Top
News
Service
Publications
Advisories and Bugs
Reproducibility Manifesto
Post Scriptum



Visualizing Fuzzer Progress

Call graph coverage: Honggfuzz vs AFL

  

Dr. Marcel Böhme


Leader of the MPI SoftSec Research Group
Max Planck Institute for Security and Privacy (MPI-SP)
Universitätsstraße 140
44799 Bochum


  

About

Marcel Böhme leads the Software Security research group at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. Previously, he was a Senior Lecturer at Monash University in Australia and a PostDoc at the TSUNAMi Security Research Centre in Singapore and the CISPA-Helmholtz Zentrum in Germany. Marcel received his PhD from the National University of Singapore.
His current research interest is the automatic discovery of security flaws at the very large scale. One part of his group develops the probabilistic foundations of automatic software testing (i.e., finding bugs by generating executions) to elucidate fundamental limitations of existing techniques and to explore the assurances that software testing provides when no bugs are found. The other part of his group develops practical vulnerability discovery tools that are widely used in software security practice. For instance, Entropic is the default power schedule in LibFuzzer which powers the largest fuzzing platforms at Google and Microsoft, fuzzing hundreds of security-critical projects on 100k machines 24/7. His tools have discovered 100+ bugs in widely-used software systems, more than 70 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database.

News

2025: Excited to chair the program committee of ASE'25 (CORE A*) together with the amazing Lingming Zhang!
Oct'24: Our work on finding side-channels due to future microarchitectures won Distinguished Paper at ACM CCS'24. Congrats all!
Aug'24: Thrilled to give a keynote on "how to solve cybersecurity once and for all" at the 27th Symposium on RAID (CORE A)!
Jul'24: Our work on statistical program analysis for privacy has been accepted at ICSE'25. Congrats Seongmin and Shreyas!
Apr'24: Our work on testing the limits of ML for vulnerability detection has been accepted at USENIX Sec'24. Congrats Niklas!
Feb'24: Honored and incredibly grateful to receive the NUS Outstanding Young Computing Alumni Award!
Dec'23: Happy to serve as an Area Chair for ICSE'24 and ASE'24 as well as on the PCs of FSE'24 and ISSTA'24!
Dec'23: Thrilled to receive the Best Reviewer Award from CCS'23 and ICSE'23, flagship conferences in Security and SE, resp.!
Nov'23: Our discovery of a connection between fuzzing and information theory is this month's CACM research highlight!
Oct'23: Paper on protocol fuzzing equipped with LLMs to interrogate protocol RFCs accepted at NDSS'24! Congrats Ruijie et al.!

Selected Publications

[Textbook]
The Fuzzing Book
Andreas Zeller, Rahul Gopinath, Marcel Böhme, Gordon Fraser, and Christian Holler
(One-line Abstract) Interactive, Jupyter-style textbook on fuzzing and automated test generation.
Digital textbook available at https://www.fuzzingbook.org
  
[TOSEM'25]
Software Security Analysis in 2030 and Beyond: A Research Roadmap
Marcel Böhme, Eric Bodden, Tevfik Bultan, Cristian Cadar, Yang Liu, and Giuseppe Scanniello
(One-line Abstract) Challenges and opportunities for the security analysis of our software systems of the future.
ACM Transactions on Software Engineering and Methodology (Invited Paper).
  
[ICSE'25]
Invivo Fuzzing by Amplifying Actual Executions
Octavio Galland and Marcel Böhme
(One-line Abstract) Don't attach a fuzzer using fuzz drivers! Inject a fuzzer and amplify any state.
IEEE/ACM International Conference on Software Engineering 2025 (ICSE'25), 13 pages.
  
[ICSE'25]
Accounting for Missing Events in Statistical Information Leakage Analysis
Seongmin Lee, Shreyas Minocha, and Marcel Böhme
(One-line Abstract) Estimating software privacy in the small sample regime.
IEEE/ACM International Conference on Software Engineering 2025 (ICSE'25), 12 pages.
  
