Analysis of security at the Near-real-time RIC xApps based on O-RAN-defined use cases

The Open Radio Access Network Alliance (O-RAN Alliance) is a group of industry and academic organizations that strive to realize the vision of next-generation cellular networks. Using standardized interfaces, telecommunications operators can operate multi-vendor infrastructure and deliver high-speed services to their mobile users. Additionally, the O-RAN Alliance has standardized an Open Radio Access Network (RAN) architecture based on the Third Generation Partnership Project (3GPP) and other standards. User planes and control planes are currently separate in RAN architecture. The separation makes it easier to accommodate network function virtualization methods required for 5G, enabling it to be more flexible. To help in the management of resources, the O-RAN standard proposes the use of xApps, i.e., dedicated applications that can be customly installed by the network operatior and that can be purchased from different vendors. For this reason, securely managing xApps represents a significant challenge for the security of the overall network.\\ In this thesis, we analyze the security of xApps and their proposed use cases. Based on the applications porposed by the O-RAN alliance, we provide an in depth analysis of the vulnerabilities and their impact on the network. We also discuss different features of attacks, such as reproducibility, stealthiness, exposure, and impact. Based on our analysis, we conclude that significant work is still to be made to guarantee the security of O-RAN and in particular of its xApps. This thesis hence provides a baseline for future research in the domain of security and privacy for next generation communication networks