skip to main content


Search for: All records

Creators/Authors contains: "Zou, D."

Note: When clicking on a Digital Object Identifier (DOI) number, you will be taken to an external site maintained by the publisher. Some full text articles may not yet be available without a charge during the embargo (administrative interval).
What is a DOI Number?

Some links on this page may take you to non-federal websites. Their policies may differ from this site.

  1. IoT messaging protocols are critical to connecting users and IoT devices. Among all the protocols, the Message Queuing and Telemetry Transport (MQTT) is arguably the most widely used. Mainstream IoT platforms leverage MQTT brokers, server side implementation of MQTT, to enable and mediate user-device communication (e.g., the transmission of control commands). There are over 70 open-source MQTT brokers, which have been widely adopted in production. Any security defects in those open-source MQTT brokers easily get into many endors' IoT deployments with amplified impacts, inevitably endangering the security of IoT applications and millions of users. We report the first systematic security analysis of open-source MQTT brokers in the wild. To enable the analysis, we designed and developed MQTTactic, a semiautomatic tool that can formally verify MQTT broker implementations based on generated security properties. MQTTactic is based on static code analysis, formal modeling, and automated model checking (with off-the-shelf model checker Spin). In designing MQTTactic, we characterize and address key technical challenges. MQTTactic currently focuses on authorization-related properties, and discovered 7 novel, zero-day flaws practically enabling serious, unauthorized access. We reported all flaws to related parties, who acknowledged the issues and have been taking actions to fix them. Our thorough evaluation shows that MQTTactic is effective and practical. 
    more » « less
    Free, publicly-accessible full text available November 1, 2024
  2. null (Ed.)
  3. Abstract Disease modelling has had considerable policy impact during the ongoing COVID-19 pandemic, and it is increasingly acknowledged that combining multiple models can improve the reliability of outputs. Here we report insights from ten weeks of collaborative short-term forecasting of COVID-19 in Germany and Poland (12 October–19 December 2020). The study period covers the onset of the second wave in both countries, with tightening non-pharmaceutical interventions (NPIs) and subsequently a decay (Poland) or plateau and renewed increase (Germany) in reported cases. Thirteen independent teams provided probabilistic real-time forecasts of COVID-19 cases and deaths. These were reported for lead times of one to four weeks, with evaluation focused on one- and two-week horizons, which are less affected by changing NPIs. Heterogeneity between forecasts was considerable both in terms of point predictions and forecast spread. Ensemble forecasts showed good relative performance, in particular in terms of coverage, but did not clearly dominate single-model predictions. The study was preregistered and will be followed up in future phases of the pandemic. 
    more » « less
  4. Free, publicly-accessible full text available November 1, 2024
  5. Free, publicly-accessible full text available September 1, 2024
  6. Free, publicly-accessible full text available September 1, 2024