[USENIX Sec'24]
Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection
Niklas Risse and Marcel Böhme
(One-line Abstract) Are machine learning models for vulnerability discovery as good as they seem?
USENIX Security Symposium 2024 (USENIX Sec'24), 19 pages.
  
[CCS'24]
Testing Side-Channel Security of Crypto. Implementations Against Future Microarchitectures
G. Barthe, M. Böhme, S. Cauligi, C. Chuengsatiansup, D. Genkin, M. Guarnieri, D. Romero, P. Schwabe, D. Wu, and Y. Yarom
(Two-line Abstract) Turns out all tested crypto impl. are vulnerable in the presence of recently proposed microarchitectures,
--- even despite of (and sometimes because of) coding idioms meant to mitigate side channels at the source code level.
ACM Conference on Computer and Communications Security 2024 (CCS'24), 16 pages.
🏆 Award: Our paper received the ACM SIGSAC Distinguished Paper Award. Congrats all!
  
[ICSE'24]
Extrapolating Coverage Rate in Greybox Fuzzing
Danushka Liyanage, Seongmin Lee, Chakkrit Tantithamthavorn, and Marcel Böhme
(One-line Abstract) How to *predict* the coverage rate of a greybox fuzzer in the future.
IEEE/ACM International Conference on Software Engineering 2024 (ICSE'24), 13 pages.
  
[NDSS'24]
Large Language Model guided Protocol Fuzzing
Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) How to make a fuzzer ask ChatGPT about the correct structure and order of messages as specified in 100+ pages of RFC.
Network and Distributed System Security Symposium (NDSS) 2024, 15 pages.
Note: We published tools, data, and analysis at Zenodo (DOI 10.5281/zenodo.8373804) and https://github.com/ChatAFLndss/ChatAFL.
Note: Inaugural NDSS Artifact Evaluation Committee evaluated our artifact as Available, Functional, and Reproduced!
  
[TSE'24]
Human-in-the-loop Automatic Program Repair
Charaka Geethal, Marcel Böhme, and Van-Thuan Pham
(One-line Abstract) Learn2fix automatically "negotiates" with the user the condition under which the bug is observed before it repairs the bug.
IEEE Transactions on Software Engineering (TSE), 2024, 24 pages.
Note: Journal extension of our homonymous ICST'20 paper.
Note: We publish our implementation, data, and scripts available at: https://github.com/charakageethal/learn2fix-journal-ext/.
  
[CACM'23]
Boosting Fuzzer Efficiency: An Information Theoretic Perspective
Marcel Böhme, Valentin Manès, Sang Kil Cha
(One-line Abstract) Every generated input reveals some information about the program. Maximizing information maximizes efficiency..
Communications of the ACM (Vol. 66, No. 11)
🏆 Award: CACM Research Highlight for the month of November. CACM is the monthly journal sent to all members of the ACM. Congrats all!
Note: CACM Technical Perspective: "What's all the fuss about fuzzing?" by the amazing Gordon Fraser!
  
[ASE'23]
Precise Data-Driven Approximation for Program Analysis via Fuzzing
Nikhil Parasaram, Earl T. Barr, Sergey Mechtaev, and Marcel Böhme
(One-line Abstract) Marry static analysis to over-/under-approx. the valid state space and fuzzing + stats to estimate the degree of validity.
IEEE/ACM International Conference on Automated Software Engineering (ASE) 2023, 12 pages.
Note: We published tools, data, and analysis at Zenodo (DOI 10.5281/zenodo.7902214).
  
[ESEC/FSE'23]
Statistical Reachability Analysis
Seongmin Lee and Marcel Böhme
(One-line Abstract) Quantiative program analysis using a statistical rather than an analytical approach.
ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2023, 12 pages
Note: We published tools, data, and analysis at Zenodo (DOI 10.5281/zenodo.7612964).
Note: Artifact Evaluation Committee evaluated our artifact as Functional and Reusable!
  
