Browsing by Author "Tuglular, T."

Now showing 1 - 20 of 37

Citation - Scopus: 6
The 1st workshop on model-based verification & validation: Directed acyclic graph modeling of security policies for firewall testing
(2009) Tuglular, T.; Kaya, Ö.; Müftüoǧlu, C.A.; Belli, F.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Currently network security of institutions highly depend on firewalls, which are used to separate untrusted network from trusted one by enforcing security policies. Security policies used in firewalls are ordered set of rules where each rule is represented as a predicate and an action. This paper proposes modeling of firewall rules via directed acyclic graphs (DAG), from which test cases can be automatically generated for firewall testing. The approach proposed follows test case generation algorithm developed for event sequence graphs. Under a local area network setup with the aid of a specifically developed software for this purpose, generated test cases are converted to network test packets, test packets are sent to the firewall under test (FUT), and sent packets are compared with passed packets to determine test result. © 2009 IEEE.
Citation - Scopus: 4
An architecture for verification of access control policies with multi agent system ontologies
(2009) Tekbacak, F.; Tuglular, T.; Dikenelli, O.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Multi-agent systems (MAS) which communicate with intra-domain and inter-domain agent platforms have access control requirements. Instead of a central mechanism, a fine-graned access control mechanism could have been applied to MAS platforms. This paper emphasizes MAS-based domain and security ontologies with XACML-based access control approach for MAS platforms. The domain dependent behaviour and access control parameters in agent ontologies could be combined within a common XACML policy document that is used through different MAS applications. Agent-based access control requirements and common XACML policy documents should be consistent to enforce policies for MAS. To obtain this condition, the translation of organizational policies and platform based policies have to be considered in detail and the verified policy features have to be enforced in MAS to provide access for resources. © 2009 IEEE.
Citation - Scopus: 0
Automatic Code Generation with Document Responsibility Collaboration Modelling Method
(Institute of Electrical and Electronics Engineers Inc., 2020) Tuglular, T.; Leblebici, O.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
UML is highly preferred for design in current software development approaches. However, the conceptual gap between entities in business processes and classes in UML designs is not small. To reduce this gap, this paper proposes using documents that are vital to every business. The proposed new method called Document Responsibility Collaboration puts the concept of documents at the center. In the proposed method, documents are meta-models of classes in terms of programming, and at the same time, they are meta-models of relationships in terms of permanence. The proposed Document Responsibility Collaboration method uses the domain concept in which domains are made up of documents, and a document defined in a domain can work with another document in any domain to fulfill its responsibility. Document Responsibility Collaboration method defines a process, which starts at the transition from analysis to design phase and continues to the code generation phase. An example from the order management domain is provided to validate the recommended method. © 2020 IEEE.
Citation - Scopus: 3
Behavior-Driven Development of Software Product Lines
(Institute of Electrical and Electronics Engineers Inc., 2021) Tuglular, T.; Coskun, D.E.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Software product lines (SPLs) develop families of similar software products, which share a standard set of features, and they build in variety via optional features. That means customers can select features according to their needs and come up with a product configuration. Then the SPL is expected automatically to generate and test the software product for the chosen configuration. There are various SPL solutions for the automatic generation of software products, but those SPLs lack automatic testing of the generated product. To overcome this shortcoming, the SPL should automatically compose a test suite according to the selected features, automatically execute the test suite on the product, and automatically generate a test report delivered to the customer with the product. This paper proposes such an approach through behavior driven development. The proposed method is evaluated with a smart home SPL. © 2021 IEEE.
Citation - Scopus: 5
Code change sniffer: Predicting future code changes with Markov chain
(Institute of Electrical and Electronics Engineers Inc., 2021) Ufuktepe, E.; Tuglular, T.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Code changes are one of the essential processes of software evolution. These changes are performed to fix bugs, improve quality of software, and provide a better user experience. However, such changes made in code could lead to ripple effects that can cause unwanted behavior. To prevent such issues occurring after code changes, code change prediction, change impact analysis techniques are used. The proposed approach uses static call information, forward slicing, and method change information to build a Markov chain, which provides a prediction for code changes in the near future commits. For static call information, we utilized and compared call graph and effect graph. We performed an evaluation on five open-source projects from GitHub that varies between 5K-26K lines of code. To measure the effectiveness of our proposed approach, recall, precision, and f-measure metrics have been used on five open-source projects. The results show that the Markov chain that is based on call graph can have higher precision compared to effect graph. On the other hand, for small number of cases higher recall values are obtained with effect graph compared to call graph. With a Markov chain model based on call graph and effect graph, we can achieve recall values between 98%-100%. © 2021 IEEE.
