Department of Computer Science: MSc Thesis Presentations

Threat modeling in DevSecOps based development of a cloud native SaaS system

Student: Henrik Turtinen
Supervisor: Lachlan Gunn
Advisor: Mikko Kotola

Modern software engineering practices and technologies have accelerated delivery to the point where teams routinely deploy multiple times per day. This iterative high-velocity model conflicts with traditional threat modeling practices, which align better with linear and slower development cycles. Conventional threat modeling requires security knowledge, consumes substantial resources, and generates a lot of documentation that, while valuable, can quickly become obsolete in fast moving development environments.  

To solve this problem, a prototype process was developed that combines threat modeling as a code (TMAC), agentic AI, and the model context protocol. The aim was to make threat modeling more accessible and better aligned with modern DevSecOps workflows. In this process, the agentic AI autonomously gathers relevant system information, drafts and iterates TMAC syntax, and invokes the TMAC tool to generate diagrams and a report. In addition, the AI supplements the TMAC tool identified threats with findings derived from its own contextual reasoning. This design reduces the reliance on security experts and minimizes friction with rapid development practices.

The prototype process was evaluated using two scenarios: one in which the AI had access to only the architectural plans of the application, and another in which it had access to the application's source code. The evaluation showed that access to source code produced noticeably better results. Each scenario was executed twice to assess reproducibility, revealing significant variation between runs. Despite the variability, the identified threats and produced diagrams remained relevant and useful.

Preshuf: Pre-Shuffling Binaries in Secure Hardware

Student: Armand Balint
Supervisor: Lachlan Gunn
Advisor: Arto Niemi

Fine-grained randomization of code is an effective countermeasure to code-reuse attacks, but its practical deployment is hindered by the high performance overhead of the randomization itself. This thesis presents Preshuf, an architecture that is trying to mitigate this performance-security trade-off by separating the computationally costly randomization from the startup sequence of the application. Preshuf implements an asynchronous model where a background daemon makes use of a hardware-isolated Trusted Execution Environment on ARM64 to continuously pre-shuffle binaries at a function-granular level and encrypt them using AEAD cryptography. At runtime, a lightweight preloader only manages a fast and secure decryption before executing the program, therefore making the shift of overhead from the permutation logic to a much more lightweight set of cryptographic operations. The system was implemented and evaluated on both emulated and physical platforms, through QEMU and a Raspberry Pi 3. The results demonstrate that this approach introduces a minimal load-time latency that can be less than a fourth of the required overhead for the randomization itself for larger binaries on representative hardware. Additionally, the ongoing re-randomization produces a ``refreshing defense'' that makes leaked runtime information ephemeral, thereby forcing the attacker into Just-In-Time exploit development within a set time window. The work shows that the asynchronous pre-shuffling model does make high-entropy moving target defenses more practical without the need of compromising security for performance.