Top
News
Service
Publications
DBGBench
CoREBench   
Advisories and Bugs
Post Scriptum


Vision Statement🔬


  

Dr. Marcel Böhme
Lecturer (a.k.a. Assistent Professor)

Room 131
25 Exhibition Walk
Clayton VIC 3800

Monash University

  

About

Marcel Böhme completed his PhD at National University of Singapore advised by Prof Abhik Roychoudhury in 2014. It followed a postdoctoral stint at the CISPA-Helmholtz Zentrum Saarbrücken with Prof. Andreas Zeller and a role as senior research fellow at the TSUNAMi Security Research Centre in Singapore. Marcel's research is focussed on automated vulnerability detection, analysis, testing, debugging, and repair of large software systems, where he investigates practical topics such as efficiency, scalability, and reliability of automated techniques via theoretical and empirical analysis. His high-performance fuzzers discovered 100+ bugs in widely-used software systems, more than 50 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database. His vision statement can be found here: Assurances in Software Testing: A Roadmap.

Looking for highly motivated PhD students (3.25 years, fully funded)!
  • If you are a student at Monash, feel free to drop by my office anytime.
  • Otherwise, check eligibility and send me your CV as well as a 1-page review of two of my papers.

News

July'18: Published my first vision statement: Assurances in Software Testing: A Roadmap (4 pages)!
July'18: Our newest fuzzer has discovered 17 vulnerabilities (CVEs), including 9 in FFMPEG. Great work Thuan, Alex, and Andrew!
July'18: My journal-first article Software Testing as Species Discovery has been accepted at ESEC/FSE 2018.
Jun'18: Our article on verifying long-run behavior in the presence of uncertainty has been accepted at ESEC/FSE'18 (61/295=21%)!
Apr'18: My article on Software Testing as Species Discovery has been accepted at the ACM TOSEM (52 pages, journal-first)!
Jan'18: Invited as member of the ICSE'19, the ICECCS'18 (PC&OC), the ASWEC'18, and the SBST'18 Program Committees!
Dec'17: Invited as member of the ASE'18 Demo, the ISSTA'18 AEC, the ICSE'18 SRC, and the MSR'18 MC Program Committees!
Nov'17: The extension of our CCS'16 paper has been accepted at SE flagship journal IEEE Transactions on Software Engineering!
Aug'17: Our paper entitled Directed Greybox Fuzzing accepted at ACM CCS'17 (151/836 = 18%)! Download our tool AFLGo.
Aug'17: Our probabilistic analysis of testing efficiency ranked among Top-50 most popular IEEE TSE articles for 6 months! [123456]
Jun'17: Awarded USD 2,000 in bug bounties from Google Security for security-critical bugs found by AFLFast!

Selected Publications

[TOSEM'18]
STADS: Software Testing as Species Discovery
Marcel Böhme
(One-line Abstract) A well-established statistical framework from ecology for the well-grounded extrapolation from tested program behaviors.
ACM Transactions on Software Engineerung and Methodology (TOSEM), to appear.
Note: Pythia which extends AFL with estimations is available at https://github.com/mboehme/pythia.
Update: Selected as journal-first contribution to be presented at ESEC/FSE 2018.
Update: Interested in the larger vision behind STADS? Check out Assurances in Software Testing: A Roadmap (4 pages)!
  
[ESEC/FSE'18]
Verifying the Long-Run Behavior of Probabilistic System Models in the Presence of Uncertainty
Yamilet R.S. Llerena, Marcel Böhme, Marc Brünink, Guoxin Su, and David S. Rosenblum
(One-line Abstract) Acccounting for modelling uncertainty when analyzing steady-state properties of a stochastic system modelled as DTMC.
ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2018
  
[TSE'18]
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
(One-line Abstract) Efficient path exploration without program analysis
IEEE Transactions on Software Engineering (TSE) 2018; DOI: 10.1109/TSE.2017.2785841, 18 pages.
Note: A shorter version appears in the Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2016
Note: AFLFast, our extension of AFL is available as a fork at https://github.com/mboehme/aflfast.
Note: AFLFast has been evaluated by the community which finds 6 unique flaws in Perl and several bugs in Erlang VM.
Note: AFLFast finds > 40 crashes in GNU Binutils and Coreutils. Pádraig Brady, Coreutils maintainer, highlights our research!
Update: Google Security awards USD 2000 in bug bounties for vulnerabilities reported in [CCS'16] found by AFLFast!
[CCS'17]
Directed Greybox Fuzzing
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury
(One-line Abstract) Outperforming directed symbolic execution using simulated annealing and a novel distance metric that is pre-computed.
24th ACM Conference on Computer and Communications Security (CCS) 2017, Accepted for publication.
Note: AFLGo which implements directed greybox fuzzing into AFL is available at https://github.com/aflgo/aflgo.
  
