Böhme Research Group: Home

This is the MPI Software Security group lead by Dr Marcel Böhme at the Max Planck Institute for Security and Privacy (MPI-SP) in Germany. We are interested in the automatic discovery of security flaws in software systems at the very large scale. Some of us work on the foundations of automatic vulnerability discovery and program analysis in general. For instance, we seek to identify fundamental limitations of existing techniques, we study empirical methods (incl. statistical and causal reasoning) for program analysis, and we explore the assurances that software testing provides when no bugs are found. Another part of our group develops practical vulnerability discovery tools that are widely used in software security practice. For instance, Entropic is the default power schedule in LibFuzzer which powers the largest fuzzing platforms at Google and Microsoft, fuzzing hundreds of security-critical projects on 100k machines 24/7. Our tools have discovered 100+ bugs in widely-used software systems, more than 70 of which are security-critical vulnerabilities registered as CVEs at the US National Vulnerability Database.

News

Oct 2023 Our discovery of a connection between fuzzing and information theory is this month’s CACM research highlight! CACM is the monthly journal sent to all members of the ACM. The CACM Technical Perspective was written by the amazing Prof Gordon Fraser.
Oct 2023 Paper on protocol fuzzing equipped with LLMs to interrogate protocol RFCs accepted at NDSS’24! Congrats Ruijie and team!
Oct 2023 Teaching a seminar on software and network security with Kevin Borgolte! Looking forward to the papers and experiments!
Aug 2023 Created a new web presence for the MPI Software Security Group.
Aug 2023 Co-organized the CASA Summer School on Software Security in Bochum. Thanks to all the speakers and participants!
Aug 2023 Two papers on statistical reasoning about programs accepted at ESEC/FSE’23 and ASE’23. Congrats Seongmin and Nikhil et al.!
Jul 2023 Journal extension of our work on human-in-the-loop automatic program repair to appear at the IEEE TSE! Congrats Charaka et al!
Jun 2023 Co-organized the FUZZING’23 workshop and the SBFT Fuzzing Tool Competition! Great way to catch up.
Older news…

Opportunities

People

Graduate Students (Main advisor)

Danushka Liyanage

PhD Candidate (Monash)
Niklas Risse

PhD Student (MPI-SP / CASA)
Octavio Galland

PhD Student (MPI-SP / CASA)

Graduate Students (Co-advisor)

Zac Hatfield-Dodds

PhD student (ANU, on leave @ Anthropic, w/ Tony Hosking)
Philipp Görz

PhD student (CISPA / RUB, w/ Thorsten Holz)

Interns and Visiting Researchers

Abhishek Shah

Columbia University, USA
Simran Kathpalia

Amrita University, India
Rafaila Galanopoulou

Athens University, Greece

Faculty

Marcel Böhme

Faculty member

Research Fellows

Seongmin Lee

Research Fellow

Past Research Fellows

Zahra Mirzamomen

PostDoc 2020-23. Now at Monash University.
Van-Thuan Pham

PostDoc 2018-20. Now at University of Melbourne.
Behrad Garmany

PostDoc 2022. Now at Onapsis Inc.

Alumni

Charaka Geethal Kapugama

PhD 2023. Now at University of Ruhuna, Sri Lanka.
Anjana Perera

PhD 2022 (co-adviced). Now at Oracle Labs, Australia.

Past Research Assistents

Bharath Krish

Research Assistent 2020-22. Now at Deloitte.

Past Interns and Visiting Researchers

Shreyas Minocha 2023. Rice University, USA
Stephan Lipp 2022. TU Munich, Germany
Nikhil Parasaram 2022. University College London, UK
Dongjia Zhang 2022. Tokyo University, Japan.
Christian Presa Schnell 2022. TU Munich, Germany
Octavio Galland 2022. U. of Buenos Aires, Argentina

Past Undergraduate Students

Robert Stark 2022. MSc thesis (co-adviced). Moved to Bosch.
Tobias Wienand 2022. BSc thesis (co-adviced).