Top
News
Service
Publications
DBGBench
CoREBench   
Advisories and Bugs
Post Scriptum



  

Dr. Marcel Böhme
Senior Research Fellow

COM2-02-14
13 Computing Drive
Singapore 117417

National University of Singapore

  

About

Marcel Böhme completed his PhD at National University of Singapore advised by Prof. Abhik Roychoudhury in 2014 after joining Abhik's team in 2011. After his PhD he spent one year working with Prof. Andreas Zeller as postdoctoral advisor at Saarland University, Germany. Marcel represented the graduate students of the School of Computing at NUS on several occasions. Marcel's research is focussed on automated vulnerability detection, analysis, testing, debugging, and repair of large software systems, where he investigates practical topics such as efficiency, scalability, and reliability of automated techniques via theoretical and empirical analysis. His tools discovered 100+ bugs in widely-used software systems, more than 40 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database.

News

  I am joining the Faculty of IT, Monash University, Australia in March 2018!
Nov'17: The journal extension of our CCS'16 paper has been accepted at SE flagship journal IEEE TSE (subject to minor revisions).
Sep'17: Invited as member of the ICSE'18 SRC PC and the MSR'18 MC PC. Do consider to submit!
Aug'17: Our paper entitled Directed Greybox Fuzzing accepted at ACM CCS'17 (151/836 = 18%)! Download our tool AFLGo.
Aug'17: Our probabilistic analysis of testing efficiency ranked among Top-50 most popular IEEE TSE articles for 6 months! [123456]
July'17: Our paper on lightweight flow detection accepted at ASE'17 (65/314=21%)! Excellent thesis of my first BSc. student, Björn.
Jun'17: Awarded USD 2,000 in bug bounties from Google Security for security-critical bugs found by AFLFast!
Jun'17: Where is the Bug and How is it Fixed? An Experiment with Practitioners accepted at ESEC/FSE'17 (72/295 = 24%)!
Jun'17: Our correlation study of test suite quality and repair quality metrics accepted at Empirical Software Engineering Journal!
May'17: Our directed fuzzer AFLGO applied to patch testing finds more than 40 bugs in security-critical programs (17 CVEs)!
Feb'17: AFLFast finds > 50 crashes in GNU Binutils and Coreutils. Pádraig Brady, Coreutils maintainer, highlights our research!
Aug'16: AFLFast finds 6 unique flaws in Perl (via Hacker News) and several bugs in Erlang VM (via Hacker News).
July'16: "Coverage-based Greybox Fuzzing as Markov Chain" accepted at CCS'16 (137/831 = 16%). AFLFast available on Github!
July'16: "Model-based Whitebox Fuzzing for Program Binaries" accepted at ASE'16 (57/353 = 16%).

Selected Publications

[TSE'18]
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
(One-line Abstract) Efficient path exploration without program analysis
IEEE Transactions on Software Engineering (TSE) 2018; Acceptance subject to minor revisions.
Note: A shorter version appears in the Proceedings of the ACM Conference on Computer and Communications Security (CCS) 2016
Note: AFLFast, our extension of AFL is available as a fork at https://github.com/mboehme/aflfast.
Note: AFLFast has been evaluated by the community which finds 6 unique flaws in Perl and several bugs in Erlang VM.
Note: AFLFast finds > 40 crashes in GNU Binutils and Coreutils. Pádraig Brady, Coreutils maintainer, highlights our research!
Update: Google Security awards USD 2000 in bug bounties for vulnerabilities reported in [CCS'16] found by AFLFast!
[CCS'17]
Directed Greybox Fuzzing
Marcel Böhme, Van-Thuan Pham, Manh-Dung Nguyen, and Abhik Roychoudhury
(One-line Abstract) Outperforming directed symbolic execution using simulated annealing and a novel distance metric that is pre-computed.
24th ACM Conference on Computer and Communications Security (CCS) 2017, Accepted for publication.
Note: AFLGo which implements directed greybox fuzzing into AFL is available at https://github.com/aflgo/aflgo.
  