[ESEC/FSE'17]
Where is the Bug and How is it Fixed? An Experiment with Practitioners
Marcel Böhme, Ezekiel O. Soremekun, Sudipta Chattopadhyay, Emamurho Ugherughe, and Andreas Zeller
(One-line Abstract) Practitioners provide that output (e.g., fault locations) which automated debugging/repair tools ought to provide.
Joint meeting of the European Software Engineering Conference and the
ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2017, pp. 117-128
Note: A shorter version "How Developers Debug Software: The DBGBENCH Dataset" appeared as poster at ICSE'17.
Note: Learn more at https://dbgbench.github.io/.
Update: ESEC/FSE'17 Artifact Evaluation Committee awarded highest badge for DBGBENCH!
  
[ASE'17]
Detecting Information Flow by Mutating Input Data
Björn Matthis, Vitalii Avdiienko, Ezekiel O. Soremekun, Marcel Böhme, and Andreas Zeller
(One-line Abstract) Information flow between a source so and a sink si exists if a perturbation of the information at so is observable at si.
32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) 2017, pp. 263-273
Note: This is the result of the first BSc. thesis that I handed out as a PostDoc at Saarland University, Germany. Congrats Björn!
  
[EMSE'17]
A Correlation Study between Automated Program Repair and Test-Suite Metrics
Jooyong Yi, Shin Hwei Tan, Sergey Mechtaev, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) Established test suite metrics are good predictors of the feasibility and quality of auto-generated repairs.
Empirical Software Engineering Journal (Special Issue on Automated Program Repair), to appear.
Note: Selected as Journal-First contribution to be presented at ICSE 2018!
  
[CCS'16]
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
(One-line Abstract) Effective path exploration without program analysis
23rd ACM Conference on Computer and Communications Security (CCS) 2016. pp. 1032-1043
Note: The journal extension has been accepted at the SE flagship journal IEEE TSE!
  
[ASE'16]
Model-based Whitebox Fuzzing for Program Binaries
Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) Symbolic execution for programs that take complex file inputs (e.g, PDF or PNG).
31st IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016. pp. 552-562
  
[TSE'15]
A Probabilistic Analysis of the Efficiency of Automated Software Testing
Marcel Böhme and Soumya Paul
(One-line Abstract) Even the most effective technique is inefficient vs. random testing if generating a test case takes relatively too long.
IEEE Transactions on Software Engineering (TSE) 2015. Accepted for publication. DOI 10.1109/TSE.2015.2487274
Note: A shorter version "On the Efficiency of Automated Testing" appears in the Proceedings of FSE'14
Note: An even shorter version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
Note: Invited to talk about testing efficiency at UCL in London, SUTD in S'pore, NTU in S'pore, TU Darmstadt, and Saarland University.
Update: Ranked among Top-50 most popular IEEE TSE articles for 6 months! [1,2,3,4,5,6]
  
[DISSERTATION]
Automated Regression Testing and Verification of Complex Code Changes
Marcel Böhme
Thesis submitted for the degree of Doctor of Philosophy (PhD), Department of Computer Science, National University of Singapore
PhD Defense in July'14
  
[FSE'14]
On the Efficiency of Automated Testing
Marcel Böhme and Soumya Paul
(One-line Abstract) Software Testing as Probabilistic Verification and its efficiency vis-à-vis random testing.
22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) 2014, pp. 632-642
Note: A short version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
  
[ISSTA'14]
CoREBench: Studying Complexity of Regression Errors
Marcel Böhme and Abhik Roychoudhury
(One-line Abstract) A benchmark and the quantitative difference between simple and complex errors.
23rd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2014, pp. 398-408
Note: Check out CoREBench - a collection of 70 real regression errors. Found to exceed expectations by the AEC.
Note: Making Top10 most downloaded articles in the past 3 months in ACM Software Engineering Notes, Nov'14.
  
[ESEC/FSE'13]
Regression Tests to Expose Change Interaction Errors
Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
(One-line Abstract) A new class of errors in evolving software and a technique to expose them.
Joint meeting of the European Software Engineering Conference and the
ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2013, pp. 339-349
  
[ICSE'13]
Partition-based Regression Verification
Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
(One-line Abstract-1) Dynamic Semantic Differencing using Regression Test Generation and Input Partitioning.
(One-line Abstract-2) The Practicability of Regression Testing and the Guarantees of Regression Verification.
ACM/IEEE International Conference on Software Engineering (ICSE) 2013, pp.300-309
Note: The technical report, containing proofs for theorems 1 and 2, will be provided on demand.
  