[ICSE'23]
Reachable Coverage: Estimating Saturation in Fuzzing
Danushka Liyanage, Marcel Böhme, Chakkrit Tantithamthavorn, and Stephan Lipp
(One-line Abstract) Estimating the maximum achievable coverage by automatic test input generation.
IEEE/ACM International Conference on Software Engineering 2023 (ICSE'23), 13 pages
Note: We published data, analysis, and figures at Zenodo (DOI 10.5281/zenodo.7571359).
Note: Featured in the Fuzzing Weekly Newsletter (CW5).
  
[ICSE'23]
Evaluating the Impact of Experimental Assumptions in Automated Fault Localization
Ezekiel Soremekun, Lukas Kirschner, Marcel Böhme, and Mike Papadakis
(One-line Abstract) Evaluating the assumptions that researchers make during debugging tool evaluations.
IEEE International Conference on Software Engineering 2023 (ICSE'23), 13 pages
Website: https://debugging-assumptions.github.io/
  
[ISSTA'23]
Green Fuzzing: A Saturation-based Stopping Criterion using Vulnerability Prediction
Stephan Lipp, Daniel Elsner, Severin Kacianka, Alexander Pretschner, Marcel Böhme, Sebastian Banescu
(One-line Abstract) We suggest to stop a fuzzing campaign when the coverage of potentially vulnerable code saturates.
ACM SIGSOFT International Symposium on Software Testing and Analysis 2023 (ISSTA'23), 13 pages
Note: We published data, analysis, and figures at Zenodo (DOI 10.5281/zenodo.7944722) and Github (https://github.com/tum-i4/green-fuzzing-artifacts).
  
[USENIX SEC'22]
Stateful Greybox Fuzzing
Jinsheng Ba, Marcel Böhme, Zahra Mirzamomen, Abhik Roychoudhury
(One-line Abstract) Navigating an unknown state space by identifying and monitoring state variables values.
USENIX Security Symposium (USENIX SEC) 2022, 18 pages
Note: SGFuzz is available on Github: https://github.com/bajinsheng/SGFuzz
  
[ISSTA'22]
Human-in-the-loop Oracle Learning for Semantic Bugs in String Processing Programs
Charaka Geethal, Van-Thuan Pham, Aldeida Aleti, and Marcel Böhme
(One-line Abstract) Learning to identify semantic bugs for string processing programs
ACM SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'22), 11 pages
  
[ICSE'22]
On the Reliability of Coverage-Based Fuzzer Benchmarking
Marcel Böhme, Laszlo Szekeres, Jonathan Metzman
(One-line Abstract) We find a strong correlation but no strong agreement on fuzzer superiority in terms of coverage versus bugs.
IEEE/ACM International Conference on Software Engineering 2022 (ICSE'22), 11 pages
Note: We published data, analysis, and figures at Zenodo (DOI 10.5281/zenodo.6045830) and Github (https://github.com/icse22data/).
Slides @Slideshare
  
[ICSE'22-NIER]
Statistical Reasoning about Programs
Marcel Böhme
(One-line Abstract) Open challenges and new research directions for automated program analysis at scale.
IEEE International Conference on Software Engineering 2022: New Ideas and Emerging Results (ICSE'22 NIER), 5 pages
Slides @Slideshare
  
[IEEE TSE'22]
An Experimental Assessment of Using Theoretical Defect Predictors to Guide Search-Based Software Testing
Anjana Perera, Aldeida Aleti, Burak Turhan, Marcel Böhme
(One-line Abstract) What is the impact of defect predictor accuracy on defectiveness-guided test generation?
IEEE Transactions on Software Engineering (TSE), 16 pages
  
[IEEE Software'21]
Fuzzing: Challenges and Reflections
Marcel Böhme, Cristian Cadar, and Abhik Roychoudhury
(One-line Abstract) A resource for practitioners and researchers to learn about the main open challenges in fuzzing and symbolic execution.
IEEE Software, 8 pages
Note: This is the outcome of a 3-day meeting of thought leaders and rising stars, both in industry and academia..
Note: We are happy to publish these results in the premier magazine (and journal) for software practitioners.
Slides @Slideshare
  
