Marcel Böhme Ph.D. (NUS)

Faculty Member
MPI SoftSec Research Group
Max Planck Institute for Security and Privacy (MPI-SP)
Universitätsstraße 140
44799 Bochum

Older Publications

[IEEE Software'21]
	Fuzzing: Challenges and Reflections
	Marcel Böhme, Cristian Cadar, and Abhik Roychoudhury
	(One-line Abstract) A resource for practitioners and researchers to learn about the main open challenges in fuzzing and symbolic execution.
	IEEE Software, 8 pages
	Note: This is the outcome of a 3-day meeting of thought leaders and rising stars, both in industry and academia..
	Note: We are happy to publish these results in the premier magazine (and journal) for software practitioners.
	Slides @Slideshare
[ESEC/FSE'21]
	Estimating Residual Risk in Greybox Fuzzing
	Marcel Böhme, Danushka Liyanage, and Valentin Wüstholz
	(One-line Abstract) After 24hrs no crashes, you abort the campaign. What is the change to see a crash if you generated one more input?
	ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2021, 12 pages
	Note: Congrats Danushka on his first paper. Exciting work with our industry collaborator Valentin. We are breaking new ground!
	Note: Our artifact (DOI 10.5281/zenodo.4970239) @ Github and Kaggle was evaluated as Available and Reusable .
	Shout out: Justin Campbell (Microsoft) would use this in large-scale fuzzing (OneFuzz) to maximize bug finding within the compute budget.
[CCS'21]
	Regression Greybox Fuzzing
	Xiaogang Zhu and Marcel Böhme
	(One-line Abstract) Once a program is well-fuzzed, most bugs found are regressions. Fuzz all commits at once, but focus on recent ones.
	ACM Conference on Computer and Communications Security (CCS), 13 pages
	Note: AFLChurn is available on Github: https://github.com/aflchurn/aflchurn. Data and evaluation are available on Kaggle
[EMSE'21]
	Locating faults with program slicing: an empirical analysis
	Ezekiel O. Soremekun, Lukas Kirschner, Marcel Böhme, and Andreas Zeller
	(One-line Abstract) Empirical comparison of statistical fault localization and dynamic program slicing along more realistic assumptions.
	Journl of Empirical Software Engineering (EMSE), 2021, 51 pages, DOI: 10.1007/s10664-020-09931-7
	Note:Congrats to Ezekiel, Lukas, and Andreas! Ezekiel started this work with when I was still a PostDoc in Andreas' team.
	Note:Our artifact and the steps to reproduce our results are available at 10.6084/m9.figshare.13369400.v1.
[ESEC/FSE'20]
	Boosting Fuzzer Efficiency: An Information Theoretic Perspective
	Marcel Böhme, Valentin J.M. Manès, Sang Kil Cha
	(One-line Abstract) Every generated input reveals some information about the program. Maximizing information maximizes efficiency.
	ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020, 12 pages
	Note: Our artifact @ 10.6084/m9.figshare.12415622, and description @ ROSE was evaluated as Available and Reusable .
	Note: Entropic is now the default power schedule in LibFuzzer which powers Google's OSSFuzz and Microsoft's OneFuzz!
	Note: An evaluation of a time-boosted Entropic version against other fuzzers is available on https://www.fuzzbench.com!
	Update: Running Chrome? Entropic is now also looking for security vulnerabilities in Chrome on 25k machines every day @ Clusterfuzz!
🏆	Award: Our paper received the ACM SIGSOFT Distinguished Paper Award. Congrats Valentin and Sang Kil!
🏆	Award: Our Entropic paper is the new ACM SIGSOFT Research Highlight. Congrats Valentin and Sang Kil!
	Slides @Slideshare
[ESEC/FSE'20]
	Fuzzing: On the Exponential Cost of Vulnerability Discovery
	Marcel Böhme, Brandon Falk
	(One-line Abstract) Exponentially increase #machines, discover linearly more #vulns in, e.g., 24h, but discover *all* vulns exponentially faster.
	ACM European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2020, 12 pages
	Note: Our artifact @ 10.6084/m9.figshare.11911287.v1 was evaluated as Available .
	Update: Our data, empirical evaluation, and simulation study are available @ https://www.kaggle.com. Test our laws by adding your own data!
	Pingback: Paper reviews and commentary from Alastair Reid, Clint Gibler, Nat Torkington, Benoit Hamelin, and Zac Hatfield-Dodds.
