emre can uzun - Academia.edu (original) (raw)
Uploads
Papers by emre can uzun
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, 2015
As online automation, image processing and computer vision become increasingly powerful and sophi... more As online automation, image processing and computer vision become increasingly powerful and sophisticated, methods to secure online assets from automated attacks (bots) are required. As traditional text based CAPTCHAs become more vulnerable to attacks, new methods for ensuring a user is human must be devised. To provide a solution to this problem, we aim to reduce some of the security shortcomings in an alternative style of CAPTCHA - more specifically, the image CAPTCHA. Introducing noise helps image CAPTCHAs thwart attacks from Reverse Image Search (RIS) engines and Computer Vision (CV) attacks while still retaining enough usability to allow humans to pass challenges. We present a secure image generation method based on noise addition that can be used for image CAPTCHAs, along with 4 different styles of image CAPTCHAs to demonstrate a fully functional image CAPTCHA challenge system.
Journal of Computer Security, 2014
Providing restrictive and secure access to resources is a challenging and socially important prob... more Providing restrictive and secure access to resources is a challenging and socially important problem. Among the many formal security models, Role Based Access Control (RBAC) has become the norm in many of today's organizations for enforcing security. For every model, it is necessary to analyze and prove that the corresponding system is secure. Such analysis helps understand the implications of security policies and helps organizations gain confidence on the control they have on resources while providing access, and devise and maintain policies. In this paper, we consider security analysis for the Temporal RBAC (TR-BAC), one of the extensions of RBAC. The TRBAC considered in this paper allows temporal restrictions on roles themselves, user-permission assignments (UA), permission-role assignments (PA), as well as role hierarchies (RH). Towards this end, we first propose a suitable administrative model that governs changes to temporal policies. Then we propose our security analysis strategy, that essentially decomposes the temporal security analysis problem into smaller and more manageable RBAC security analysis sub-problems for which the existing RBAC security analysis tools can be employed. We then evaluate them from a practical perspective by evaluating their performance using simulated data sets.
Ayşegül Altın, Utku Koç and all of the friends that I failed to mention here for their friendship... more Ayşegül Altın, Utku Koç and all of the friends that I failed to mention here for their friendship and support during my graduate study. I indebted to my dear friends Muratcan Alkan, Fırat Karataş, Mustafa Ersoy, Alper Kargı for their morale support and keen friendship. Also, I would like to express my gratitude to TÜBİTAK for its financial support throughout my Master's study.
Proceedings of the 20th ACM Symposium on Access Control Models and Technologies, 2015
As online automation, image processing and computer vision become increasingly powerful and sophi... more As online automation, image processing and computer vision become increasingly powerful and sophisticated, methods to secure online assets from automated attacks (bots) are required. As traditional text based CAPTCHAs become more vulnerable to attacks, new methods for ensuring a user is human must be devised. To provide a solution to this problem, we aim to reduce some of the security shortcomings in an alternative style of CAPTCHA - more specifically, the image CAPTCHA. Introducing noise helps image CAPTCHAs thwart attacks from Reverse Image Search (RIS) engines and Computer Vision (CV) attacks while still retaining enough usability to allow humans to pass challenges. We present a secure image generation method based on noise addition that can be used for image CAPTCHAs, along with 4 different styles of image CAPTCHAs to demonstrate a fully functional image CAPTCHA challenge system.
Journal of Computer Security, 2014
Providing restrictive and secure access to resources is a challenging and socially important prob... more Providing restrictive and secure access to resources is a challenging and socially important problem. Among the many formal security models, Role Based Access Control (RBAC) has become the norm in many of today's organizations for enforcing security. For every model, it is necessary to analyze and prove that the corresponding system is secure. Such analysis helps understand the implications of security policies and helps organizations gain confidence on the control they have on resources while providing access, and devise and maintain policies. In this paper, we consider security analysis for the Temporal RBAC (TR-BAC), one of the extensions of RBAC. The TRBAC considered in this paper allows temporal restrictions on roles themselves, user-permission assignments (UA), permission-role assignments (PA), as well as role hierarchies (RH). Towards this end, we first propose a suitable administrative model that governs changes to temporal policies. Then we propose our security analysis strategy, that essentially decomposes the temporal security analysis problem into smaller and more manageable RBAC security analysis sub-problems for which the existing RBAC security analysis tools can be employed. We then evaluate them from a practical perspective by evaluating their performance using simulated data sets.
Ayşegül Altın, Utku Koç and all of the friends that I failed to mention here for their friendship... more Ayşegül Altın, Utku Koç and all of the friends that I failed to mention here for their friendship and support during my graduate study. I indebted to my dear friends Muratcan Alkan, Fırat Karataş, Mustafa Ersoy, Alper Kargı for their morale support and keen friendship. Also, I would like to express my gratitude to TÜBİTAK for its financial support throughout my Master's study.