[ESEC/FSE'21]
Estimating Residual Risk in Greybox Fuzzing
Marcel Böhme, Danushka Liyanage, and Valentin Wüstholz
(One-line Abstract) After 24hrs no crashes, you abort the campaign. What is the change to see a crash if you generated one more input?
ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2021, 12 pages
Note: Congrats Danushka on his first paper. Exciting work with our industry collaborator Valentin. We are breaking new ground!
Note: Our artifact (DOI 10.5281/zenodo.4970239) @ Github and Kaggle was evaluated as Available and Reusable .
Shout out: Justin Campbell (Microsoft) would use this in large-scale fuzzing (OneFuzz) to maximize bug finding within the compute budget.
  
[CCS'21]
Regression Greybox Fuzzing
Xiaogang Zhu and Marcel Böhme
(One-line Abstract) Once a program is well-fuzzed, most bugs found are regressions. Fuzz all commits at once, but focus on recent ones.
ACM Conference on Computer and Communications Security (CCS), 13 pages
Note: AFLChurn is available on Github: https://github.com/aflchurn/aflchurn. Data and evaluation are available on Kaggle
  
[EMSE'21]
Locating faults with program slicing: an empirical analysis
Ezekiel O. Soremekun, Lukas Kirschner, Marcel Böhme, and Andreas Zeller
(One-line Abstract) Empirical comparison of statistical fault localization and dynamic program slicing along more realistic assumptions.
Journl of Empirical Software Engineering (EMSE), 2021, 51 pages, DOI: 10.1007/s10664-020-09931-7
Note:Congrats to Ezekiel, Lukas, and Andreas! Ezekiel started this work with when I was still a PostDoc in Andreas' team.
Note:Our artifact and the steps to reproduce our results are available at 10.6084/m9.figshare.13369400.v1.
  
[ESEC/FSE'20]
Boosting Fuzzer Efficiency: An Information Theoretic Perspective
Marcel Böhme, Valentin J.M. Manès, Sang Kil Cha
(One-line Abstract) Every generated input reveals some information about the program. Maximizing information maximizes efficiency.
ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020, 12 pages
Note: Our artifact @ 10.6084/m9.figshare.12415622, and description @ ROSE was evaluated as Available and Reusable .
Note: Entropic is now the default power schedule in LibFuzzer which powers Google's OSSFuzz and Microsoft's OneFuzz!
Note: An evaluation of a time-boosted Entropic version against other fuzzers is available on https://www.fuzzbench.com!
Update: Running Chrome? Entropic is now also looking for security vulnerabilities in Chrome on 25k machines every day @ Clusterfuzz!
🏆 Award: Our paper received the ACM SIGSOFT Distinguished Paper Award. Congrats Valentin and Sang Kil!
🏆 Award: Our Entropic paper is the new ACM SIGSOFT Research Highlight. Congrats Valentin and Sang Kil!
Slides @Slideshare
  
[ESEC/FSE'20]
Fuzzing: On the Exponential Cost of Vulnerability Discovery
Marcel Böhme, Brandon Falk
(One-line Abstract) Exponentially increase #machines, discover linearly more #vulns in, e.g., 24h, but discover *all* vulns exponentially faster.
ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020, 12 pages
Note: Our artifact @ 10.6084/m9.figshare.11911287.v1 was evaluated as Available .
Update: Our data, empirical evaluation, and simulation study are available @ https://www.kaggle.com. Test our laws by adding your own data!
Pingback: Paper reviews and commentary from Alastair Reid, Clint Gibler, Nat Torkington, Benoit Hamelin, and Zac Hatfield-Dodds.
Award Nomination: Our paper was nominated for the ACM SIGSOFT Distinguished Paper Award (2x Accept, 1x Award Quality)!
Slides @Slideshare
  
