Computer Engineering / Bilgisayar Mühendisliği

Permanent URI for this collectionhttps://hdl.handle.net/11147/10

Browse

Filters

2006 - 200912

Settings

Author: search.filters.author.Tuğlular, TuğkanEnd date: 2009

Search Results

Now showing 1 - 10 of 12
  • Conference Object
    Citation - WoS: 1
    Automatic Enforcement of Location Aware User Based Network Access Control Policies
    (World Scientific and Engineering Academy and Society, 2008) Tuğlular, Tuğkan
    Multiple interconnected network segments distributed across various locations, such as corporate networks, where users or employees constantly travel among segments and require to access servers, need to have network access control mechanisms that are able to adapt to these location changes. The idea of a firewall changing or adapting its rules depending on the location of users is presented by an architecture in this paper. This architecture proposes deployment of a policy server at the management level and policy agents at the firewall level, so that policy-driven network security management is enabled by specifying location aware user based network access control policies at the network security management and enforcing them at the managed firewalls. The architecture presented in this paper utilizes user VPN connection event triggers for dynamic policy configuration and automated policy deployment to firewalls. Location aware user based network access control policies, which are management level policies, are implemented using XACML. A network level policy is usually a configuration, or policy, file local to the firewall. The policy agent incorporated into the firewall performs the mapping from management level policy to firewall policy.
  • Conference Object
    Citation - Scopus: 4
    Test Case Generation for Firewall Implementation Testing Using Software Testing Techniques
    (Tafford Publishing, 2008) Tuğlular, Tuğkan
    The firewall implementation testing approach checks actions performed by the firewall with respect to corresponding firewall rules. This type of firewall testing can be implemented by developing test cases from firewall rule sequence, generating test packets using those test cases and injecting those test packets into the firewall. Although this method has been already defined in the academic world, an approach to generate test cases does not exist in the literature. In this work, a test case generation approach is developed using software testing techniques. © 2008 Atilla Elçi.
  • Conference Object
    Monitoring of Policy Operations in a Distributed Firewall Environment
    (2008) Çakı, Oğuzhan; Tuğlular, Tuğkan; Çetin, Füsun
    Distributed firewalls concept has been introduced to overcome some drawbacks of traditional firewalls. Distributed firewall approach is based on the idea of enforcing policy rules at the intermediate and end points rather than a single entry point to the network. Management of policy rules in a distributed firewall environment requires surveillance of policy operations performed on each firewall. With this paper, we propose a monitoring architecture and its application prototype for distributed firewalls to keep track of actions, such as create, read, update, and delete, carried out on policy rule sets. We performed some emulation and laboratory experiments to obtain operational values of the proposed architecture. ©2008 by Bo?aziçi University.
  • Conference Object
    Citation - Scopus: 1
    A Semantic Based Certification and Access Control Approach Using Security Patterns on Seagent
    (Knowledge Systems Institute, 2008) Tekbacak, Fatih; Tuğlular, Tuğkan; Dikenelli, Oğuz
    In this paper, we propose a security infrastructure for communication between agents adaptable to FIPA security specifications by employing security patterns and semantic based policy descriptions. Security patterns are used as a generalized approach for generating security based services. This paper analyzes the authentication and semantic based access control among agents by using the security patterns.
  • Conference Object
    Citation - Scopus: 4
    An Architecture for Verification of Access Control Policies With Multi Agent System Ontologies
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tekbacak, Fatih; Tuğlular, Tuğkan; Dikenelli, Oğuz
    Multi-agent systems (MAS) which communicate with intra-domain and inter-domain agent platforms have access control requirements. Instead of a central mechanism, a fine-graned access control mechanism could have been applied to MAS platforms. This paper emphasizes MAS-based domain and security ontologies with XACML-based access control approach for MAS platforms. The domain dependent behaviour and access control parameters in agent ontologies could be combined within a common XACML policy document that is used through different MAS applications. Agent-based access control requirements and common XACML policy documents should be consistent to enforce policies for MAS. To obtain this condition, the translation of organizational policies and platform based policies have to be considered in detail and the verified policy features have to be enforced in MAS to provide access for resources.
  • Conference Object
    Citation - Scopus: 5
    Gui-Based Testing of Boundary Overflow Vulnerability
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Müftüoğlu, Can Arda; Kaya, Özgür; Belli, Fevzi; Linschulte, M.
    Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of a program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error(s) are detected, the source code will be analyzed to localize and correct the encountered error(s) automatically.
  • Conference Object
    Citation - WoS: 5
    Citation - Scopus: 6
    The 1st Workshop on Model-Based Verification & Validation: Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Kaya, Özgür; Müftüoğlu, Can Arda; Belli, Fevzi
    Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.
  • Conference Object
    Citation - Scopus: 3
    Protocol-Based Testing of Firewalls
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Belli, Fevzi
    A firewall is the most important tool of network security defense. Its proper functioning is critical to the network it protects. Therefore a firewall should be tested rigorously with respect to its implemented network protocols and security policy specification. We propose a combined approach for test case generation to uncover errors both in firewall software and in its configuration. In the proposed approach, abstract test cases are generated by mutating event sequence graph model of chosen network protocol and filled with values from policy specification by using equivalence partitioning and boundary value analysis. A case study is presented to validate the presented approach.
  • Conference Object
    Citation - Scopus: 9
    Event-Based Input Validation Using Design-By Patterns
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Müftüoğlu, Can Arda; Belli, Fevzi; Linschulte, M.
    This paper proposes an approach for validation of numerical inputs based on graphical user interfaces (GUI) that are modeled and specified by event sequence graphs (ESG). For considering complex structures of input data, ESGs are augmented by decision tables and patterns of design by contract (DbC). The approach is evaluated by experiments on boundary overflows, which occur when input values violate the range of specified values. Furthermore, a tool is presented that implements our approach enabling a semiautomatically detection of boundary overflow errors and suggesting correction steps based on DbC.
  • Article
    Location Aware Self-Adapting Firewall Policies
    (World Scientific and Engineering Academy and Society, 2008) Tuğlular, Tuğkan
    Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user settings, reconfiguration will be automatic and seamless. The proposed architecture utilizes dynamic firewalls, which adapt their policies according to user locations through the guidance of a policy server. This architecture is composed of a VPN client at user site, a domain firewall with VPN capabilities, a policy server containing a policy decision engine, and policy agents residing in dynamic firewalls, which map policy server decisions to firewall policy rules, at server site.