2024
USENIX Sec'24
|
|
Uncovering the Limits of Machine Learning for Automatic Vulnerability Detection. |
 |
Niklas Risse and Marcel Böhme.
|
|
|
33rd USENIX Security Symposium (USENIX Sec'24).
19pp.
|
|
|
Abstract:
Are machine learning models for vulnerability discovery as good as they seem?
|
|
[
pdf
]
[
bib
]
|
|
|
CCS'24
|
|
|
Testing Side-Channel Security of Cryptographic Implementations Against Future Microarchitectures. |
|
G. Barthe, M. Böhme, S. Cauligi, C. Chuengsatiansup, D. Genkin, M. Guarnieri, D. Romero, P. Schwabe, D. Wu, and Y. Yarom.
|
|
🧑💻
|
31st ACM Conference on Computer and Communications Security (CCS'24).
16pp.
|
|
|
Abstract:
How to find side-channels in crypto implementations running on future microarchitectures.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
ICSE'24
|
|
|
Extrapolating Coverage Rate in Greybox Fuzzing. |
|
Danushka Liyanage, Seongmin Lee, Chakkrit Tantithamthavorn, and Marcel Böhme.
|
|
🧑💻
|
46th International Conference on Software Engineering (ICSE'24).
13pp.
|
|
|
Abstract:
How to *predict* the coverage rate of a greybox fuzzer in the future.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
NDSS'24
|
|
|
Large Language Model guided Protocol Fuzzing. |
|
Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury.
|
|
🧑💻
|
Network and Distributed System Security Symposium (NDSS'24).
15pp.
|
|
|
Abstract:
How to make a fuzzer ask ChatGPT about the correct structure and order of messages as specified in 100+ pages of RFC.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[
github
]
|
|
|
TSE'24
|
|
|
Human-In-The-Loop Automatic Program Repair. |
|
Charaka Geethal Kapugama, Marcel Böhme, and Van-Thuan Pham.
|
|
🧑💻
|
IEEE Transactions on Software Engineering.
24pp.
|
|
|
Abstract:
Learn2fix automatically negotiates with the user the condition under which the bug is observed before it repairs the bug.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
Note: Journal extension of our homonymous ICST'20 paper. |
|
|
TOSEM'24
|
|
On the Impact of Lower Recall and Precision in Defect Prediction for Guiding Search-Based Software Testing. |
|
Anjana Perera, Burak Turhan, Aldeida Aleti, and Marcel Böhme.
|
|
|
ACM Transactions on Software Engineering and Methodology.
|
|
|
|
Note: Accepted subject to minor revisions. |
|
2023
CACM'23 Research Highlight
|
|
|
Boosting Fuzzer Efficiency: An Information Theoretic Perspective. |
|
Marcel Böhme, Valentin J. M. Manès, and Sang Kil Cha.
|
|
🧑💻
|
Communcations of the ACM 66(11).
9pp.
|
|
|
Abstract:
Every generated input reveals some information about the program. Maximizing information maximizes efficiency.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
| 🏆 |
Award: CACM Research Highlight for the month of November. CACM a journal sent to all members of the ACM. |
|
Note: CACM Technical Perspective: "What's all the fuss about fuzzing?" by the amazing Gordon Fraser! |
|
|
ESEC / FSE'23
|
|
|
Statistical Reachability Analysis. |
|
Seongmin Lee and Marcel Böhme.
|
|
🧑💻
|
31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC / FSE'23).
12pp.
|
|
|
Abstract:
Quantiative program analysis using a statistical rather than an analytical approach.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
ASE'23
|
|
|
Precise Data-Driven Approximation for Program Analysis via Fuzzing. |
|
Nikhil Parasaram, Earl T. Barr, Sergey Mechtaev, and Marcel Böhme.
|
|
🧑💻
|
38th IEEE/ACM International Conference on Automated Software Engineering (ASE'23).
12pp.
|
|
|
Abstract:
Marry static analysis to over-/under-approx. the valid state space and fuzzing + stats to estimate the degree of validity.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
|
ICSE'23
|
|
|
Reachable Coverage: Estimating Saturation in Fuzzing. |
|
Danushka Liyanage, Marcel Böhme, Chakkrit Tantithamthavorn, and Stephan Lipp.
|
|
🧑💻
|
45th International Conference on Software Engineering (ICSE'23).
13pp.
|
|
|
Abstract:
Estimating the maximum achievable coverage by automatic test input generation.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
|
|
Note: Featured in the Fuzzing Weekly Newsletter (CW5). |
|
|
ICSE'23
|
|
|
Evaluating the Impact of Experimental Assumptions in Automated Fault Localization. |
|
Ezekiel Soremekun, Lukas Kirschner, Marcel Böhme, and Mike Papadakis.
|
|
🧑💻
|
ACM/IEEE 45th International Conference on Software Engineering (ICSE'23).
13pp.
|
|
|
Abstract:
Evaluating the assumptions that researchers make during debugging tool evaluations.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[🔗
website
]
|
|
|
ISSTA'23
|
|
|
Green Fuzzing: A Saturation-based Stopping Criterion using Vulnerability Prediction. |
|
Stephan Lipp, Daniel Elsner, Severin Kacianka, Alexander Pretschner, Marcel Böhme, and Sebastian Banescu.
|
|
🧑💻
|
32nd ACM/SIGSOFT International Symposium on Software Testing and Analysis (ISSTA'23).
13pp.
|
|
|
Abstract:
We suggest to stop a fuzzing campaign when the coverage of potentially vulnerable code saturates.
|
|
[
pdf
]
[
bib
]
[🧑💻
artifact
]
[
github
]
|
|
|
ESEC / FSE'23 (SRC)
|
|
|
Detecting Overfitting of Machine Learning Techniques for Automatic Vulnerability Detection. |
|
Niklas Risse.
|
|
|
Student Research Competition (SRC) at the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering (ESEC / FSE'23 (SRC)).
3pp.
|
|
|
|
