2025
ISSTA'25
|
|
Top Score on the Wrong Exam: On Benchmarking in Machine Learning for Vulnerability Detection. |
 |
Niklas Risse, Jing Liu, and Marcel Böhme.
|
|
🧑💻
|
34th ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'25).
22pp.
|
|
|
Abstract:
The most prevalent problem statement of ML4VD as function-level binary classification problem is ill-defined.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
| 🏆 |
Award: Our paper was selected as ACM Distinguished Papers (Top 8% of accepted papers). Congrats Niklas and Jing! |
|
Note: Supplementary material can be found here: ISSTA25-supplementary.pdf |
|
|
S&P
|
|
|
How to Solve Cybersecurity Once and For All. |
|
Marcel Böhme.
|
|
|
IEEE Security and Privacy, Vol. 23, Issue 3.
|
|
|
Abstract:
We should stop trying to confirm the effectiveness of our defenses and start failing to find counterexamples.
|
|
[
pdf
]
[
bib
]
|
|
Note: Invited journal article. A much abbreviated version of the keynote at RAID'24 |
|
|
TOSEM
|
|
|
Software Security Analysis in 2030 and Beyond: A Research Roadmap. |
|
Marcel Böhme, Eric Bodden, Tevfik Bultan, Cristian Cadar, Yang Liu, and Giuseppe Scanniello.
|
|
|
ACM Transactions on Software Engineering and Methodology.
25pp.
|
|
|
Abstract:
Challenges and opportunities for the security analysis of our software systems of the future.
|
|
[
pdf
]
[
bib
]
|
|
Note: Invited article (Special Section: 2030 Software Engineering Roadmap). |
|
|
TOSEM
|
|
|
Fuzzing: On Benchmarking Outcome as a Function of Benchmark Properties. |
|
Dylan Wolff, Marcel Böhme, and Abhik Roychoudhury.
|
|
|
ACM Transactions on Software Engineering and Methodology.
24pp.
|
|
|
Abstract:
How would fuzzer ranking change if programs were larger or initial seeds had more coverage?
|
|
[
pdf
]
[
bib
]
|
|
|
TSE
|
|
|
AFLNet Five Years Later: On Coverage-Guided Protocol Fuzzing. |
|
Ruijie Meng, Van-Thuan Pham, Marcel Böhme, and Abhik Roychoudhury.
|
|
|
IEEE Transactions on Software Engineering.
14pp.
|
|
|
Abstract:
State- and code-coverage-guided greybox fuzzing (Extended version of our ICSE'20 Tool Demo)
|
|
[
pdf
]
[
bib
]
[
github
]
|
|
|
ICLR'25
|
|
|
How Much is Unseen Depends Chiefly on Information About the Seen. |
|
Seongmin Lee and Marcel Böhme.
|
|
🧑💻
|
13th International Conference on Learning Representations (ICLR'25).
22pp.
|
|
|
Abstract:
Significant progress on a beautiful statistical riddle. Can estimate data representativeness.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
| 🏆 |
Award: Our paper was selected as ICLR'25 Spotlight (Top 5% of accepted papers). Congrats Seongmin! |
|
|
ICSE'25
|
|
|
Invivo Fuzzing by Amplifying Actual Executions. |
|
Octavio Galland and Marcel Böhme.
|
|
🧑💻
|
47th International Conference on Software Engineering (ICSE'25).
13pp.
|
|
|
Abstract:
Don't attach a fuzzer using fuzz drivers! Inject a fuzzer and amplify any state.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
ICSE'25
|
|
|
Accounting for Missing Events in Statistical Information Leakage Analysis. |
|
Seongmin Lee, Shreyas Minocha, and Marcel Böhme.
|
|
🧑💻
|
47th International Conference on Software Engineering (ICSE'25).
12pp.
|
|
|
Abstract:
Estimating software privacy in the small sample regime.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
FSE'25
|
|
|
MendelFuzz: The Return of the Deterministic Stage. |
|
Han Zheng, Flavio Toffalini, Marcel Böhme, and Mathias Payer.
|
|
🧑💻
|
ACM International Conference on the Foundations of Software Engineering (FSE'25).
21pp.
|
|
|
Abstract:
Can a fuzzer cover more code with minimal corruption of the initial seed?
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
2024
TOSEM
|
|
|
On the Impact of Lower Recall and Precision in Defect Prediction for Guiding Search-based Software Testing. |
|
Anjana Perera, Burak Turhan, Aldeida Aleti, and Marcel Böhme.
|
|
🧑💻
|
ACM Transactions on Software Engineering and Methodology 33(6).
27pp.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
USENIX Sec'24
|
|
|
Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection. |
|
Niklas Risse and Marcel Böhme.
|
|
🧑💻
|
33rd USENIX Security Symposium (USENIX Sec'24).
19pp.
|
|
|
Abstract:
Are machine learning models for vulnerability discovery as good as they seem?
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[
github
]
|
|
|
CCS'24
|
|
|
Testing Side-Channel Security of Cryptographic Implementations Against Future Microarchitectures. |
|
G. Barthe, M. Böhme, S. Cauligi, C. Chuengsatiansup, D. Genkin, M. Guarnieri, D. Romero, P. Schwabe, D. Wu, and Y. Yarom.
|
|
🧑💻
|
31st ACM Conference on Computer and Communications Security (CCS'24).
