Gespeichert in:
| Hauptverfasser: | , , , , |
|---|---|
| Format: | Preprint |
| Veröffentlicht: |
2026
|
| Schlagworte: | |
| Online-Zugang: | https://arxiv.org/abs/2601.13681 |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| _version_ | 1866912835857022976 |
|---|---|
| author | Klement, Felix Brighente, Alessandro Polese, Michele Conti, Mauro Katzenbeisser, Stefan |
| author_facet | Klement, Felix Brighente, Alessandro Polese, Michele Conti, Mauro Katzenbeisser, Stefan |
| contents | The Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats. With the ever-evolving threat landscape, integrating security practices through a DevSecOps approach is essential for fast and secure releases. Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis. To mitigate these issues, we establish an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases. By mapping real-world vulnerabilities to predefined threat lists with a standardized input format, our approach is the first to enable iterative, quantitative, and efficient assessments, generating reliable threat scores for both individual vulnerabilities and entire system components within O-RAN. We illustrate the effectiveness of our framework through an example implementation for O-RAN, showcasing how continuous security testing can integrate into automated testing pipelines to address the unique security challenges of this paradigm shift in telecommunications. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2601_13681 |
| institution | arXiv |
| publishDate | 2026 |
| record_format | arxiv |
| spellingShingle | ORCA - An Automated Threat Analysis Pipeline for O-RAN Continuous Development Klement, Felix Brighente, Alessandro Polese, Michele Conti, Mauro Katzenbeisser, Stefan Cryptography and Security The Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats. With the ever-evolving threat landscape, integrating security practices through a DevSecOps approach is essential for fast and secure releases. Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis. To mitigate these issues, we establish an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases. By mapping real-world vulnerabilities to predefined threat lists with a standardized input format, our approach is the first to enable iterative, quantitative, and efficient assessments, generating reliable threat scores for both individual vulnerabilities and entire system components within O-RAN. We illustrate the effectiveness of our framework through an example implementation for O-RAN, showcasing how continuous security testing can integrate into automated testing pipelines to address the unique security challenges of this paradigm shift in telecommunications. |
| title | ORCA - An Automated Threat Analysis Pipeline for O-RAN Continuous Development |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2601.13681 |