	Award Nomination: Our paper was nominated for the ACM SIGSOFT Distinguished Paper Award (2x Accept, 1x Award Quality)!
	Slides @Slideshare
[ICSE'20]
	Time-Travel Testing of Android Apps
	Zhen Dong, Marcel Böhme, Lucia Cojocaru, Abhik Roychoudhury
	(One-line Abstract) Automatic testing of Android apps by restoring the most progressive previously visited state once progress is slow.
	ACM/IEEE International Conference on Software Engineering 2020 (ICSE'20), 12 pages
	Note: Our artifact @ 10.5281/zenodo.3672076 and description @ ROSE was evaluated as Available and Reusable .
	Note: TimeMachine which implements time-travel testing for Android available on Github: https://github.com/DroidTest/TimeMachine!
	Update: TimeMachine 2.0 released: https://github.com/DroidTest/TimeMachine/releases/tag/v2.0.0!
	TL;DR This quick animation captures nicely the key idea of time-travel testing.
🏆	Award: Our paper won the ACM SIGSOFT Distinguished Paper Award. Congrats Zhen, Lucia, and Abhik!
[ICSE'20]
	HyDiff: Hybrid Differential Software Analysis
	Y. Noller, C. Păsăreanu, M. Böhme, Y. Sun, H. Nguyen, and L. Grunske
	(One-line Abstract) Differential analysis (e.g., to find regressions, side-channels, or adverserial examples) using greybox fuzzing and symex.
	ACM/IEEE International Conference on Software Engineering 2020 (ICSE'20), 13 pages
	Note: Our artifact @ 10.5281/zenodo.3627893" and description @ ROSE was evaluated as Available and Reusable .
	Note: HyDiff tool and evaluation is available on Github: https://github.com/yannicnoller/hydiff!
[ICST'20]
	Human-In-The-Loop Automatic Program Repair
	Marcel Böhme, Charaka Geethal, and Van-Thuan Pham
	(One-line Abstract) Learn2fix automatically "negotiates" with the user the condition under which the bug is observed before it repairs the bug.
	IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20), 10 pages
	Note: Learn2Fix, experimental setup, data, and R scripts available on Github: https://github.com/mboehme/learn2fix!
	Update: Our work has been featured in the IEEE Software Practitioner's Digest. Congrats Charaka and Thuan!
[ASE'20]
	Defect Prediction Guided Search-Based Software Testing
	Anjana Perera, Aldeida Aleti, Marcel Böhme, and Burak Turhan
	(One-line Abstract) Allocate more testing budget to program locations that are more likely defective.
	35th IEEE/ACM International Conference on Automated Software Engineering (ASE) 2020, 13 pages
	Note: This is the first paper of Anjana (main and co-supervised with Aldeida and Burak). Congrats Anjana!
	Note: The SBST-DPG tool and experimental data are available on Github: https://github.com/SBST-DPG!
[ICST'20 Testing Tool]
	AFLNet: A Greybox Fuzzer for Network Protocols
	Van-Thuan Pham, Marcel Böhme, Abhik Roychoudhury
	(One-line Abstract) Implementation to maximize coverage of a protocol's code and state space with lightweight protocol learning.
	IEEE International Conference on Software Testing, Verification and Validation 2020 (ICST'20), Testing Tool Track, 6 pages
	Note: AFLNet is available at https://github.com/aflnet/aflnet.
[TSE'19]
	Smart Greybox Fuzzing
	Van-Thuan Pham, Marcel Böhme, Andrew E. Santosa, Alexandru R. Căciulescu, and Abhik Roychoudhury
	(One-line Abstract) Makes greybox fuzzing aware of input structure, handles corrupted inputs, and maximizes input validity.
	IEEE Transactions on Software Engineering, 17 pages (subject to minor revisions)
	Note: AFLSmart which implements directed greybox fuzzing into AFL is available at https://github.com/aflsmart/aflsmart.
	Note: Interactive tutorial explaining the algorithms behind AFLSmart: https://www.fuzzingbook.org/html/GreyboxGrammarFuzzer.html.
	In the News: @Security Week, @The Register, @Nacked Security.
[ICSE'19]
	Assurance in Software Testing: A Roadmap
	Marcel Böhme
	(One-line Abstract) Open challenges and new research directions for the automated software testing research community.
