{"id":"https://openalex.org/W4414595513","doi":"https://doi.org/10.1145/3719027.3765200","title":"Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction","display_name":"Dynamic Vulnerability Patching for Heterogeneous Embedded Systems Using Stack Frame Reconstruction","publication_year":2025,"publication_date":"2025-11-19","ids":{"openalex":"https://openalex.org/W4414595513","doi":"https://doi.org/10.1145/3719027.3765200"},"language":"en","primary_location":{"id":"doi:10.1145/3719027.3765200","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765200","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765200","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765200","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5103036125","display_name":"Ming Zhou","orcid":"https://orcid.org/0009-0005-6873-5710"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Ming Zhou","raw_affiliation_strings":["SCS, Nanjing University of Science and Technology, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0005-6873-5710","affiliations":[{"raw_affiliation_string":"SCS, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Xupu Hu","orcid":"https://orcid.org/0009-0002-8896-1203"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xupu Hu","raw_affiliation_strings":["SCS, Nanjing University of Science and Technology, Nanjing, China"],"raw_orcid":"https://orcid.org/0009-0002-8896-1203","affiliations":[{"raw_affiliation_string":"SCS, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Zhihao Wang","orcid":"https://orcid.org/0000-0002-0144-889X"},"institutions":[{"id":"https://openalex.org/I4210155350","display_name":"Purple Mountain Laboratories","ror":"https://ror.org/04zcbk583","country_code":"CN","type":"facility","lineage":["https://openalex.org/I4210155350"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhihao Wang","raw_affiliation_strings":["Purple Mountain Laboratories, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0002-0144-889X","affiliations":[{"raw_affiliation_string":"Purple Mountain Laboratories, Nanjing, China","institution_ids":["https://openalex.org/I4210155350"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100664241","display_name":"Haining Wang","orcid":"https://orcid.org/0000-0002-9665-7511"},"institutions":[{"id":"https://openalex.org/I859038795","display_name":"Virginia Tech","ror":"https://ror.org/02smfhw86","country_code":"US","type":"education","lineage":["https://openalex.org/I859038795"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Haining Wang","raw_affiliation_strings":["ECE, Virginia Tech, Arlington, Virginia, USA"],"raw_orcid":"https://orcid.org/0000-0002-9665-7511","affiliations":[{"raw_affiliation_string":"ECE, Virginia Tech, Arlington, Virginia, USA","institution_ids":["https://openalex.org/I859038795"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Hui Wen","orcid":"https://orcid.org/0000-0002-3786-3358"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Hui Wen","raw_affiliation_strings":["Institute of Information Engineering, CAS, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-3786-3358","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS, Beijing, China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5101820083","display_name":"Limin Sun","orcid":"https://orcid.org/0000-0002-6578-0680"},"institutions":[{"id":"https://openalex.org/I4210156404","display_name":"Institute of Information Engineering","ror":"https://ror.org/04r53se39","country_code":"CN","type":"facility","lineage":["https://openalex.org/I19820366","https://openalex.org/I4210156404"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Limin Sun","raw_affiliation_strings":["Institute of Information Engineering, CAS, Beijing, China"],"raw_orcid":"https://orcid.org/0000-0002-6578-0680","affiliations":[{"raw_affiliation_string":"Institute of Information Engineering, CAS, Beijing, China","institution_ids":["https://openalex.org/I4210156404"]}]},{"author_position":"last","author":{"id":null,"display_name":"Peng Zhang","orcid":"https://orcid.org/0000-0001-9518-5914"},"institutions":[{"id":"https://openalex.org/I36399199","display_name":"Nanjing University of Science and Technology","ror":"https://ror.org/00xp9wg62","country_code":"CN","type":"education","lineage":["https://openalex.org/I36399199"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Peng Zhang","raw_affiliation_strings":["SCS, Nanjing University of Science and Technology, Nanjing, China"],"raw_orcid":"https://orcid.org/0000-0001-9518-5914","affiliations":[{"raw_affiliation_string":"SCS, Nanjing University of Science and