Tuğlular, Tuğkan
Loading...
Name Variants
Tuğkan Tuğlular
Tuǧlular, T.
Tuglular, Tugkan
Tuglular, T.
Tuğlular, Tuğkan
Tuglular, Tugkan
Tuǧlular, T.
Tuglular, Tugkan
Tuglular, T.
Tuğlular, Tuğkan
Tuglular, Tugkan
Job Title
Assoc. Prof. Dr.
Email Address
tugkantuglular@iyte.edu.tr
ORCID ID
Scopus Author ID
Turkish CoHE Profile ID
Google Scholar ID
WoS Researcher ID
Scholarly Output
110
Articles
19
Citation Count
239
Supervised Theses
34
108 results
Scholarly Output Search Results
Now showing 1 - 10 of 108
Master Thesis Standards and practices necessary to implement a successful security review program for intrusion management systems(Izmir Institute of Technology, 2002) Doruk, Alpay; Tuğlular, Tuğkan; Tuğlular, TuğkanIntrusion Management Systems are being used to prevent the information systems from successful intrusions and their consequences. They also have detection features. They try to detect intrusions, which have passed the implemented measures. Also the recovery of the system after a successful intrusion is made by the Intrusion Management Systems. The investigation of the intrusion is made by Intrusion Management Systems also. These functions can be existent in an intrusion management system model, which has a four layers architecture. The layers of the model are avoidance, assurance, detection and recovery. At the avoidance layer necessary policies, standards and practices are implemented to prevent the information system from successful intrusions. At the avoidance layer, the effectiveness of implemented measures are measured by some test and reviews. At the detection layer the identification of an intrusion or intrusion attempt is made in the real time. The recovery layer is responsible from restoring the information system after a successful intrusion. It has also functions to investigate the intrusion. Intrusion Management Systems are used to protect information and computer assets from intrusions. An organization aiming to protect its assets must use such a system. After the implementation of the system, continuous reviews must be conducted in order to ensure the effectiveness of the measures taken. Such a review can achieve its goal by using principles and standards. In this thesis, the principles necessary to implement a successful review program for Intrusion Management Systems have been developed in the guidance of Generally Accepted System Security Principles (GASSP). These example principles are developed for tools of each Intrusion Management System layer. These tools are firewalls for avoidance layer, vulnerability scanners for assurance layer, intrusion detection systems for detection layer and integrity checkers for recovery layer of Intrusion Management Systems.Conference Object Citation Count: 1Mutation Operators for Decision Table-Based Contracts Used in Software Testing(Ieee, 2020) Khalilov, Abbas; Tuglular, Tugkan; Belli, Fevzi; Tuğlular, Tuğkan; Bilgisayar Mühendisliği BölümüThe Design by Contract technique allows developers to improve source code with contracts, and testing using contracts helps to identify faults. However, the source code of the program under test is not always available. With black-box testing, it is possible to generate contracts from specifications of the software. In this paper, we apply mutation analysis on a model of a given specifications, where mutants are initially gained by applying proposed in this paper certain mutation operators on corresponding model, and then mutated specifications are examined.Article Citation Count: 3Tracking Code Bug Fix Ripple Effects Based on Change Patterns Using Markov Chain Models(Ieee-inst Electrical Electronics Engineers inc, 2022) Ufuktepe, Ekincan; Tuglular, Tugkan; Palaniappan, Kannappan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği BölümüChange impact analysis evaluates the changes that are made in the software and finds the ripple effects, in other words, finds the affected software components. Code changes and bug fixes can have a high impact on code quality by introducing new vulnerabilities or increasing their severity. A recent high-visibility example of this is the code changes in the log4j web software CVE-2021-45105 to fix known vulnerabilities by removing and adding method called change types. This bug fix process exposed further code security concerns. In this article, we analyze the most common set of bug fix change patterns to have a better understanding of the distribution of software changes and their impact on code quality. To achieve this, we implemented a tool that compares two versions of the code and extracts the changes that have been made. Then, we investigated how these changes are related to change impact analysis. In our case study, we identified the change types for bug-inducing and bug fix changes using the Quixbugs dataset. Furthermore, we used 13 of the projects and 621 bugs from Defects4J to identify the common change types in bug fixes. Then, to find the change types that cause an impact on the software, we performed an impact analysis on a subset of projects and bugs of Defects4J. The results have shown that, on average, 90% of the bug fix change types are adding a new method declaration and changing the method body. Then, we investigated if these changes cause an impact or a ripple effect in the software by performing a Markov chain-based change impact analysis. The results show that the bug fix changes had only impact rates within a range of 0.4-5%. Furthermore, we performed a statistical correlation analysis to find if any of the bug fixes have a significant correlation with the impact of change. The results have shown that there is a negative correlation between caused impact with the change types adding new method declaration and changing method body. On the other hand, we found that there is a positive correlation between caused impact and changing the field type.Master Thesis A model-based test generation approach for agile software product lines(Izmir Institute of Technology, 2020-07) Öztürk, Dilek; Tuğlular, Tuğkan; Tuğlular, TuğkanAchieving fast development of good-quality software products is as important as achieving pure functionality. Qualified software development provides