201924: The Nineteenth European Conference on Computer Systems, Athens, Greece.","DOI":"10.1145\/3627703.3650068"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"2920","DOI":"10.1109\/TSE.2021.3071750","article-title":"Automated classification of overfitting patches with statically extracted code features","volume":"48","author":"Ye","year":"2021","journal-title":"IEEE Trans. Softw. Eng."},{"key":"ref_23","first-page":"1","article-title":"Exploration and application of remote hot deployment based on SpringBoot","volume":"35","author":"Wang","year":"2023","journal-title":"Inf. Comput."},{"key":"ref_24","unstructured":"Xiong, Y., Liu, X., Zeng, M., Zhang, L., and Huang, G. (June, January 27). Identifying patch correctness in test-based program repair. Proceedings of the 40th International Conference on Software Engineering, Gothenburg, Sweden."},{"key":"ref_25","unstructured":"He, Y., Zou, Z., Sun, K., Liu, Z., Xu, K., Wang, Q., Shen, C., Wang, Z., and Li, Q. (2022, January 10\u201312). RapidPatch: Firmware Hotpatching for Real-Time Embedded Devices. Proceedings of the 31st USENIX Security Symposium, Boston, MA, USA."},{"key":"ref_26","doi-asserted-by":"crossref","unstructured":"Ramaswamy, A., Bratus, S., Smith, S.W., and Locasto, M.E. (2010, January 15\u201318). Katana: A Hot Patching Framework for ELF Executables. Proceedings of the 2010 International Conference on Availability, Reliability and Security, Krakow, Poland.","DOI":"10.1109\/ARES.2010.112"},{"key":"ref_27","first-page":"2185","article-title":"Augmenting Internet of Medical Things Security: Deep ensemble integration and methodological fusion. Comput","volume":"141","author":"Naeem","year":"2024","journal-title":"Model. Eng. Sci."},{"key":"ref_28","doi-asserted-by":"crossref","unstructured":"Chen, H., Chen, R., Zhang, F., Zang, B., and Yew, P.-C. (2006, January 14\u201316). Live updating operating systems using virtualization. Proceedings of the VEE06: Second International Conference on Virtual Execution Environments, Ottawa, ON, Canada.","DOI":"10.1145\/1134760.1134767"},{"key":"ref_29","unstructured":"Altekar, G., Bagrak, I., Burstein, P., and Schultz, A. (August, January 31). OPUS: Online Patches and Updates for Security. Proceedings of the 14th USENIX Security Symposium, Baltimore, MD, USA."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Zhu, Z., Chen, H., Zhang, J., Wang, X., Jin, Z., Xue, M., Zhu, D., and Choo, K.K.R. (2024, January 20\u201327). MFABA: A More Faithful and Accelerated Boundary-Based Attribution Method for Deep Neural Networks. Proceedings of the Thirty-Eighth AAAI Conference on Artificial Intelligence, Vancouver, BC, Canada.","DOI":"10.1609\/aaai.v38i15.29669"},{"key":"ref_31","first-page":"2440","article-title":"Design of a generic framework for assembly engineering for ARM Cortex-M series cores","volume":"42","author":"Zhang","year":"2021","journal-title":"Small Microcomput. Syst."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Mao, Y., Migliore, V., and Nicomette, V. (2022). MATANA: A Reconfigurable Framework for Runtime Attack Detection Based on the Analysis of Microarchitectural Signals. Appl. Sci., 12.","DOI":"10.3390\/app12031452"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"354","DOI":"10.1109\/TAI.2024.3368361","article-title":"Rethinking Transferable Adversarial Attacks with Double Adversarial Neuron Attribution","volume":"6","author":"Zhu","year":"2024","journal-title":"IEEE Trans. Artif. Intell."},{"key":"ref_34","unstructured":"Dong, Y., Guo, W., Chen, Y., Zhang, Y., and Wang, G. (2019, January 14\u201316). Towards the Detection of Inconsistencies in Public Security Vulnerability Reports. Proceedings of the 28th USENIX Security Symposium, Santa Clara, CA, USA."},{"key":"ref_35","first-page":"41","article-title":"Analysis of MQX interrupt mechanism and interrupt program framework design based on ARM Cortex-M4","volume":"40","author":"Shi","year":"2013","journal-title":"Comput. Sci."},{"key":"ref_36","first-page":"53","article-title":"Design and Implementation of Server\/Client Based Patch Management System","volume":"30","author":"Zhou","year":"2009","journal-title":"Microcomput. Appl."},{"key":"ref_37","first-page":"89","article-title":"Hybrid security assessment methodology for web applications","volume":"126","author":"Correa","year":"2021","journal-title":"Comput. Model. Eng. Sci."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/7\/983\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T17:56:15Z","timestamp":1760032575000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/17\/7\/983"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,6,21]]},"references-count":37,"journal-issue":{"issue":"7","published-online":{"date-parts":[[2025,7]]}},"alternative-id":["sym17070983"],"URL":"https:\/\/doi.org\/10.3390\/sym17070983","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,6,21]]}}}