Defence of doctoral thesis, MSc (Tech) Thanh Bui

Thanh Bui’s doctoral dissertation studies security failures that arise from architectural developments in modern software applications. The research uncovers security flaws in password managers, cryptocurrency wallets, VPN services, and other popular applications.

Software has shifted from the traditional monolithic application and service architectures towards more open and distributed structures. Client-server and web applications always have separate frontend and backend components. Many desktop applications nowadays follow the same architecture, except that both components run on the same computer and connect to each other through inter-process communication. Cloud applications are also experiencing a transformation towards the microservice architecture, in which many loosely-coupled software modules communicate over the network through well-defined APIs. Furthermore, the architectural developments in software have encouraged changes in computer networking, where traditional network paradigms are gradually replaced with software-defined ones for more flexibility and efficiency. Altogether, this means that all software and information services are made of software components that connect to each over virtual and physical networks, sometimes in a surprising way.

The dissertation addresses the security aspects of this shift towards more complex and interconnected systems. The main research method is empirical analysis of security-critical applications and technologies that have a large user base. The results include the discovery of several new categories of security vulnerabilities in the applications, generalization of the principles behind them, analysis of their root causes, and suggestions for potential mitigation techniques. The results have been presented at top security conferences including Usenix Security and DefCon.

Opponent: Professor Robert Lagerström, KTH Royal Institute of Technology, Sweden

Custos: Professor Tuomas Aura, Aalto University School of Science, Department of Computer Science

Contact information of the doctoral candidate: [email protected], 050 465 8007

The defence will be organised via remote technology (Zoom). Link to the defence

Zoom Quick Guide

The doctoral thesis will be publicly displayed 10 days before the defence in the publication archive Aaltodoc of Aalto University.

Electronic doctoral thesis (aaltodoc.aalto.fi)