Artifact: Kintsugi: Secure Hotpatching for Code-Shadowing Real-Time Embedded Systems

This is the artifact for the USENIX Security '25 paper "Kintsugi: Secure Hotpatching for Code-Shadowing Real-Time Embedded Systems".

This artifact contains the the following components:
- kintsugi: The source code of our hotpatching framework, representing the core contribution of our work.
- hotpatch_generator: Source code for our hotpatch generator, which we include for completeness.
- external: All external sources (RTOS, Libraries, SDKs) which are installed over a setup script. This also includes the patches to replicate our local modifications.
- experiments: Source code for each experiment.
    - performance: All performance related experiments
        - micro_benchmarks: Source for experiments regarding micro-benchmarking for the Manager.
        - context_switch: Experiment source code for measuring the Guard and Applicator.
        - scalability: Scalability measurement experiments.
        - resource_utilization: Resource Utilization / Memory Overhead experiments.
    - realworld_cves: Source code for all proof-of-concepts regarding the real-world CVEs we consider. Source code for hotpatches are stored in hotpatches in the root directory. Measurement results for the micro-benchmarks can be found in micro-benchmarks.
    - security: Source for the experiments regarding the practical security evaluation.
    - case_study: Source for our case study on the Crazyflie drone.
- example_rtos_integration: We additionally provide examples of integrating Kintsugi into FreeRTOS and Zephyr for the important changes and files.

We also provide the measurement results from our paper submission for each of the experiments in the performance directory together with scripts to easily reproduce these results and plot them.