Cyrille Artho, PhD, Assoc. Prof.

KTH Royal Institute of Technology in Stockholm, Sweden

Model-based Network Fault Injection for IoT Protocols


IoT devices operate in environments where networks may be unstable. They rely on transport protocols to deliver data with given quality-of-service settings. To test an implementation of the popular MQTT protocol thoroughly, we extend the model-based test framework “Modbat” to simulate unstable networks by taking into account delays and transmission failures. Our proxy-based technology requires no changes to the IoT software, while the model allows the user to define stateless or stateful types or fault patterns. We evaluate our methods on a client-server library for MQTT, a transport protocol designed for IoT.


Cyrille Artho is an Associate Professor at the KTH Royal Institute of Technology in Stockholm, Sweden. His research focuses on software verification and software engineering. His research career took him to the National Institute of Advanced Industrial Science and Technology (AIST) in Tokyo and Osaka where he worked as a Senior Researcher 2007 – 2016. During the years he also has been actively working on the realization of his research by implementing tools, such as: Modbat: A model-based tester, JPF and Java PathFinder, Jlint and Enforcer. He has been cited +1500 times and has a number of winning award papers.

Irena Bojanova

National Institute of Standards and Technology

Explainable Vulnerabilities Descriptions with NIST BF


The NIST Bugs Framework (BF) classifies software bugs/weaknesses to allow precise, explainable descriptions of vulnerabilities that exploit them. In this talk, I will define key notions for BF, discuss the commonly used repositories of software weaknesses and vulnerabilities (e.g. CWE and CVE), and present BF’s goals, features, and potential impacts. I will demonstrate how to:

(1) Utilize BF taxonomy to precisely describe underlying weaknesses of vulnerabilities (CVEs).

(2) Utilize BF classes and BF vulnerabilities descriptions for ML and AI projects on software failures and risks.

(3) Collaborate with BF researchers to create new BF classes and mappings to CWE entrees.


Irena Bojanova is a Computer Scientist at the US National Institute of Standards and Technology (NIST). She is the Primary Investigator (PI) and the Lead of the Bugs Framework (BF) project. She is also Professor in Information Technology at Johns Hopkins Carey Business School. Her research interests are in formal methods, distributed systems, and computer security. Bojanova is an IEEE Senior Member and is currently the Editor-in-Chief of the IEEE IT Professional magazine and a General Co-Chair of STC 2022. She has served as a General Co-Chair of ISSRE 2015, QRS 2017, STC 2017; Chair of COMPSAC 2018-2022 IT in Practice Symposium, and a Co-Chair of ISoLA 2020 Software Verification track.