My Authors
Read all threads
For my new followers, my research group is interested in techniques that make machines attack other machines with maximal efficiency. All our tools are open-source, so people can use them to identify security bugs before they are exploited.

This is how it all started.
My first technical paper introduced a technique that could, in principle, *prove* that no bug was introduced by a new code commit [ICSE'13]. This was also the first of several symbolic execution-based whitebox fuzzers [FSE'13, ASE'16, ICSE'20].…
Yet, something was amiss. Even a simple random input generator could outperform my most effective whitebox fuzzer if it generated inputs fast enough. To understand why, we modelled fuzzing as a sampling process and proved some bounds [FSE'14, TSE'15].
How can we use this insight? How to make our fuzzer explore more "behaviors" per minute (like a whitebox fuzzer)? We maximally bias the input generation towards rare behaviors. To understand how, we model our fuzzer as Markov chain [CCS'16, TSE'18].
Did someone say Markov chain? Many search strategies are defined as traversals of Markov chains. Let's search something. We used Simulated Annealing search to reduce the distance to a given set of target locations in the other machine's code [CCS'17]
Now, some machines process inputs only if they adhere to a certain structure, such as a file format. Instead of low-level mutations of an input, we suggest a high-level mutation of the structural representation of an input (partial parse tree) [TSE'19].
Other machines require inputs to follow a certain *order*. For instance, servers implement protocols to communicate with a client, and phones are controlled by a sequence of user events. Knowing the required order, the problem might be easier [ICST'20].…
If we don't know the required order, we can start with generating a random sequence. Along the way, we identify interesting states and take snapshots, like before a boss fight in a game. Once we are stuck, we restore the most progressive state [ICSE'20].…
Meanwhile, we wanted to stand fuzzing on some formal foundations, so we can investigate fundamental limitations of various approaches. Turns out, ecological biostatistics provides a nice statistical framework and some interesting estimators [TOSEM'18].…
Using and extending the STADS statistical model, we introduced information theory to fuzzing. Each new input reveals some information about the machine's behaviors. Entropy measures this information. Maximize entropy, you maximize efficiency [FSE'20].…
We also used the STADS model to explain an empirical observation that seems like a contradiction. You increase # machines exponentially, you find *all* bugs exponentially faster, but given a fixed time budget, you only find linearly more bugs [FSE'20].…
After finding bugs, they need to be debugged & fixed [ISSTA'14, FSE'17, ICST'20]; e.g., our human-in-the-loop automated repair has the machine negotiate with the bug-reporting user the condition under which the program fails, before it repairs the bug.…
Finally, none of this would be possible without our group's students, colleagues, and collaborators. Kudos!
Missing some Tweet in this thread? You can try to force a refresh.

Keep Current with Marcel Böhme

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!