	IEEE International Conference on Software Engineering 2019: New Ideas and Emerging Results (ICSE'19 NIER), 4 pages
	Note: Presented at KAIST, Korea hosted by Prof Shin Yoo.
	Note: Presented at NUS, Singapore hosted by Prof Abhik Roychoudhury.
	Slides @Slideshare
[TOSEM'18]
	STADS: Software Testing as Species Discovery
	Marcel Böhme
	(One-line Abstract) A well-established statistical framework from ecology for the well-grounded extrapolation from tested program behaviors.
	ACM Transactions on Software Engineerung and Methodology (TOSEM), to appear.
	Note: Pythia which extends AFL with estimations is available at https://github.com/mboehme/pythia.
	Note: Selected as journal-first contribution to be presented at ESEC/FSE 2018.
	Note: Larger vision to be presented at ICSE'19 New Ideas and Emerging Results (NIER) track!
	Update: Interactive tutorial explaining When to Stop Fuzzing: https://www.fuzzingbook.org/html/WhenToStopFuzzing.html!
	Pingback: Mark Griffin of ForAllSecure on When to Stop Fuzzing (Tweet): Only stop when coverage plateaus to improve the fuzz driver.
	Pingback: Bhargava Shastry of Ethereum Foundation asking Can Good-Turing Frequency Estimation Tell Us When to Stop Fuzzing?
	Pingback: William Woodruff of Trail of Bits mentions STADS in Fuzzing 101.
[ESEC/FSE'18]
	Verifying the Long-Run Behavior of Probabilistic System Models in the Presence of Uncertainty
	Yamilet R.S. Llerena, Marcel Böhme, Marc Brünink, Guoxin Su, and David S. Rosenblum
	(One-line Abstract) Acccounting for modelling uncertainty when analyzing steady-state properties of a stochastic system modelled as DTMC.
	ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC/FSE) 2018
[TSE'18]
	Coverage-based Greybox Fuzzing as Markov Chain
	Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
	(One-line Abstract) Efficient path exploration without program analysis
	IEEE Transactions on Software Engineering (TSE) 2018; DOI: 10.1109/TSE.2017.2785841, 18 pages.
	Note: A shorter version appears in the Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2016
	Note: AFLFast, our extension of AFL is available as a fork at https://github.com/mboehme/aflfast.
	Note: AFLFast has been evaluated by the community which finds 6 unique flaws in Perl and several bugs in Erlang VM.
	Note: AFLFast finds > 40 crashes in GNU Binutils and Coreutils. Pádraig Brady, Coreutils maintainer, highlights our research!
	Note: Google Security awards USD 2000 in bug bounties for vulnerabilities reported in [CCS'16] found by AFLFast!
	Update: Interactive tutorial explaining the algorithms behind AFL and AFLFast: https://www.fuzzingbook.org/html/GreyboxFuzzer.html!
[EMSE'18]
	A Correlation Study between Automated Program Repair and Test-Suite Metrics
	Jooyong Yi, Shin Hwei Tan, Sergey Mechtaev, Marcel Böhme, and Abhik Roychoudhury
	(One-line Abstract) Established test suite metrics are good predictors of the feasibility and quality of auto-generated repairs.
	Empirical Software Engineering Journal (Special Issue on Automated Program Repair), pp. 2948–2979.
	Note: Selected as Journal-First contribution to be presented at ICSE 2018!
[CCS'17]
	Directed Greybox Fuzzing
	Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury
	(One-line Abstract) Outperforming directed symbolic execution using simulated annealing and a novel distance metric that is pre-computed.
	24th ACM Conference on Computer and Communications Security (CCS) 2017, Accepted for publication.
	Note: AFLGo which implements directed greybox fuzzing into AFL is available at https://github.com/aflgo/aflgo.
	Update: Interactive tutorial explaining the algorithms behind AFL and AFLGo: https://www.fuzzingbook.org/html/GreyboxFuzzer.html!
	Slides @Slideshare, Presentation (ACM CCS'17) @Youtube
[ESEC/FSE'17]
	Where is the Bug and How is it Fixed? An Experiment with Practitioners
	Marcel Böhme, Ezekiel O. Soremekun, Sudipta Chattopadhyay, Emamurho Ugherughe, and Andreas Zeller
	(One-line Abstract) Practitioners provide that output (e.g., fault locations) which automated debugging/repair tools ought to provide.
	Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2017, pp. 117-128
	Note: A shorter version "How Developers Debug Software: The DBGBENCH Dataset" appeared as poster at ICSE'17.