Citation - Scopus: 0
Event Sequence Graph-Based Feature-Oriented Testing: A Preliminary Study
(Institute of Electrical and Electronics Engineers Inc., 2018) Tuglular, T.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
This paper proposes a model-based approach for feature-oriented testing using event sequence graphs (ESGs). ESGs are used to generate test cases automatically for positive and negative testing. To fit ESG models to feature-oriented testing, two new improvements on ESGs are proposed. The first improvement is on repetitive use of refinement ESG and the second improvement is saving state in an ESG and passing it to the following ESG. This is a work towards communicating hierarchical ESGs. The preliminary results demonstrate the feasibility of the proposed approach. The proposed approach improves testability of features. © 2018 IEEE.
Citation - Scopus: 8
Event-based input validation using design-by-contract patterns
(2009) Tuglular, T.; Muftuoglu, C.A.; Belli, F.; Linschulte, M.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
This paper proposes an approach for validation of numerical inputs based on graphical user interfaces (GUI) that are modeled and specified by event sequence graphs (ESG). For considering complex structures of input data, ESGs are augmented by decision tables and patterns of design by contract (DbC). The approach is evaluated by experiments on boundary overflows, which occur when input values violate the range of specified values. Furthermore, a tool is presented that implements our approach enabling a semiautomatically detection of boundary overflow errors and suggesting correction steps based on DbC. © 2009 IEEE.
Citation - Scopus: 5
Featured event sequence graphs for model-based incremental testing of software product lines
(IEEE Computer Society, 2019) Tuglular, T.; Beyazit, M.; Ozturk, D.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
The goal of software product lines (SPLs) is rapid development of high-quality software products in a specific domain with cost minimization. To assure quality of software products from SPLs, products need to be tested systematically. However, testing every product variant in isolation is generally not feasible for large number of product variants. An approach to deal with this issue is to use incremental testing, where test artifacts that are developed for one product are reused for another product which can be obtained by incrementally adding features to the prior product. We propose a novel model-based test generation approach for products developed using SPL that follows incremental testing paradigm. First, we introduce Featured Event Sequence Graphs (FESGs), an extension of ESGs, that provide necessary definitions and operations to support commonalities and variabilities in SPLs with respect to test models. Then we propose a test generation technique for the product variants of an SPL, which starts from any product. The proposed technique with FESGs avoids redundant test generation for each product from SPL. We compare our technique with in-isolation testing approach by a case study. © 2019 IEEE.
Citation - Scopus: 2
Feedback control based test case instantiation for firewall testing
(2010) Tuglular, T.; Gercek, G.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü; Bilgisayar Mühendisliği Bölümü
A firewall's proper functioning is critical to the network it protects. Thus, a firewall should be tested with respect to its intended security policy. We propose a feedback control based approach for test case generation to detect mismatches between firewall's expected and executed behavior. In the proposed approach, abstract test cases are generated from firewall decision diagrams and instantiated with the test input values chosen using the proposed feedback control based selection algorithm. A case study is presented to validate the presented approach. © 2010 IEEE.
Citation - Scopus: 2
Firewall configuration management using XACML policies
(2008) Tuglular, T.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
[No abstract available]
Citation - Scopus: 4
GUI-based testing of boundary overflow vulnerability
(2009) Tuglular, T.; Muftuoglu, C.A.; Kaya, O.; Belli, F.; Linschulte, M.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Boundary overflows are caused by violation of constraints, mostly limiting the range of internal values of a program, and can be provoked by an intruder to gain control of or access to stored data. In order to countermeasure this well-known vulnerability issue, this paper focuses on input validation of graphical user interfaces (GUI). The approach proposed generates test cases for numerical inputs based on GUI specification through decision tables. If boundary overflow error(s) are detected, the source code will be analyzed to localize and correct the encountered error(s) automatically. © 2009 IEEE.