client satisfaction, reduces post-deployment costs and certificates the products. In addition to increasing quality, clients expect to tailor the products according to their needs and therefore, product configurability becomes more and more critical. Hence, the software manufacturing is required to adapt this configurable development process correspondingly. Software product line is a paradigm that purposes faster development of qualified software products that belongs to a particular domain. This thesis concentrates on quality assurance in software product lines and provides novel model-based approaches which are full test sequence composition and incremental test sequence composition approaches that aim to reuse existent test artefacts. Full test sequence composition approach reuses the existing test models and the test sequences are composed from scratch each time a product variant's test sequences are generated. Incremental test sequence composition approach reuses both of the test models and the existing test sequences of product variants. Whenever a product variant's test sequences are generated, existing test sequences and features which are incrementing the existing product are composed. The proposed approaches and the classical test generation of ESGs are compared, the results show that the incremental test sequence composition is the best in terms of both test set size and test generation time, the full test sequence composition is better than the single model ESG test generation in terms of test suite size but not in terms of test generation time.Article Citation Count: 0A Domain-Specific Language for the Document-Based Model-Driven Engineering of Business Applications(Ieee-inst Electrical Electronics Engineers inc, 2022) Leblebici, Onur; Kardas, Geylani; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği Bölümü; Bilgisayar Mühendisliği BölümüTo facilitate the development of business applications, a domain-specific language (DSL), called DARC, is introduced in this paper. Business documents including the descriptions of the responsibilities, authorizations, and collaborations, are used as the first-class entities during model-driven engineering (MDE) with DARC. Hence the implementation of the business applications can be automatically achieved from the corresponding document models. The evaluation of using DARC DSL for the development of commercial business software was performed in an international sales, logistics, and service solution provider company. The results showed that the code for all business documents and more than 50% of the responsibility descriptions composing the business applications could be generated automatically by modeling with DARC. Finally, according to the users' feedback, the assessment clearly revealed the adoption of DARC features in terms of the DSL quality characteristics, namely functional suitability, usability, reliability, maintainability, productivity, extensibility, compatibility, and expressiveness.Master Thesis Development of a web services security archhitecture based on .net framework(Izmir Institute of Technology, 2008) Bacı, Recep; Tuğlular, Tuğkan; Tuğlular, TuğkanService Oriented Architecture (SOA) is an architectural style which allows interaction of diverse applications regardless of their platform, implementation languages and locations by utilizing generic and reliable services that can be used as application building block. SOA includes methodologies and strategies to follow in order to develop sophisticated applications and information systems. SOA is different from the traditional architectures as it has its own unique architectural characteristics and regulations, which needs to be analyzed and clarified so as to apply the information that should be included in the architectural model of SOA correctly to service based application development. The newest technology for SOA is web service technology which gains more and more importance as a technology to develop distributed serviceoriented applications. Web services are an emergent paradigm for implementing business collaborations over the web. Each service has an interface that is accessible through standard protocols and that describes the interaction capabilities of the service.This master's thesis primarily examines the web services concept of the .NET platform having the emphasis on secure communication. A case study demonstrates securing the communication between a web service and its clients through RIJNDAEL, 3DES and RSA algorithms implemented on code based structure which uses the identity token, provided from identity web service, to validate the identity of the client and the status token provided from status web service in order to validate the status of the client.A number of tests are performed using different cryptographic algorithms and network settings for the communication in order to obtain operational values of these algorithms.Article Citation Count: 0Application of the Law of Minimum and Dissimilarity Analysis to Regression Test Case Prioritization(Ieee-inst Electrical Electronics Engineers inc, 2023) Ufuktepe, Ekincan; Tuglular, Tugkan; Tuğlular, Tuğkan; Bilgisayar Mühendisliği BölümüRegression testing is one of the most expensive processes in testing. Prioritizing test cases in regression testing is critical for the goal of detecting the faults sooner within a large set of test cases. We propose a test case prioritization (TCP) technique for regression testing called LoM-Score inspired by the Law of Minimum (LoM) from biology. This technique calculates the impact probabilities of methods calculated by change impact analysis with forward slicing and orders test cases according to LoM. However, this ordering doesn't consider the possibility that consecutive test cases may be covering the same methods repeatedly. Thereby, such ordering can delay the time of revealing faults that exist in other methods. To solve this problem, we enhance the LoM-Score TCP technique with an adaptive approach, namely with a dissimilarity-based coordinate analysis approach. The dissimilarity-based coordinate analysis uses Jaccard Similarity for calculating the similarity coefficients between test