Computer Engineering / Bilgisayar Mühendisliği
Permanent URI for this collectionhttps://hdl.handle.net/11147/10
Browse
4 results
Search Results
Now showing 1 - 4 of 4
Conference Object Citation - WoS: 1Automatic Enforcement of Location Aware User Based Network Access Control Policies(World Scientific and Engineering Academy and Society, 2008) Tuğlular, TuğkanMultiple interconnected network segments distributed across various locations, such as corporate networks, where users or employees constantly travel among segments and require to access servers, need to have network access control mechanisms that are able to adapt to these location changes. The idea of a firewall changing or adapting its rules depending on the location of users is presented by an architecture in this paper. This architecture proposes deployment of a policy server at the management level and policy agents at the firewall level, so that policy-driven network security management is enabled by specifying location aware user based network access control policies at the network security management and enforcing them at the managed firewalls. The architecture presented in this paper utilizes user VPN connection event triggers for dynamic policy configuration and automated policy deployment to firewalls. Location aware user based network access control policies, which are management level policies, are implemented using XACML. A network level policy is usually a configuration, or policy, file local to the firewall. The policy agent incorporated into the firewall performs the mapping from management level policy to firewall policy.Conference Object Citation - Scopus: 1Mutation-Based Evaluation of Weighted Test Case Selection for Firewall Testing(Institute of Electrical and Electronics Engineers Inc., 2011) Tuğlular, Tuğkan; Gerçek, GürcanAs part of network security testing an administrator needs to know whether the firewall enforces the security policy as expected or not. In this setting black-box testing and evaluation methodologies can be helpful. In this paper we employ a simple mutation operation namely flipping a bit to generate mutant firewall policies and use them to evaluate our previously proposed weighted test case selection method for firewall testing. In the previously proposed firewall testing approach abstract test cases that are automatically generated from firewall decision diagrams are instantiated by selecting test input values from different test data pools for each field of firewall policy. Furthermore a case study is presented to validate the proposed approach. © 2011 IEEEConference Object Citation - Scopus: 2Feedback Control Based Test Case Instantiation for Firewall Testing(Institute of Electrical and Electronics Engineers Inc., 2010) Tuğlular, Tuğkan; Gerçek, GürcanA firewall's proper functioning is critical to the network it protects. Thus, a firewall should be tested with respect to its intended security policy. We propose a feedback control based approach for test case generation to detect mismatches between firewall's expected and executed behavior. In the proposed approach, abstract test cases are generated from firewall decision diagrams and instantiated with the test input values chosen using the proposed feedback control based selection algorithm. A case study is presented to validate the presented approach.Conference Object Citation - Scopus: 3Protocol-Based Testing of Firewalls(Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Belli, FevziA firewall is the most important tool of network security defense. Its proper functioning is critical to the network it protects. Therefore a firewall should be tested rigorously with respect to its implemented network protocols and security policy specification. We propose a combined approach for test case generation to uncover errors both in firewall software and in its configuration. In the proposed approach, abstract test cases are generated by mutating event sequence graph model of chosen network protocol and filled with values from policy specification by using equivalence partitioning and boundary value analysis. A case study is presented to validate the presented approach.