[ESEC/FSE'17]
Where is the Bug and How is it Fixed? An Experiment with Practitioners
Marcel Böhme, Ezekiel O. Soremekun, Sudipta Chattopadhyay, Emamurho Ugherughe, and Andreas Zeller
(One-line Abstract) Practitioners provide that output (e.g., fault locations) which automated debugging/repair tools ought to provide.
Joint meeting of the European Software Engineering Conference and the
ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2017, pp. 117-128
Note: A shorter version "How Developers Debug Software: The DBGBENCH Dataset" appeared as poster at ICSE'17.
Note: Learn more at https://dbgbench.github.io/.
Update: ESEC/FSE'17 Artifact Evaluation Committee awarded highest badge for DBGBENCH!
  
[ASE'17]
Detecting Information Flow by Mutating Input Data
Björn Matthis, Vitalii Avdiienko, Ezekiel O. Soremekun, Marcel Böhme, and Andreas Zeller
(One-line Abstract) Information flow between a source so and a sink si exists if a perturbation of the information at so is observable at si.
32nd IEEE/ACM International Conference on Automated Software Engineering (ASE) 2017, pp. 263-273
Note: This is the result of the first BSc. thesis that I handed out as a PostDoc at Saarland University, Germany. Congrats Björn!
  
[EMSE'17]
A Correlation Study between Automated Program Repair and Test-Suite Metrics
Jooyong Yi, Shin Hwei Tan, Sergey Mechtaev, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) Established test suite metrics are good predictors of the feasibility and quality of auto-generated repairs.
Empirical Software Engineering Journal (Special Issue on Automated Program Repair), to appear.
  
[CCS'16]
Coverage-based Greybox Fuzzing as Markov Chain
Marcel Böhme, Van-Thuan Pham, and Abhik Roychoudhury
(One-line Abstract) Effective path exploration without program analysis
23rd ACM Conference on Computer and Communications Security (CCS) 2016. pp. 1032-1043
Note: The journal extension has been accepted at the SE flagship journal IEEE TSE!
  
[ASE'16]
Model-based Whitebox Fuzzing for Program Binaries
Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury
(One-line Abstract) Symbolic execution for programs that take complex file inputs (e.g, PDF or PNG).
31st IEEE/ACM International Conference on Automated Software Engineering (ASE) 2016. pp. 552-562
  
[TSE'15]
A Probabilistic Analysis of the Efficiency of Automated Software Testing
Marcel Böhme and Soumya Paul
(One-line Abstract) Even the most effective technique is inefficient vs. random testing if generating a test case takes relatively too long.
IEEE Transactions on Software Engineering (TSE) 2015. Accepted for publication. DOI 10.1109/TSE.2015.2487274
Note: A shorter version "On the Efficiency of Automated Testing" appears in the Proceedings of FSE'14
Note: An even shorter version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
Note: Invited to talk about testing efficiency at UCL in London, SUTD in S'pore, NTU in S'pore, TU Darmstadt, and Saarland University.
Update: Ranked among Top-50 most popular IEEE TSE articles for 6 months! [1,2,3,4,5,6]
  
[DISSERTATION]
Automated Regression Testing and Verification of Complex Code Changes
Marcel Böhme
Thesis submitted for the degree of Doctor of Philosophy (PhD), Department of Computer Science, National University of Singapore
PhD Defense in July'14
  
[FSE'14]
On the Efficiency of Automated Testing
Marcel Böhme and Soumya Paul
(One-line Abstract) Software Testing as Probabilistic Verification and its efficiency vis-à-vis random testing.
22nd ACM SIGSOFT International Symposium on the Foundations of Software Engineering (FSE) 2014, pp. 632-642
Note: A short version "Über die Effizienz des Automatischen Testens" appears in German in the Proceedings of SE'15.
  
[ISSTA'14]
CoREBench: Studying Complexity of Regression Errors
Marcel Böhme and Abhik Roychoudhury
(One-line Abstract) A benchmark and the quantitative difference between simple and complex errors.
23rd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA) 2014, pp. 398-408
Note: Check out CoREBench - a collection of 70 real regression errors. Found to exceed expectations by the AEC.
Note: Making Top10 most downloaded articles in the past 3 months in ACM Software Engineering Notes, Nov'14.
  
[ESEC/FSE'13]
Regression Tests to Expose Change Interaction Errors
Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
(One-line Abstract) A new class of errors in evolving software and a technique to expose them.
Joint meeting of the European Software Engineering Conference and the
ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE) 2013, pp. 339-349
  
[ICSE'13]
Partition-based Regression Verification
Marcel Böhme, Bruno C.d.S. Oliveira, and Abhik Roychoudhury
(One-line Abstract-1) Dynamic Semantic Differencing using Regression Test Generation and Input Partitioning.
(One-line Abstract-2) The Practicability of Regression Testing and the Guarantees of Regression Verification.
ACM/IEEE International Conference on Software Engineering (ICSE) 2013, pp.300-309
Note: The technical report, containing proofs for theorems 1 and 2, will be provided on demand.
  
