TY - GEN
T1 - ORANalyst
T2 - 33rd USENIX Security Symposium, USENIX Security 2024
AU - Yang, Tianchang
AU - Rashid, Syed Md Mukit
AU - Ranjbar, Ali
AU - Tan, Gang
AU - Hussain, Syed Rafiul
N1 - Publisher Copyright:
© USENIX Security Symposium 2024.All rights reserved.
PY - 2024
Y1 - 2024
N2 - We develop ORANalyst, the first systematic testing framework tailored for analyzing the robustness and operational integrity of Open RAN (O-RAN) implementations. O-RAN systems are composed of numerous microservice-based components. ORANalyst initially gains insights into these complex component dependencies by combining efficient static analysis with dynamic tracing. Applying these insights, ORANalyst crafts test inputs that effectively navigate these dependencies and thoroughly test each target component. We evaluate ORANalyst on two O-RAN implementations, ORAN-SC and SD-RAN, and identify 19 previously undiscovered vulnerabilities. If exploited, these vulnerabilities could lead to various denial-of-service attacks, resulting from component crashes and disruptions in communication channels.
AB - We develop ORANalyst, the first systematic testing framework tailored for analyzing the robustness and operational integrity of Open RAN (O-RAN) implementations. O-RAN systems are composed of numerous microservice-based components. ORANalyst initially gains insights into these complex component dependencies by combining efficient static analysis with dynamic tracing. Applying these insights, ORANalyst crafts test inputs that effectively navigate these dependencies and thoroughly test each target component. We evaluate ORANalyst on two O-RAN implementations, ORAN-SC and SD-RAN, and identify 19 previously undiscovered vulnerabilities. If exploited, these vulnerabilities could lead to various denial-of-service attacks, resulting from component crashes and disruptions in communication channels.
UR - http://www.scopus.com/inward/record.url?scp=85204948489&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85204948489&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:85204948489
T3 - Proceedings of the 33rd USENIX Security Symposium
SP - 1921
EP - 1938
BT - Proceedings of the 33rd USENIX Security Symposium
PB - USENIX Association
Y2 - 14 August 2024 through 16 August 2024
ER -