WoS İndeksli Yayınlar Koleksiyonu / WoS Indexed Publications Collection

Permanent URI for this collectionhttps://hdl.handle.net/11147/7150

Browse

Filters

2009 - 200932010 - 201942020 - 20221

Settings

Institution Author: search.filters.institutionAuthor.Tuğlular, TuğkanPublisher: search.filters.publisher.Institute of Electrical and Electronics Engineers Inc.

Search Results

Now showing 1 - 8 of 8
  • Article
    Citation - WoS: 7
    Citation - Scopus: 8
    Tracking Code Bug Fix Ripple Effects Based on Change Patterns Using Markov Chain Models
    (Institute of Electrical and Electronics Engineers Inc., 2022) Ufuktepe, Ekincan; Tuğlular, Tuğkan; Palaniappan, Kanappan
    Change impact analysis evaluates the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. Code changes and bug fixes can have a high impact on code quality by introducing new vulnerabilities or increasing their severity. A recent high-visibility example of this is the code changes in the log4j web software CVE-2021-45105 to fix known vulnerabilities by removing and adding method called change types. This bug fix process exposed further code security concerns. In this article, we analyze the most common set of bug fix change patterns to have a better understanding of the distribution of software changes and their impact on code quality. To achieve this, we implemented a tool that compares two versions of the code and extracts the changes that have been made. Then, we investigated how these changes are related to change impact analysis. In our case study, we identified the change types for bug-inducing and bug fix changes using the Quixbugs dataset. Furthermore, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixes. Then, to find the change types that cause an impact on the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation with the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type.
  • Conference Object
    Event Sequence Graph-Based Feature-Oriented Testing: a Preliminary Study
    (Institute of Electrical and Electronics Engineers Inc., 2018) Tuğlular, Tuğkan
    This paper proposes a model-based approach for feature-oriented testing using event sequence graphs (ESGs). ESGs are used to generate test cases automatically for positive and negative testing. To fit ESG models to feature-oriented testing, two new improvements on ESGs are proposed. The first improvement is on repetitive use of refinement ESG and the second improvement is saving state in an ESG and passing it to the following ESG. This is a work towards communicating hierarchical ESGs. The preliminary results demonstrate the feasibility of the proposed approach. The proposed approach improves testability of features.
  • Conference Object
    Citation - WoS: 8
    Citation - Scopus: 9
    A Program Slicing-Based Bayesian Network Model for Change Impact Analysis
    (Institute of Electrical and Electronics Engineers Inc., 2018) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Change impact analysis plays an important role in identifying potential affected areas that are caused by changes that are made in a software. Most of the existing change impact analysis techniques are based on architectural design and change history. However, source code-based change impact analysis studies are very few and they have shown higher precision in their results. In this study, a static method-granularity level change impact analysis, that uses program slicing and Bayesian Network technique has been proposed. The technique proposes a directed graph model that also represents the call dependencies between methods. In this study, an open source Java project with 8999 to 9445 lines of code and from 505 to 528 methods have been analyzed through 32 commits it went. Recall and f-measure metrics have been used for evaluation of the precision of the proposed method, where each software commit has been analyzed separately.
  • Conference Object
    Citation - WoS: 1
    Citation - Scopus: 5
    Automation Architecture for Bayesian Network Based Test Case Prioritization and Execution
    (Institute of Electrical and Electronics Engineers Inc., 2016) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    An automation architecture for Bayesian Network based test case prioritization is designed for software written in Java programming language following the approach proposed by Mirarab and Tahvildari [2]. The architecture is implemented as an integration of a series of tools and called Bayesian Network based test case prioritization and execution platform. The platform is triggered by a change in the source code, then it collects necessary information to be supplied to Bayesian Network and uses Bayesian Network evaluation results to run high priority unit tests.
  • Conference Object
    Model Based Testing of Vhdl Programs
    (Institute of Electrical and Electronics Engineers Inc., 2015) Ayav, Tolga; Tuğlular, Tuğkan; Belli, Fevzi
    VHDL programs are often validated by means of test benches constructed from formal system specification. To include real-time properties of VHDL programs, the proposed approach first transforms them to concurrently running network of timed automata and then performs model checking on properties taken from the specification. Counterexamples generated by the model checker are used to form a test bench. The approach is validated by a case study composed of a nontrivial application running on a microprocessor. As presented, the approach enables testing both hardware and software at once.
  • Conference Object
    Citation - Scopus: 4
    An Architecture for Verification of Access Control Policies With Multi Agent System Ontologies
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tekbacak, Fatih; Tuğlular, Tuğkan; Dikenelli, Oğuz
    Multi-agent systems (MAS) which communicate with intra-domain and inter-domain agent platforms have access control requirements. Instead of a central mechanism, a fine-graned access control mechanism could have been applied to MAS platforms. This paper emphasizes MAS-based domain and security ontologies with XACML-based access control approach for MAS platforms. The domain dependent behaviour and access control parameters in agent ontologies could be combined within a common XACML policy document that is used through different MAS applications. Agent-based access control requirements and common XACML policy documents should be consistent to enforce policies for MAS. To obtain this condition, the translation of organizational policies and platform based policies have to be considered in detail and the verified policy features have to be enforced in MAS to provide access for resources.
  • Conference Object
    Citation - Scopus: 5
    Gui-Based Testing of Boundary Overflow Vulnerability
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Müftüoğlu, Can Arda; Kaya, Özgür; Belli, Fevzi; Linschulte, M.
    Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of a program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error(s) are detected, the source code will be analyzed to localize and correct the encountered error(s) automatically.
  • Conference Object
    Citation - WoS: 5
    Citation - Scopus: 6
    The 1st Workshop on Model-Based Verification & Validation: Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Kaya, Özgür; Müftüoğlu, Can Arda; Belli, Fevzi
    Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.