[ICSE'20]
Time-Travel Testing of Android Apps
Zhen Dong, Marcel Böhme, Lucia Cojocaru, Abhik Roychoudhury
(One-line Abstract) Automatic testing of Android apps by restoring the most progressive previously visited state once progress is slow.
ACM/IEEE International Conference on Software Engineering 2020 (ICSE'20), 12 pages
Note: Our artifact @ 10.5281/zenodo.3672076 and description @ ROSE was evaluated as Available and Reusable .
Note: TimeMachine which implements time-travel testing for Android available on Github: https://github.com/DroidTest/TimeMachine!
Update: TimeMachine 2.0 released: https://github.com/DroidTest/TimeMachine/releases/tag/v2.0.0!
TL;DR This quick animation captures nicely the key idea of time-travel testing.
🏆 Award: Our paper won the ACM SIGSOFT Distinguished Paper Award. Congrats Zhen, Lucia, and Abhik!
  
[ICSE'20]
HyDiff: Hybrid Differential Software Analysis
Y. Noller, C. Păsăreanu, M. Böhme, Y. Sun, H. Nguyen, and L. Grunske
(One-line Abstract) Differential analysis (e.g., to find regressions, side-channels, or adverserial examples) using greybox fuzzing and symex.
ACM/IEEE International Conference on Software Engineering 2020 (ICSE'20), 13 pages
Note: Our artifact @ 10.5281/zenodo.3627893" and description @ ROSE was evaluated as Available and Reusable .
Note: HyDiff tool and evaluation is available on Github: https://github.com/yannicnoller/hydiff!
  
[ICST'20]
Human-In-The-Loop Automatic Program Repair
Marcel Böhme, Charaka Geethal, and Van-Thuan Pham
(One-line Abstract) Learn2fix automatically "negotiates" with the user the condition under which the bug is observed before it repairs the bug.
IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20), 10 pages
Note: Learn2Fix, experimental setup, data, and R scripts available on Github: https://github.com/mboehme/learn2fix!
Update: Our work has been featured in the IEEE Software Practitioner's Digest. Congrats Charaka and Thuan!
  
[ASE'20]
Defect Prediction Guided Search-Based Software Testing
Anjana Perera, Aldeida Aleti, Marcel Böhme, and Burak Turhan
(One-line Abstract) Allocate more testing budget to program locations that are more likely defective.
35th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2020, 13 pages
Note: This is the first paper of Anjana (main and co-supervised with Aldeida and Burak). Congrats Anjana!
Note: The SBST-DPG tool and experimental data are available on Github: https://github.com/SBST-DPG!
  
[ICST'20 Testing Tool]
AFLNet: A Greybox Fuzzer for Network Protocols
Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
(One-line Abstract) Implementation to maximize coverage of a protocol's code and state space with lightweight protocol learning.
IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20), Testing Tool Track, 6 pages
Note: AFLNet is available at https://github.com/aflnet/aflnet.
  
[TSE'19]
Smart Greybox Fuzzing
Van-Thuan Pham, Marcel Böhme, Andrew E. Santosa, Alexandru R. Căciulescu, and Abhik Roychoudhury
(One-line Abstract) Makes greybox fuzzing aware of input structure, handles corrupted inputs, and maximizes input validity.
IEEE Transactions on Software Engineering, 17 pages (subject to minor revisions)
Note: AFLSmart which implements directed greybox fuzzing into AFL is available at https://github.com/aflsmart/aflsmart.
Note: Interactive tutorial explaining the algorithms behind AFLSmart: https://www.fuzzingbook.org/html/GreyboxGrammarFuzzer.html.
In the News: @Security Week, @The Register, @Nacked Security.
  
[ICSE'19]
Assurance in Software Testing: A Roadmap
Marcel Böhme
(One-line Abstract) Open challenges and new research directions for the automated software testing research community.
IEEE International Conference on Software Engineering 2019: New Ideas and Emerging Results (ICSE'19 NIER), 4 pages
Note: Presented at KAIST, Korea hosted by Prof Shin Yoo.
Note: Presented at NUS, Singapore hosted by Prof Abhik Roychoudhury.
Slides @Slideshare
  