[ADCOM'13]
Regression Testing of Evolving Programs
Marcel Böhme, Abhik Roychoudhury, and Bruno C.d.S. Oliveira
(One-line Abstract) Review and survey of recent advances in the testing of evolving programs.
Advances in Computers, Elsevier, 2013, Volume 89, Chapter 2, pp.53-88
  
[ICSE'12]
PDF Software Regression as Change of Input Partitioning
Marcel Böhme
(One-line Abstract) My doctoral research agenda.
ACM/IEEE International Conference on Software Engineering (ICSE) 2012, pp.1523-1526
  
© Above are the author's versions of the works. They are posted here for your personal use. Not for redistribution.
   The definitive versions were published in the referenced conferences.

Service

  • Committee Member
  • Reviewer
    • Transactions on Software Engineering (TSE): 2014, 2015, 2016, 2017, 2018
    • Transactions on Software Engineering and Methodology (TOSEM): 2018
    • Journal of Software Testing, Verification and Reliability (STVR): 2017
    • Journal of Information and Software Technology (IST): 2015
    • Journal of Software: Evolution and Process (JSME): 2017
    • International Conference on Software Engineering (ICSE): 2017
    • International Symposium on the Foundations of Software Engineering (FSE): 2017
    • International Symposium on Software Testing and Analysis (ISSTA): 2013, 2015, 2016
    • International Conference on Automated Software Engineering (ASE): 2013
    • International Conference on Software Testing (ICST): 2013, 2014
    • International Conference on Fundamental Approaches to Software Engineering (FASE): 2013
  • Other Service
    • Represented NUS PhDs @ Focus Group Discussions with Ministry of Education, Singapore
    • Outreach NUS to TU Dresden
    • Co-Organizer of CSTalks, a seminar-style talk series (2011/12)
    • Graduate Student Representative @ Graduate Liason Committee (2010/11)
    • University Ambassador @ Technische Universität Dresden, Germany

Security Advisories (59) and Reported Bugs (110)

Our tools have found several security-critical vulnerabilities in widely used open-source projects and libraries, such as php (4), valgrind, gdb, coreutils (13), binutils (56), libiberty (8), libdwarf (7), libxml2 (4), ffmpeg (10), wavepac (4), libming, and libav. Most vulnerabilities were detected during experiments of Van-Thuan Pham and myself. Our tools have been discussed on Hackernews and by the coreutils package maintainer Pádraig Brady.
Google Security awarded USD 2,000 for my source-level hardening of security-critical open-source libraries.

CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490,
CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2017-6965,
CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-7210, CVE-2017-7223,
CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2017-7299,
CVE-2017-7300, CVE-2017-7301, CVE-2017-7302, CVE-2017-7303, CVE-2017-7304,
CVE-2017-7578, CVE-2017-8392, CVE-2017-8393, CVE-2017-8394, CVE-2017-8395,
CVE-2017-8396, CVE-2017-8397, CVE-2017-8398, CVE-2017-9047, CVE-2017-9048,
CVE-2017-9049, CVE-2017-9050, CVE-2017-9051, CVE-2017-9052, CVE-2017-9053,
CVE-2017-9054, CVE-2017-9055

Most recently, we issued the following security advisories. Great work Thuan, Alex, and Andrew!
CVE-2018-10372, CVE-2018-10373, CVE-2018-10536, CVE-2018-10537, CVE-2018-10538,
CVE-2018-10539, CVE-2018-10540, CVE-2018-12458, CVE-2018-12459, CVE-2018-12460,
CVE-2018-13300, CVE-2018-13301, CVE-2018-13302, CVE-2018-13303, CVE-2018-13304,
CVE-2018-13305, CVE-2018-13785

Post Scriptum - Umlauts

My last name is properly written with an umlaut (i.e, Böhme). The letter ö is pronounced like 'u' in fur or 'e' in earn.
Latex/BibtexB{\"o}hme
HTMLBöhme
UTF8Böhme
Latex supports umlauts natively using \usepackage[utf8]{inputenc} among the imports.
The correct english transliteration spells: Boehme.

Marcel Böhme < · https://www.comp.nus.edu.sg/~mboehme · Updated: 2018-07-06 14:05