cases in terms of covered methods and the enhanced technique called Dissimilarity-LoM-Score (Dis-LoM-Score) applies a penalty with respective on the ordered test cases. We performed our case study on 10 open-source Java projects from Defects4J, which is a dataset of real bugs and an infrastructure for controlled experiments provided for software engineering researchers. Then, we hand-seeded multiple mutants generated by Major, which is a mutation testing tool. Then we compared our TCP techniques LoM-Score and Dis-LoM-Score with the four traditional TCP techniques based on their Average Percentage of Faults Detected (APFD) results.Master Thesis Measurement of JavaScript applications' readiness to untrusted data using Bayesian Networks(Izmir Institute of Technology, 2014-07) Ufuktepe, Ekincan; Tuğlular, Tuğkan; Tuğlular, TuğkanWeb applications have become an integral part of our daily lives. People mostly provide their important needs, such as people keep their private data, do their banking transactions, shopping etc. through web applications. Therefore, web applications have been an attractive target to malicious individuals and organizations. The usage of JavaScript language by web application developers is increasing very fast, especially after JavaScript started to service back-end developers as well. Therefore, JavaScript has incorporated both front-end and back-end developers. Concurrently, due to flexibility and its most popular library called jQuery, JavaScript has become an attractive to web application developers. OWASP updates the top 25 security vulnerabilities regularly. According the results, SQL Injection (CWE-89) and Operating System Command Injection (CWE-78) has taken the 1st place and Cross-Site Scripting (XSS) (CWE-79) has taken the 3rd place. The results shows that three input validation based vulnerabilities appear in the top three; therefore, it can be said that input validation vulnerabilities have become critical vulnerabilities of web applications. However, developers still fail to validate the inputs or use libraries to protect their web applications against input validation vulnerabilities. In this thesis, JavaScript application’s functions are analyzed to determine if their parameters are validated or not. Then, according to the invalidated inputs, a Bayesian Network to measure its readiness to input validation vulnerabilities is generated.Master Thesis Improving misuse detection with neural networks(Izmir Institute of Technology, 2005) Demiray, Sadettin; Tuğlular, Tuğkan; Tuğlular, TuğkanMisuse Intrusion Detection Systems are rule-based systems that search attack patterns in the data source. Detection ability of misuse detectors is limited to known attack patterns; hence unknown attacks may be missed. In addition, writing new signatures for novel attacks can be troublesome and time consuming. Similarly behavior based IDSs suffered from high rates of false alarms. Artificial neural networks have generalization ability, thus they can be used with intrusion detection system in order to identify normal and attack packets without the need of writing rules. We proposed to use neural networks with network-based IDS. To achieve this, system was trained and tested with both normal and malicious network packets. Backpropagation and Levenberg-Marquardt algorithms were used to train neural networks. For each of these training algorithms a 3-layer and a 4-layer MLP network sets were generated. In addition, self-organizing maps were used to classify attack instances. DARPA 1999 Intrusion Detection Evaluation dataset was used for training and testing, but lack of enough attack patterns in evaluation dataset made us to create a testbed to obtain sufficient malicious traffic. After training was completed, trained neural networks were tested against training dataset and test dataset, which is not part of the training dataset. Results of the experiments showed that, none of the trained backpropagation networks could identify attacks in training and/or testing data sets. But results of the Levenberg-Marquardt networks were more promising as nine of the trained Levenberg-Marquardt networks could identify attack and normal network packets in training and test datasets.Master Thesis Mutation analysis of specification-based contracts in software testing [Master Thesis](01. Izmir Institute of Technology, 2021-07) Khalilov, Abbas; Tuğlular, Tuğkan; Tuğlular, Tuğkan; Belli, Fevzi; 01. Izmir Institute of TechnologySoftware used in fields such as medicine, finance, aviation and aerospace, nuclear power etc. is required to be reliable. Any software failures in these fields may have catastrophic consequences such as human and financial losses, which may cause a great damage to the economy and to social well-being. Hence, before launching, software should be rigorously tested. Testing can uncover the conditions, which software cannot handle. Those conditions might be overlooked during development. So, software testing points to the faults in the software under development to be patched. The important element of software testing is the use of the adequate test cases. If the outcome of the test case is positive, that means testing did not reveal any fault, then this test case might be considered as inefficient and useless for the tested version of software. Therefore, it is important to check test cases on adequacy, which can be achieved by mutation analysis. This thesis focuses on checking the adequacy of the test cases for Decision-Table-augmented Event Sequence Graphs (ESG-DTs) representation of a system under test by using mutation analysis. Test cases are represented in the Complete Event Sequence (CES) and Faulty CES (FCES) forms. This thesis presents a new set of mutation operators for mutation of contracts represented in Multi-Terminal Binary Decision Diagram (MTBDD). This thesis introduces a new approach for mutation of the ESG-DT model by using the proposed MTBDD mutation operators. The proposed approach is evaluated on three cases. The results for all cases show the drawback of specific FCES test sequences and the relationship between the mutant detection by CES/FCES sequences and proposed mutation operators.