	Note: Learn more at https://dbgbench.github.io/.
	Update: ESEC/FSE'17 Artifact Evaluation Committee awarded highest badge for DBGBENCH!
[ASE'17]
	Detecting Information Flow by Mutating Input Data
	Björn Matthis, Vitalii Avdiienko, Ezekiel O. Soremekun, Marcel Böhme, and Andreas Zeller
	(One-line Abstract) Information flow between a source so and a sink si exists if a perturbation of the information at so is observable at si.
	32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) 2017, pp. 263-273
	Note: This is the result of the first BSc. thesis that I handed out as a PostDoc at Saarland University, Germany. Congrats Björn!
[CCS'16]
	Coverage-based Greybox Fuzzing as Markov Chain
	Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
	(One-line Abstract) Effective path exploration without program analysis
	23rd ACM Conference on Computer and Communications Security (CCS) 2016. pp. 1032-1043
	Note: The journal extension has been accepted at the SE flagship journal IEEE TSE!
[ASE'16]
	Model-based Whitebox Fuzzing for Program Binaries
	Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
	(One-line Abstract) Symbolic execution for programs that take complex file inputs (e.g, PDF or PNG).
	31st IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016. pp. 552-562
[TSE'15]
	A Probabilistic Analysis of the Efficiency of Automated Software Testing
	Marcel Böhme and Soumya Paul
	(One-line Abstract) Even the most effective technique is inefficient vs. random testing if generating a test case takes relatively too long.
	IEEE Transactions on Software Engineering (TSE) 2015. Accepted for publication. DOI 10.1109/TSE.2015.2487274
	Note: A shorter version "On the Efficiency of Automated Testing" appears in the Proceedings of FSE'14
	Note: An even shorter version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
	Note: Invited to talk about testing efficiency at UCL in London, SUTD in S'pore, NTU in S'pore, TU Darmstadt, and Saarland University.
	Update: Ranked among Top-50 most popular IEEE TSE articles for 6 months! [1,2,3,4,5,6]
[DISSERTATION]
	Automated Regression Testing and Verification of Complex Code Changes
	Marcel Böhme
	Thesis submitted for the degree of Doctor of Philosophy (PhD), Department of Computer Science, National University of Singapore PhD Defense in July'14
[FSE'14]
	On the Efficiency of Automated Testing
	Marcel Böhme and Soumya Paul
	(One-line Abstract) Software Testing as Probabilistic Verification and its efficiency vis-à-vis random testing.
	22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) 2014, pp. 632-642
	Note: A short version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
[ISSTA'14]
	CoREBench: Studying Complexity of Regression Errors
	Marcel Böhme and Abhik Roychoudhury
	(One-line Abstract) A benchmark and the quantitative difference between simple and complex errors.
	23rd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2014, pp. 398-408
	Note: Check out CoREBench - a collection of 70 real regression errors. Found to exceed expectations by the AEC.
	Note: Making Top10 most downloaded articles in the past 3 months in ACM Software Engineering Notes, Nov'14.
[ESEC/FSE'13]
	Regression Tests to Expose Change Interaction Errors
	Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
	(One-line Abstract) A new class of errors in evolving software and a technique to expose them.
	Joint meeting of the European Software Engineering Conference and the ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2013, pp. 339-349
[ICSE'13]
	Partition-based Regression Verification
	Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
	(One-line Abstract-1) Dynamic Semantic Differencing using Regression Test Generation and Input Partitioning. (One-line Abstract-2) The Practicability of Regression Testing and the Guarantees of Regression Verification.
	ACM/IEEE International Conference on Software Engineering (ICSE) 2013, pp.300-309
	Note: The technical report, containing proofs for theorems 1 and 2, will be provided on demand.
[ADCOM'13]
	Regression Testing of Evolving Programs
	Marcel Böhme, Abhik Roychoudhury, and Bruno C.d.S. Oliveira
	(One-line Abstract) Review and survey of recent advances in the testing of evolving programs.
	Advances in Computers, Elsevier, 2013, Volume 89, Chapter 2, pp.53-88
[ICSE'12]
	Software Regression as Change of Input Partitioning
	Marcel Böhme
	(One-line Abstract) My doctoral research agenda.
	ACM/IEEE International Conference on Software Engineering (ICSE) 2012, pp.1523-1526

Marcel Böhme <> · mboehme.github.io · Updated: 2021-08-11 14:05