[TOSEM'18]
STADS: Software Testing as Species Discovery
Marcel Böhme
(One-line Abstract) A well-established statistical framework from ecology for the well-grounded extrapolation from tested program behaviors.
ACM Transactions on Software Engineerung and Methodology (TOSEM), to appear.
Note: Pythia which extends AFL with estimations is available at https://github.com/mboehme/pythia.
Note: Selected as journal-first contribution to be presented at ESEC/FSE 2018.
Note: Larger vision to be presented at ICSE'19 New Ideas and Emerging Results (NIER) track!
Update: Interactive tutorial explaining When to Stop Fuzzing: https://www.fuzzingbook.org/html/WhenToStopFuzzing.html!
Pingback: Mark Griffin of ForAllSecure on When to Stop Fuzzing (Tweet): Only stop when coverage plateaus to improve the fuzz driver.
Pingback: Bhargava Shastry of Ethereum Foundation asking Can Good-Turing Frequency Estimation Tell Us When to Stop Fuzzing?
Pingback: William Woodruff of Trail of Bits mentions STADS in Fuzzing 101.
  
[ESEC/FSE'18]
Verifying the Long-Run Behavior of Probabilistic System Models in the Presence of Uncertainty
Yamilet R.S. Llerena, Marcel Böhme, Marc Brünink, Guoxin Su, and David S. Rosenblum
(One-line Abstract) Acccounting for modelling uncertainty when analyzing steady-state properties of a stochastic system modelled as DTMC.
ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2018
  
[TSE'18]
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
(One-line Abstract) Efficient path exploration without program analysis
IEEE Transactions on Software Engineering (TSE) 2018; DOI: 10.1109/TSE.2017.2785841, 18 pages.
Note: A shorter version appears in the Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2016
Note: AFLFast, our extension of AFL is available as a fork at https://github.com/mboehme/aflfast.
Note: AFLFast has been evaluated by the community which finds 6 unique flaws in Perl and several bugs in Erlang VM.
Note: AFLFast finds > 40 crashes in GNU Binutils and Coreutils. Pádraig Brady, Coreutils maintainer, highlights our research!
Note: Google Security awards USD 2000 in bug bounties for vulnerabilities reported in [CCS'16] found by AFLFast!
Update: Interactive tutorial explaining the algorithms behind AFL and AFLFast: https://www.fuzzingbook.org/html/GreyboxFuzzer.html!
  
[EMSE'18]
A Correlation Study between Automated Program Repair and Test-Suite Metrics
Jooyong Yi, Shin Hwei Tan, Sergey Mechtaev, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) Established test suite metrics are good predictors of the feasibility and quality of auto-generated repairs.
Empirical Software Engineering Journal (Special Issue on Automated Program Repair), pp. 2948–2979.
Note: Selected as Journal-First contribution to be presented at ICSE 2018!
  
[CCS'17]
Directed Greybox Fuzzing
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury
(One-line Abstract) Outperforming directed symbolic execution using simulated annealing and a novel distance metric that is pre-computed.
24th ACM Conference on Computer and Communications Security (CCS) 2017, Accepted for publication.
Note: AFLGo which implements directed greybox fuzzing into AFL is available at https://github.com/aflgo/aflgo.
Update: Interactive tutorial explaining the algorithms behind AFL and AFLGo: https://www.fuzzingbook.org/html/GreyboxFuzzer.html!
Slides @Slideshare, Presentation (ACM CCS'17) @Youtube
  
  
[ESEC/FSE'17]
Where is the Bug and How is it Fixed? An Experiment with Practitioners
Marcel Böhme, Ezekiel O. Soremekun, Sudipta Chattopadhyay, Emamurho Ugherughe, and Andreas Zeller
(One-line Abstract) Practitioners provide that output (e.g., fault locations) which automated debugging/repair tools ought to provide.
Joint meeting of the European Software Engineering Conference and the
ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2017, pp. 117-128
Note: A shorter version "How Developers Debug Software: The DBGBENCH Dataset" appeared as poster at ICSE'17.
Note: Learn more at https://dbgbench.github.io/.
Update: ESEC/FSE'17 Artifact Evaluation Committee awarded highest badge for DBGBENCH!
  
