Emrah Tomur scite author profile

Emrah Tomur

5Publications

55Citation Statements Received

79Citation Statements Given

How they've been cited

118

How they cite others

Affiliations

Ericsson (Sweden), Middle East Technical University, Izmir Institute of Technology

Publications

Order By: Most citations

Vulnerability Prediction From Source Code Using Machine Learning

Bilgin¹,

Ersoy²,

Soykan³

et al. 2020

IEEE Access

View full text Add to dashboard Cite

As the role of information and communication technologies gradually increases in our lives, software security becomes a major issue to provide protection against malicious attempts and to avoid ending up with noncompensable damages to the system. With the advent of data-driven techniques, there is now a growing interest in how to leverage machine learning (ML) as a software assurance method to build trustworthy software systems. In this study, we examine how to predict software vulnerabilities from source code by employing ML prior to their release. To this end, we develop a source code representation method that enables us to perform intelligent analysis on the Abstract Syntax Tree (AST) form of source code and then investigate whether ML can distinguish vulnerable and nonvulnerable code fragments. To make a comprehensive performance evaluation, we use a public dataset that contains a large amount of function-level real source code parts mined from open-source projects and carefully labeled according to the type of vulnerability if they have any. We show the effectiveness of our proposed method for vulnerability prediction from source code by carrying out exhaustive and realistic experiments under different regimes in comparison with state-of-art methods.

show abstract

Differentially Private Deep Learning for Load Forecasting on Smart Grid

Soykan

Bilgin

Ersoy

et al. 2019

View full text Add to dashboard Cite

Context-Aware Operation-Based Access Control for Internet of Things Applications

Genç

Tomur

Erten

2019

View full text Add to dashboard Cite

Recently, interest of both the academic and industrial world in Internet of Things (IoT) has been increasing and this trend requires development of new security approaches addressing potential weaknesses in this domain. Despite the presence of many studies directed towards security of IoT applications, they are mostly adoption of current methods to IoT scenarios. Yet, IoT applications are comprised of various kinds of different entities including computers, processes, people and services. Therefore, it is inadequate to detect malicious attempts by using conventional security methods, which apply fixed security policies and do not take interaction of things, that is context information, into account. In this study, by considering new security requirements of next generation IoT applications, we propose a fine-grained, dynamic and easily manageable access control model, which is called context-aware operation-based access control.

show abstract

CA‐ARBAC: privacy preserving using context‐aware role‐based access control on Android permission system

Abdella

Özuysal

Tomur

2016

Security Comm Networks

View full text Add to dashboard Cite

Existing mobile platforms are based on manual way of granting and revoking permissions to applications. Once the user grants a given permission to an application, the application can use it without limit, unless the user manually revokes the permission. This has become the reason for many privacy problems because of the fact that a permission that is harmless at some occasion may be very dangerous at another condition. One of the promising solutions for this problem is context-aware access control at permission level that allows dynamic granting and denying of permissions based on some predefined context. However, dealing with policy configuration at permission level becomes very complex for the user as the number of policies to configure will become very large. For instance, if there are A applications, P permissions, and C contexts, the user may have to deal with A P C number of policy configurations. Therefore, we propose a context-aware role-based access control model that can provide dynamic permission granting and revoking while keeping the number of policies as small as possible. Although our model can be used for all mobile platforms, we use Android platform to demonstrate our system. In our model, Android applications are assigned roles where roles contain a set of permissions and contexts are associated with permissions. Permissions are activated and deactivated for the containing role based on the associated contexts. Our approach is unique in that our system associates contexts with permissions as opposed to existing similar works that associate contexts with roles. As a proof of concept, we have developed a prototype application called context-aware Android role-based access control. We have also performed various tests using our application, and the result shows that our model is working as desired.

show abstract

A practical NFC relay attack on mobile devices using card emulation mode

Cavdar

Tomur

2015

View full text Add to dashboard Cite

-In this study, a practical card-emulated relay attack is implemented on Near Field Communication (NFC) equipped mobile devices. NFC is a promising communication technology which is also used in smart mobile devices. As an effective and flexible communication technology, NFC is frequently used in innovative solutions nowadays such as payments, access control etc. Because of the nature of these transactions, security is a critical issue that should be considered in system design and development phases. Although inherited from Radio Frequency Identification (RFID) technology, NFC security needs, requirements and solutions differ in terms of its usage areas and solutions. Based on these parameters, security precautions in communication layer of RFID technology do not prevent relay attacks occurred in the application layer NFC solutions. This study is conducted to prove relay attack practicability with using only mobile phones for relaying credentials instead of RFID based smart cards in an access control application. The Host Card Emulation (HCE) mode also eases relay attacks in NFC communication. The study explains the conceptual description of proposed relay attack, development and operating logic of mobile applications working based on card emulation mode and server software and also data communication basics between modules and web services descriptions.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Emrah Tomur

Vulnerability Prediction From Source Code Using Machine Learning

Differentially Private Deep Learning for Load Forecasting on Smart Grid

Context-Aware Operation-Based Access Control for Internet of Things Applications

CA‐ARBAC: privacy preserving using context‐aware role‐based access control on Android permission system

A practical NFC relay attack on mobile devices using card emulation mode

Contact Info

Product

Resources

About