Computer Engineering / Bilgisayar Mühendisliği

Permanent URI for this collectionhttps://hdl.handle.net/11147/10

Browse

Filters

2006 - 200912010 - 20181

Settings

Institution Author: search.filters.institutionAuthor.Tuğlular, TuğkanPublisher: search.filters.publisher.Springer Verlag

Search Results

Now showing 1 - 2 of 2
  • Article
    Citation - WoS: 6
    Citation - Scopus: 6
    Estimating Software Robustness in Relation To Input Validation Vulnerabilities Using Bayesian Networks
    (Springer Verlag, 2018) Ufuktepe, Ekincan; Tuğlular, Tuğkan
    Estimating the robustness of software in the presence of invalid inputs has long been a challenging task owing to the fact that developers usually fail to take the necessary action to validate inputs during the design and implementation of software. We propose a method for estimating the robustness of software in relation to input validation vulnerabilities using Bayesian networks. The proposed method runs on all program functions and/or methods. It calculates a robustness value using information on the existence of input validation code in the functions and utilizing common weakness scores of known input validation vulnerabilities. In the case study, ten well-known software libraries implemented in the JavaScript language, which are chosen because of their increasing popularity among software developers, are evaluated. Using our method, software development teams can track changes made to software to deal with invalid inputs.
  • Article
    Citation - WoS: 4
    Citation - Scopus: 9
    End-To Security Implementation for Mobile Devices Using Tls Protocol
    (Springer Verlag, 2006) Kayayurt, Barış; Tuğlular, Tuğkan
    End-to-end security has been an emerging need for mobile devices with the widespread use of personal digital assistants and mobile phones. Transport Layer Security Protocol (TLS) is an end-to-end security protocol that is commonly used on the Internet, together with its predecessor, SSL protocol. By implementing TLS protocol in the mobile world, the advantage of the proven security model of this protocol can be utilized. The main design goals of mobile end-to-end security protocol are maintainability and extensibility. Cryptographic operations are performed with a free library, Bouncy Castle Cryptography Package. The object oriented architecture of proposed end-to-end security protocol implementation makes the replacement of this library with another cryptography package easier. The implementation has been experimented with different cases, which represent use of different cryptographic algorithms.