[ASE'17]
Detecting Information Flow by Mutating Input Data
Björn Matthis, Vitalii Avdiienko, Ezekiel O. Soremekun, Marcel Böhme, and Andreas Zeller
(One-line Abstract) Information flow between a source so and a sink si exists if a perturbation of the information at so is observable at si.
32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) 2017, pp. 263-273
Note: This is the result of the first BSc. thesis that I handed out as a PostDoc at Saarland University, Germany. Congrats Björn!
  
[CCS'16]
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
(One-line Abstract) Effective path exploration without program analysis
23rd ACM Conference on Computer and Communications Security (CCS) 2016. pp. 1032-1043
Note: The journal extension has been accepted at the SE flagship journal IEEE TSE!
  
[ASE'16]
Model-based Whitebox Fuzzing for Program Binaries
Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) Symbolic execution for programs that take complex file inputs (e.g, PDF or PNG).
31st IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016. pp. 552-562
  
[TSE'15]
A Probabilistic Analysis of the Efficiency of Automated Software Testing
Marcel Böhme and Soumya Paul
(One-line Abstract) Even the most effective technique is inefficient vs. random testing if generating a test case takes relatively too long.
IEEE Transactions on Software Engineering (TSE) 2015. Accepted for publication. DOI 10.1109/TSE.2015.2487274
Note: A shorter version "On the Efficiency of Automated Testing" appears in the Proceedings of FSE'14
Note: An even shorter version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
Note: Invited to talk about testing efficiency at UCL in London, SUTD in S'pore, NTU in S'pore, TU Darmstadt, and Saarland University.
Update: Ranked among Top-50 most popular IEEE TSE articles for 6 months! [1,2,3,4,5,6]
  
[DISSERTATION]
Automated Regression Testing and Verification of Complex Code Changes
Marcel Böhme
Thesis submitted for the degree of Doctor of Philosophy (PhD), Department of Computer Science, National University of Singapore
PhD Defense in July'14
  
[FSE'14]
On the Efficiency of Automated Testing
Marcel Böhme and Soumya Paul
(One-line Abstract) Software Testing as Probabilistic Verification and its efficiency vis-à-vis random testing.
22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) 2014, pp. 632-642
Note: A short version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
  
[ISSTA'14]
CoREBench: Studying Complexity of Regression Errors
Marcel Böhme and Abhik Roychoudhury
(One-line Abstract) A benchmark and the quantitative difference between simple and complex errors.
23rd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2014, pp. 398-408
Note: Check out CoREBench - a collection of 70 real regression errors. Found to exceed expectations by the AEC.
Note: Making Top10 most downloaded articles in the past 3 months in ACM Software Engineering Notes, Nov'14.
  
[ESEC/FSE'13]
Regression Tests to Expose Change Interaction Errors
Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
(One-line Abstract) A new class of errors in evolving software and a technique to expose them.
Joint meeting of the European Software Engineering Conference and the
ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2013, pp. 339-349
  
[ICSE'13]
Partition-based Regression Verification
Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
(One-line Abstract-1) Dynamic Semantic Differencing using Regression Test Generation and Input Partitioning.
(One-line Abstract-2) The Practicability of Regression Testing and the Guarantees of Regression Verification.
ACM/IEEE International Conference on Software Engineering (ICSE) 2013, pp.300-309
Note: The technical report, containing proofs for theorems 1 and 2, will be provided on demand.
  
[ADCOM'13]
Regression Testing of Evolving Programs
Marcel Böhme, Abhik Roychoudhury, and Bruno C.d.S. Oliveira
(One-line Abstract) Review and survey of recent advances in the testing of evolving programs.
Advances in Computers, Elsevier, 2013, Volume 89, Chapter 2, pp.53-88
  
[ICSE'12]
PDF Software Regression as Change of Input Partitioning
Marcel Böhme
(One-line Abstract) My doctoral research agenda.
ACM/IEEE International Conference on Software Engineering (ICSE) 2012, pp.1523-1526
  
© Above are the author's versions of the works. They are posted here for your personal use. Not for redistribution.
   The definitive versions were published in the referenced conferences.