Citation - Scopus: 3
Incremental Testing in Software Product Lines - An Event Based Approach
(Institute of Electrical and Electronics Engineers Inc., 2023) Beyazit, M.; Tuglular, T.; Kaya, D.O.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
One way of developing fast, effective, and high-quality software products is to reuse previously developed software components and products. In the case of a product family, the software product line (SPL) approach can make reuse more effective. The goal of SPLs is faster development of low-cost and high-quality software products. This paper proposes an incremental model-based approach to test products in SPLs. The proposed approach utilizes event-based behavioral models of the SPL features. It reuses existing event-based feature models and event-based product models along with their test cases to generate test cases for each new product developed by adding a new feature to an existing product. Newly introduced featured event sequence graphs (FESGs) are used for behavioral feature and product modeling; thus, generated test cases are event sequences. The paper presents evaluations with three software product lines to validate the approach and analyze its characteristics by comparing it to the state-of-the-art ESG-based testing approach. Results show that the proposed incremental testing approach highly reuses the existing test sets as intended. Also, it is superior to the state-of-the-art approach in terms of fault detection effectiveness and test generation effort but inferior in terms of test set size and test execution effort. © 2013 IEEE.
Citation - Scopus: 0
JavaScript kütüphaneleri için girdi dogrulama analizi
(CEUR-WS, 2015) Ufuktepe, E.; Tuglular, T.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Nowadays, mobile and web based software has been an integral part of our lives. In recent years, there has been an increase in usage of JavaScript libraries in those kind of software. Although these JavaScript libraries fulfill the functions they have promised with respect to the application program interfaces they provide, they are not robust against unexpected inputs. In this study, the parameters and global variables of functions in the five selected JavaScript li-braries that are frequently used in mobile and web based software are analyzed for input validation. For this purpose, an input validation model has been pro-posed. Based on this model, a tool called TAJS that performs a type analysis on JavaScript programs has been extended with a proposed algorithm. The result-ing tool is executed on five JavaScript libraries and obtained results are shared.
Citation - Scopus: 0
Location aware self-adapting firewall policies
(2008) Tuglular, T.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
Private access to corporate servers from Internet can be achieved using various security mechanisms. This article presents a network access control mechanism that employs a policy management architecture empowered with dynamic firewalls. With the existence of such an architecture, system and/or network administrators do not need to reconfigure firewalls when there is a location change in user settings, reconfiguration will be automatic and seamless. The proposed architecture utilizes dynamic firewalls, which adapt their policies according to user locations through the guidance of a policy server. This architecture is composed of a VPN client at user site, a domain firewall with VPN capabilities, a policy server containing a policy decision engine, and policy agents residing in dynamic firewalls, which map policy server decisions to firewall policy rules, at server site.
Citation - Scopus: 0
Message from TAIN Symposium Organizing Committee
(IEEE Computer Society, 2015) Tuglular, T.; Cai, Y.; Dustdar, S.; Yamazaki, K.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
[No abstract available]
Citation - Scopus: 0
Message from the MVV workshop chairs
(IEEE Computer Society, 2012) Tuglular, T.; Linschulte, M.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
[No abstract available]
Citation - Scopus: 0
Message from the NCIW Program Co-chairs
(IEEE Computer Society, 2017) Tuglular, T.; Cai, Y.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
[No abstract available]
Citation - Scopus: 0
Message from the Symposium Chairs: ISSSR 2022
(Institute of Electrical and Electronics Engineers Inc., 2022) Wong, W.E.; Wotawa, F.; Zheng, L.; Tuglular, T.; Yang, H.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
[No abstract available]
Citation - Scopus: 0
Message from the TAIN Program Co-chairs
(IEEE Computer Society, 2016) Tuglular, T.; Cai, Y.; Dustdar, S.; Yamazaki, K.; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü
[No abstract available]
Citation - Scopus: 0
Model based testing of VHDL programs
(IEEE Computer Society, 2015) Ayav, T.; Tuglular, T.; Belli, F.; Tuğlular, Tuğkan; Ayav, Tolga; Bilgisayar Mühendisliği Bölümü
VHDL programs are often validated by means of test benches constructed from formal system specification. To include real-time properties of VHDL programs, the proposed approach first transforms them to concurrently running network of timed automata and then performs model checking on properties taken from the specification. Counterexamples generated by the model checker are used to form a test bench. The approach is validated by a case study composed of a nontrivial application running on a microprocessor. As presented, the approach enables testing both hardware and software at once. © 2015 IEEE.