Computer Engineering / Bilgisayar Mühendisliği

Permanent URI for this collectionhttps://hdl.handle.net/11147/10

Browse

Filters

20092

Settings

Institution Author: search.filters.institutionAuthor.Müftüoğlu, Can ArdaSubject: search.filters.subject.Security testing

Search Results

Now showing 1 - 2 of 2
  • Conference Object
    Citation - WoS: 5
    Citation - Scopus: 6
    The 1st Workshop on Model-Based Verification & Validation: Directed Acyclic Graph Modeling of Security Policies for Firewall Testing
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Kaya, Özgür; Müftüoğlu, Can Arda; Belli, Fevzi
    Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result.
  • Conference Object
    Citation - Scopus: 9
    Event-Based Input Validation Using Design-By Patterns
    (Institute of Electrical and Electronics Engineers Inc., 2009) Tuğlular, Tuğkan; Müftüoğlu, Can Arda; Belli, Fevzi; Linschulte, M.
    This paper proposes an approach for validation of numerical inputs based on graphical user interfaces (GUI) that are modeled and specified by event sequence graphs (ESG). For considering complex structures of input data, ESGs are augmented by decision tables and patterns of design by contract (DbC). The approach is evaluated by experiments on boundary overflows, which occur when input values violate the range of specified values. Furthermore, a tool is presented that implements our approach enabling a semiautomatically detection of boundary overflow errors and suggesting correction steps based on DbC.