Towards secure agentic workflows: a MAESTRO-based assessment framework for Model Context Protocol and Agent-to-Agent Protocol: a thesis in Computer Science

Bhuvan Sai Teja Gabbita

doi:10.62791/20494

Back

Thesis

Open access

Towards secure agentic workflows: a MAESTRO-based assessment framework for Model Context Protocol and Agent-to-Agent Protocol: a thesis in Computer Science

Bhuvan Sai Teja Gabbita

Master of Science (MS), University of Massachusetts Dartmouth

2025

DOI:

https://doi.org/10.62791/20494

Abstract

The rapid adoption of agentic AI systems in enterprise environments has introduced unprecedented complexity and novel security risks, particularly as protocols like the Model Context Protocol (MCP) and Agent-to-Agent (A2A) become foundational for tool integration and agent collaboration. Traditional threat modeling frameworks, such as STRIDE and PASTA, fall short in capturing the layered, dynamic, and cross-protocol vulnerabilities unique to these systems. To address this gap, this thesis presents a comprehensive, workflow-centric risk assessment framework that extends the MAESTRO threat modeling methodology with quantitative metrics. By systematically mapping detected vulnerabilities in MCP and A2Aenabled workflows to the seven layers of MAESTRO, the framework introduces two novel metrics: the Workflow Exploitability Index (WEI) and the Risk Propagation Score (RPS). These metrics quantify both the ease of exploitation and the potential for cascading risk across complex agentic workflows. The framework is validated using adapted real-world and synthetic workflows, demonstrating its ability to prioritize high-risk scenarios that traditional tools overlook. This work establishes a foundation for protocol-aware, quantitative security assessment in agentic AI, enabling organizations to proactively identify, prioritize, and mitigate emerging threats.

Files and links (1)

pdf

Gabbita B.S.T. COE MS Thesis 20251.95 MBDownload View

Open Access

Metrics

66 File views/ downloads

119 Record Views

Details

Title: Towards secure agentic workflows: a MAESTRO-based assessment framework for Model Context Protocol and Agent-to-Agent Protocol
Creators: Bhuvan Sai Teja Gabbita
ORCID: 0009-0006-1992-0124
Contributors: Long Jiao (Advisor) - University of Massachusetts Dartmouth, Department of Computer and Information Science
Yuchou Chang (Committee Member) - University of Massachusetts Dartmouth, Department of Computer and Information Science
Joshua Robert Carberry (Committee Member) - University of Massachusetts Dartmouth, Department of Computer and Information Science
Number of pages: ix, 70 pages
Illustrations: illustrations (chiefly color)
Table of contents: List of Figures -- List of Tables -- Chapter 1. Introduction -- Research motivation -- Problem statement -- Thesis outline -- Chapter 2. Background and related work -- Large language models -- AI agents -- Agentic workflows and multi-agent collaboration -- Multi-agent development frameworks -- Emerging AI protocols -- Security landscape and threat models -- MAESTRO threat modeling framework -- Chapter 3. Proposed framework -- Framework overview -- Workflow representation and modeling -- Quantitative risk metrics -- Chapter 4. Implementation -- YAML parser and workflow analyzer -- Vulnerability identification -- Risk calculation engine -- Chapter 5. Results and analysis -- Framework validation results -- Quantitative metrics performance -- Comparison with existing frameworks -- Chapter 6. Discussion and future work -- Research contributions and implications -- Limitations and future research directions.
References: Includes bibliographical references (pages [67]-70).
Awarding Institution: University of Massachusetts Dartmouth
Degree Awarded: Master of Science (MS)
Academic Unit: Department of Computer and Information Science
Language: English
Degree in: Computer Science
Resource Type: Thesis
DOI: https://doi.org/10.62791/20494
Record Identifier: 9914504162301301