16pp.
|
|
|
Abstract:
How to find side-channels in crypto implementations running on future microarchitectures.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
| 🏆 |
Award: Our paper won the ACM SIGSAC Distinguished Paper Award at CCS'24. Congrats all! |
|
|
ICSE'24
|
|
|
Extrapolating Coverage Rate in Greybox Fuzzing. |
|
Danushka Liyanage, Seongmin Lee, Chakkrit Tantithamthavorn, and Marcel Böhme.
|
|
🧑💻
|
46th International Conference on Software Engineering (ICSE'24).
13pp.
|
|
|
Abstract:
How to *predict* the coverage rate of a greybox fuzzer in the future.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
NDSS'24
|
|
|
Large Language Model guided Protocol Fuzzing. |
|
Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury.
|
|
🧑💻
|
Network and Distributed System Security Symposium (NDSS'24).
15pp.
|
|
|
Abstract:
How to make a fuzzer ask ChatGPT about the correct structure and order of messages as specified in 100+ pages of RFC.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[
github
]
|
|
|
TSE
|
|
|
Human-In-The-Loop Automatic Program Repair. |
|
Charaka Geethal Kapugama, Marcel Böhme, and Van-Thuan Pham.
|
|
🧑💻
|
IEEE Transactions on Software Engineering.
24pp.
|
|
|
Abstract:
Learn2fix automatically negotiates with the user the condition under which the bug is observed before it repairs the bug.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
Note: Journal extension of our homonymous ICST'20 paper. |
|
2023
CACM
|
|
|
Boosting Fuzzer Efficiency: An Information Theoretic Perspective. |
|
Marcel Böhme, Valentin J. M. Manès, and Sang Kil Cha.
|
|
🧑💻
|
Communcations of the ACM 66(11).
9pp.
|
|
|
Abstract:
Every generated input reveals some information about the program. Maximizing information maximizes efficiency.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
| 🏆 |
Award: CACM Research Highlight for the month of November. CACM a journal sent to all members of the ACM. |
|
Note: CACM Technical Perspective: "What's all the fuss about fuzzing?" by the amazing Gordon Fraser! |
|
|
ESEC / FSE'23
|
|
|
Statistical Reachability Analysis. |
|
Seongmin Lee and Marcel Böhme.
|
|
🧑💻
|
31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC / FSE'23).
12pp.
|
|
|
Abstract:
Quantiative program analysis using a statistical rather than an analytical approach.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
ASE'23
|
|
|
Precise Data-Driven Approximation for Program Analysis via Fuzzing. |
|
Nikhil Parasaram, Earl T. Barr, Sergey Mechtaev, and Marcel Böhme.
|
|
🧑💻
|
38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23).
12pp.
|
|
|
Abstract:
Marry static analysis to over-/under-approx. the valid state space and fuzzing + stats to estimate the degree of validity.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
ICSE'23
|
|
|
Reachable Coverage: Estimating Saturation in Fuzzing. |
|
Danushka Liyanage, Marcel Böhme, Chakkrit Tantithamthavorn, and Stephan Lipp.
|
|
🧑💻
|
45th International Conference on Software Engineering (ICSE'23).
13pp.
|
|
|
Abstract:
Estimating the maximum achievable coverage by automatic test input generation.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
Note: Featured in the Fuzzing Weekly Newsletter (CW5). |
|
|
ICSE'23
|
|
|
Evaluating the Impact of Experimental Assumptions in Automated Fault Localization. |
|
Ezekiel Soremekun, Lukas Kirschner, Marcel Böhme, and Mike Papadakis.
|
|
🧑💻
|
ACM/IEEE 45th International Conference on Software Engineering (ICSE'23).
13pp.
|
|
|
Abstract:
Evaluating the assumptions that researchers make during debugging tool evaluations.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[🔗
website
]
|
|
|
ISSTA'23
|
|
|
Green Fuzzing: A Saturation-based Stopping Criterion using Vulnerability Prediction. |
|
Stephan Lipp, Daniel Elsner, Severin Kacianka, Alexander Pretschner, Marcel Böhme, and Sebastian Banescu.
|
|
🧑💻
|
32nd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23).
13pp.
|
|
|
Abstract:
We suggest to stop a fuzzing campaign when the coverage of potentially vulnerable code saturates.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[
github
]
|
|
|
ESEC / FSE'23 (SRC)
|
|
|
Detecting Overfitting of Machine Learning Techniques for Automatic Vulnerability Detection. |
|
Niklas Risse.
|
|
|
Student Research Competition (SRC) at the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC / FSE'23 (SRC)).
3pp.
|
|
[
pdf
]
[
bib
]
|
|
|
SBFT'23
|
|
|
Continuous Fuzzing: A Study of the Effectiveness and Scalability of Fuzzing in CI/CD Pipelines. |
|
Thijs Klooster, Fatih Turkmen, Gerben Broenink, Ruben Ten Hove, and Marcel Böhme.
|
|
🧑💻
|
2023 IEEE/ACM International Workshop on Search-Based and Fuzz Testing (SBFT'23).
13pp.
|
|
|
Abstract:
How to integrate fuzzing in a CI/CD pipeline, where time is limited but the analysis can be incremental?
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[
github
]
|
|