Service

Security Advisories (82) and Reported Bugs (120)

Our tools have found several security-critical vulnerabilities in widely used open-source projects and libraries, such as php (4), valgrind, gdb, coreutils (13), binutils (56), libiberty (8), libdwarf (7), libxml2 (4), ffmpeg (10), wavepac (4), Live555 Media Server (2), libming, and libav. Our tools have been discussed in the news @Security Week, @The Register, @Nacked Security, @Hackernews, and by the coreutils package maintainer Pádraig Brady. Google Security awarded USD 2,000 for hardening of security-critical open-source libraries.
Most vulnerabilities were detected and analyzed during experiments of Van-Thuan Pham and myself.

In 2023, we issued the following security advisory for OpenSSL (secure communication) CVE-2023-0215, for Live555 (streaming) CVE-2023-37117, and for ProFTPD (file transfer) CVE-2023-51713. Great work Ruijie and Octavio!

In 2021, we issued the following security advisories. Great work Jinsheng!
CVE-2021-38380, CVE-2021-38381, CVE-2021-38382, CVE-2021-38383, CVE-2021-39282,
CVE-2021-39283, CVE-2021-41396, CVE-2021-41397, CVE-2021-41687, CVE-2021-41688,
CVE-2021-41689, CVE-2021-41690

In 2019, we issued the following security advisories. Great work Thuan!
CVE-2019-7314, CVE-2019-15232 (Your web-streaming baby monitor or security camera could be vulnerable)

In 2018, we issued the following security advisories. Great work Thuan, Alex, and Andrew!
CVE-2018-10372, CVE-2018-10373, CVE-2018-10536, CVE-2018-10537, CVE-2018-10538,
CVE-2018-10539, CVE-2018-10540, CVE-2018-12458, CVE-2018-12459, CVE-2018-12460,
CVE-2018-13300, CVE-2018-13301, CVE-2018-13302, CVE-2018-13303, CVE-2018-13304,
CVE-2018-13305, CVE-2018-13785, CVE-2018-19539, CVE-2018-19540, CVE-2018-19541,
CVE-2018-19542, CVE-2018-19543, CVE-2018-19543

In 2016 and 2017, we issued the following security advisories. Credit also goes to Thuan Pham!
CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490,
CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2017-6965,
CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-7210, CVE-2017-7223,
CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2017-7299,
CVE-2017-7300, CVE-2017-7301, CVE-2017-7302, CVE-2017-7303, CVE-2017-7304,
CVE-2017-7578, CVE-2017-8392, CVE-2017-8393, CVE-2017-8394, CVE-2017-8395,
CVE-2017-8396, CVE-2017-8397, CVE-2017-8398, CVE-2017-9047, CVE-2017-9048,
CVE-2017-9049, CVE-2017-9050, CVE-2017-9051, CVE-2017-9052, CVE-2017-9053,
CVE-2017-9054, CVE-2017-9055

Software Engineering Reproducibility Manifesto (SERM)

I am trying to lead my research group according to a consistent reproducibility policy. Read more at https://mboehme.github.io/manifesto.

  1. I will educate my graduate students about sound empirical analysis and reproducibility.
  2. We will implement our techniques directly into the baseline and avoid unrelated changes.
  3. We will make all our source code publicly available upon acceptance (as far as funder allows).
  4. We will make all our papers available by Green Open Access (as far as publisher allows).
  5. We will share data, scripts, and figures for the main results under CC-BY.
  6. We will add a "Reproducibility" declaration at the end of each paper.

Post Scriptum - Umlauts

My last name is properly written with an umlaut (i.e, Böhme). The letter ö is pronounced like 'u' in fur or 'e' in earn.
Latex/BibtexB{\"o}hme
HTMLBöhme
UTF8Böhme
Latex supports umlauts natively using \usepackage[utf8]{inputenc} among the imports.
The correct english transliteration spells: Boehme.

Marcel Böhme <> · mboehme.github.io · Updated: 2021-08-11 14:05