Computer Engineering / Bilgisayar Mühendisliği

Permanent URI for this collectionhttps://hdl.handle.net/11147/10

Browse

Filters

2008 - 200922010 - 20111

Settings

Author: search.filters.author.Tuğlular, TuğkanSubject: search.filters.subject.Network security

Search Results

Now showing 1 - 3 of 3
  • Conference Object
    Citation - WoS: 1
    Automatic Enforcement of Location Aware User Based Network Access Control Policies
    (World Scientific and Engineering Academy and Society, 2008) Tuğlular, Tuğkan
    Multiple interconnected network segments distributed across various locations, such as corporate networks, where users or employees constantly travel among segments and require to access servers, need to have network access control mechanisms that are able to adapt to these location changes. The idea of a firewall changing or adapting its rules depending on the location of users is presented by an architecture in this paper. This architecture proposes deployment of a policy server at the management level and policy agents at the firewall level, so that policy-driven network security management is enabled by specifying location aware user based network access control policies at the network security management and enforcing them at the managed firewalls. The architecture presented in this paper utilizes user VPN connection event triggers for dynamic policy configuration and automated policy deployment to firewalls. Location aware user based network access control policies, which are management level policies, are implemented using XACML. A network level policy is usually a configuration, or policy, file local to the firewall. The policy agent incorporated into the firewall performs the mapping from management level policy to firewall policy.
  • Conference Object
    Citation - Scopus: 1
    Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2011) Tuğlular, Tuğkan; Gerçek, Gürcan
    As part of network security testing an administrator needs to know whether the firewall enforces the security policy as expected or not. In this setting black-box testing and evaluation methodologies can be helpful. In this paper we employ a simple mutation operation namely flipping a bit to generate mutant firewall policies and use them to evaluate our previously proposed weighted test case selection method for firewall testing. In the previously proposed firewall testing approach abstract test cases that are automatically generated from firewall decision diagrams are instantiated by selecting test input values from different test data pools for each field of firewall policy. Furthermore a case study is presented to validate the proposed approach. © 2011 IEEE
  • Conference Object
    Citation - WoS: 5
    Citation - Scopus: 6
    The 1st Workshop on Model-Based Verification & Validation: Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Kaya, Özgür; Müftüoğlu, Can Arda; Belli, Fevzi
    Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.