[ADCOM'13]
Regression Testing of Evolving Programs
Marcel Böhme, Abhik Roychoudhury, and Bruno C.d.S. Oliveira
(One-line Abstract) Review and survey of recent advances in the testing of evolving programs.
Advances in Computers, Elsevier, 2013, Volume 89, Chapter 2, pp.53-88
  
[ICSE'12]
PDF Software Regression as Change of Input Partitioning
Marcel Böhme
(One-line Abstract) My doctoral research agenda.
ACM/IEEE International Conference on Software Engineering (ICSE) 2012, pp.1523-1526
  
© Above are the author's versions of the works. They are posted here for your personal use. Not for redistribution.
   The definitive versions were published in the referenced conferences.

Service

  • Committee Member
    • ICSE NIER Papers: 2015 (session chair)
    • FSE Demo Papers: 2016
    • ISSTA Artifact Evaluation: 2015, 2016
    • ICSE Student Research Competition (SRC): 2018
    • MSR Mining Challenge (MC): 2018
  • Reviewer
    • Transactions on Software Engineering (TSE): 2014, 2015, 2016, 2017
    • Journal of Software Testing, Verification and Reliability (STVR): 2017
    • Journal of Information and Software Technology (IST): 2015
    • Journal of Software: Evolution and Process (JSME): 2017
    • International Conference on Software Engineering (ICSE): 2017
    • International Symposium on the Foundations of Software Engineering (FSE): 2017
    • International Symposium on Software Testing and Analysis (ISSTA): 2013, 2015, 2016
    • International Conference on Automated Software Engineering (ASE): 2013
    • International Conference on Software Testing (ICST): 2013, 2014
    • International Conference on Fundamental Approaches to Software Engineering (FASE): 2013
  • Other Service
    • Represented NUS PhDs @ Focus Group Discussions with Ministry of Education, Singapore
    • Outreach NUS to TU Dresden
    • Co-Organizer of CSTalks, a seminar-style talk series (2011/12)
    • Graduate Student Representative @ Graduate Liason Committee (2010/11)
    • University Ambassador @ Technische Universität Dresden, Germany

Security Advisories (42) and Reported Bugs (96)

My tools have found several security-critical vulnerabilities in widely used open-source projects and libraries, such as php (4), valgrind, gdb, coreutils (13), binutils (56), libiberty (8), libdwarf (7), libxml2 (4), libming, and libav. Most vulnerabilities were detected during experiments of Thuan and myself. My tools have been discussed on Hackernews and by the coreutils package maintainer Pádraig Brady.
Google Security awarded USD 2,000 for my source-level hardening of security-critical open-source libraries.

CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490,
CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131, CVE-2017-6965,
CVE-2017-6966, CVE-2017-6969, CVE-2017-7209, CVE-2017-7210, CVE-2017-7223,
CVE-2017-7224, CVE-2017-7225, CVE-2017-7226, CVE-2017-7227, CVE-2017-7299,
CVE-2017-7300, CVE-2017-7301, CVE-2017-7302, CVE-2017-7303, CVE-2017-7304,
CVE-2017-7578, CVE-2017-8392, CVE-2017-8393, CVE-2017-8394, CVE-2017-8395,
CVE-2017-8396, CVE-2017-8397, CVE-2017-8398, CVE-2017-9047, CVE-2017-9048,
CVE-2017-9049, CVE-2017-9050, CVE-2017-9051, CVE-2017-9052, CVE-2017-9053,
CVE-2017-9054, CVE-2017-9055

Post Scriptum - Umlauts

My last name is properly written with an umlaut (i.e, Böhme). The letter ö is pronounced like 'u' in fur or 'e' in earn.
Latex/BibtexB{\"o}hme
HTMLBöhme
UTF8Böhme
Latex supports umlauts natively using \usepackage[utf8]{inputenc} among the imports.
The correct english transliteration spells: Boehme.

Marcel Böhme < · https://www.comp.nus.edu.sg/~mboehme · Updated: 2017-10-24 14:05