Technology, Nanjing, China","institution_ids":["https://openalex.org/I36399199"]}]}],"institutions":[],"countries_distinct_count":2,"institutions_distinct_count":7,"corresponding_author_ids":["https://openalex.org/A5103036125"],"corresponding_institution_ids":["https://openalex.org/I36399199"],"apc_list":null,"apc_paid":null,"fwci":2.1733,"has_fulltext":true,"cited_by_count":1,"citation_normalized_percentile":{"value":0.90574835,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":91,"max":95},"biblio":{"volume":null,"issue":null,"first_page":"3855","last_page":"3869"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9591000080108643,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11424","display_name":"Security and Verification in Computing","score":0.9591000080108643,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10743","display_name":"Software Testing and Debugging Techniques","score":0.9585999846458435,"subfield":{"id":"https://openalex.org/subfields/1712","display_name":"Software"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9447000026702881,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/microcontroller","display_name":"Microcontroller","score":0.6317999958992004},{"id":"https://openalex.org/keywords/frame","display_name":"Frame (networking)","score":0.5120000243186951},{"id":"https://openalex.org/keywords/call-stack","display_name":"Call stack","score":0.46219998598098755},{"id":"https://openalex.org/keywords/adaptability","display_name":"Adaptability","score":0.45649999380111694},{"id":"https://openalex.org/keywords/vulnerability","display_name":"Vulnerability (computing)","score":0.448199987411499},{"id":"https://openalex.org/keywords/modbus","display_name":"Modbus","score":0.39010000228881836},{"id":"https://openalex.org/keywords/leverage","display_name":"Leverage (statistics)","score":0.3885999917984009},{"id":"https://openalex.org/keywords/control-flow","display_name":"Control flow","score":0.3846000134944916}],"concepts":[{"id":"https://openalex.org/C149635348","wikidata":"https://www.wikidata.org/wiki/Q193040","display_name":"Embedded system","level":1,"score":0.7318999767303467},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7106000185012817},{"id":"https://openalex.org/C173018170","wikidata":"https://www.wikidata.org/wiki/Q165678","display_name":"Microcontroller","level":2,"score":0.6317999958992004},{"id":"https://openalex.org/C126042441","wikidata":"https://www.wikidata.org/wiki/Q1324888","display_name":"Frame (networking)","level":2,"score":0.5120000243186951},{"id":"https://openalex.org/C119024030","wikidata":"https://www.wikidata.org/wiki/Q759899","display_name":"Call stack","level":3,"score":0.46219998598098755},{"id":"https://openalex.org/C177606310","wikidata":"https://www.wikidata.org/wiki/Q5674297","display_name":"Adaptability","level":2,"score":0.45649999380111694},{"id":"https://openalex.org/C95713431","wikidata":"https://www.wikidata.org/wiki/Q631425","display_name":"Vulnerability (computing)","level":2,"score":0.448199987411499},{"id":"https://openalex.org/C2776666747","wikidata":"https://www.wikidata.org/wiki/Q1135322","display_name":"Modbus","level":3,"score":0.39010000228881836},{"id":"https://openalex.org/C153083717","wikidata":"https://www.wikidata.org/wiki/Q6535263","display_name":"Leverage (statistics)","level":2,"score":0.3885999917984009},{"id":"https://openalex.org/C160191386","wikidata":"https://www.wikidata.org/wiki/Q868299","display_name":"Control flow","level":2,"score":0.3846000134944916},{"id":"https://openalex.org/C118505674","wikidata":"https://www.wikidata.org/wiki/Q42586063","display_name":"Encoder","level":2,"score":0.32820001244544983},{"id":"https://openalex.org/C9390403","wikidata":"https://www.wikidata.org/wiki/Q3966","display_name":"Computer hardware","level":1,"score":0.31200000643730164},{"id":"https://openalex.org/C120314980","wikidata":"https://www.wikidata.org/wiki/Q180634","display_name":"Distributed computing","level":1,"score":0.3001999855041504},{"id":"https://openalex.org/C9395851","wikidata":"https://www.wikidata.org/wiki/Q177929","display_name":"Stack (abstract data type)","level":2,"score":0.28220000863075256},{"id":"https://openalex.org/C119701452","wikidata":"https://www.wikidata.org/wiki/Q5165881","display_name":"Control reconfiguration","level":2,"score":0.27730000019073486},{"id":"https://openalex.org/C136085584","wikidata":"https://www.wikidata.org/wiki/Q910289","display_name":"Overlay","level":2,"score":0.2678000032901764},{"id":"https://openalex.org/C45872418","wikidata":"https://www.wikidata.org/wiki/Q5318966","display_name":"Dynamic demand","level":3,"score":0.26109999418258667},{"id":"https://openalex.org/C163258240","wikidata":"https://www.wikidata.org/wiki/Q25342","display_name":"Power (physics)","level":2,"score":0.2549000084400177},{"id":"https://openalex.org/C17500928","wikidata":"https://www.wikidata.org/wiki/Q959968","display_name":"Control system","level":2,"score":0.25440001487731934},{"id":"https://openalex.org/C2780070844","wikidata":"https://www.wikidata.org/wiki/Q857815","display_name":"Plug and play","level":2,"score":0.251800000667572}],"mesh":[],"locations_count":3,"locations":[{"id":"doi:10.1145/3719027.3765200","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765200","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765200","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},{"id":"pmh:oai:vtechworks.lib.vt.edu:10919/139817","is_oa":false,"landing_page_url":"https://hdl.handle.net/10919/139817","pdf_url":null,"source":{"id":"https://openalex.org/S4306400248","display_name":"VTechWorks (Virginia Tech)","issn_l":null,"issn":null,"is_oa":false,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I859038795","host_organization_name":"Virginia Tech","host_organization_lineage":["https://openalex.org/I859038795"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":null,"raw_type":"Text"},{"id":"pmh:oai:arXiv.org:2509.10213","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.10213","pdf_url":"https://arxiv.org/pdf/2509.10213","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3719027.3765200","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3719027.3765200","pdf_url":"https://dl.acm.org/doi/pdf/10.1145/3719027.3765200","source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G3900241222","display_name":null,"funder_award_id":"62402225","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G4820269321","display_name":null,"funder_award_id":"92467201","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8876996369","display_name":null,"funder_award_id":"N00014","funder_id":"https://openalex.org/F4320337345","funder_display_name":"Office of Naval Research"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320337345","display_name":"Office of Naval Research","ror":"https://ror.org/00rk2pe57"}],"has_content":{"pdf":true,"grobid_xml":false},"content_urls":{"pdf":"https://content.openalex.org/works/W4414595513.pdf"},"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Existing":[0],"dynamic":[1,38],"vulnerability":[2,172],"patching":[3,72,155],"techniques":[4],"are":[5,55],"not":[6],"well-suited":[7],"for":[8,37,115],"embedded":[9,45,105,123],"devices,":[10,158],"especially":[11],"mission-critical":[12],"ones":[13],"such":[14],"as":[15,18],"medical":[16,157],"equipment,":[17],"they":[19],"have":[20],"limited":[21],"computational":[22],"power":[23],"and":[24,40,61,133,164],"memory":[25,36,95],"but":[26],"uninterrupted":[27],"service":[28],"requirements.":[29],"Those":[30],"devices":[31,124],"often":[32],"lack":[33],"sufficient":[34],"idle":[35],"patching,":[39],"the":[41,49,99,136],"diverse":[42],"architectures":[43,114],"of":[44,51],"systems":[46,151],"further":[47],"complicate":[48],"creation":[50],"patch":[52,78],"triggers":[53],"that":[54,76],"compatible":[56],"across":[57,111],"various":[58],"system":[59],"kernels":[60],"hardware":[62],"platforms.":[63],"To":[64],"address":[65],"these":[66],"challenges,":[67],"we":[68,138],"propose":[69],"a":[70],"hot":[71],"framework":[73],"called":[74],"StackPatch":[75,85,121,140,168],"facilitates":[77],"development":[79],"based":[80],"on":[81,122],"stack":[82],"frame":[83],"reconstruction.":[84],"introduces":[86],"different":[87,112],"triggering":[88],"strategies":[89],"to":[90,107,141,156],"update":[91],"programs":[92],"stored":[93],"in":[94,104,148,174],"units.":[96],"We":[97,119,153],"leverage":[98],"exception-handling":[100],"mechanisms":[101],"commonly":[102],"available":[103],"processors":[106],"enhance":[108],"StackPatch's":[109],"adaptability":[110],"processor":[113],"control":[116],"flow":[117],"redirection.":[118],"evaluated":[120],"featuring":[125],"three":[126],"major":[127],"microcontroller":[128],"(MCU)":[129],"architectures:":[130],"ARM,":[131],"RISC-V,":[132],"Xtensa.":[134],"In":[135],"experiments,":[137],"used":[139],"successfully":[142],"fix":[143],"102":[144],"publicly":[145],"disclosed":[146],"vulnerabilities":[147],"real-time":[149],"operating":[150],"(RTOSes).":[152],"applied":[154],"soft":[159],"programmable":[160],"logic":[161],"controllers":[162],"(PLCs),":[163],"network":[165],"services,":[166],"with":[167],"consistently":[169],"completing":[170],"each":[171],"remediation":[173],"less":[175],"than":[176],"260":[177],"MCU":[178],"clock":[179],"cycles.":[180]},"counts_by_year":[{"year":2025,"cited_by_count":1}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}