Rupam Patir (University at Buffalo), Qiqing Huang (University at Buffalo), Keyan Guo (University at Buffalo), Wanda Guo (Texas A&M University), Guofei Gu (Texas A&M University), Haipeng Cai (University at Buffalo), Hongxin Hu (University at Buffalo)

The rapid evolution of software systems in 5G networks has heightened the need for robust security measures. Traditional code analysis methods often fail to detect vulnerabilities specific to 5G, particularly vulnerabilities stemming from complex protocol interactions. In this work, we explore the potential of LLM-assisted techniques in vulnerability detection and repair in open-source 5G implementations. We introduce a novel framework leveraging Chain-of-Thought (CoT) prompting in two phases: first, vulnerability detection based on 5G Vulnerability Properties (VPs); second, vulnerability repair guided by 5G Secure Coding Practices (SCPs). We conducted a case study on an open-source 5G User Equipment (UE) implementation that illustrates how our framework leverages vulnerability properties and SCPs to identify and remediate vulnerabilities. Our testing results indicate successful detection and repair, demonstrating the practicality and effectiveness of our approach. While challenges persist, including the identification of 5G-specific security properties and SCPs and the complexity of their integration, this study provides a foundation for advancing automated LLM-assisted solutions to strengthen the security of open-source 5G systems.

View More Papers

TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption

Martin Unterguggenberger (Graz University of Technology), Lukas Lamster (Graz University of Technology), David Schrammel (Graz University of Technology), Martin Schwarzl (Cloudflare, Inc.), Stefan Mangard (Graz University of Technology)

Read More

Moneta: Ex-Vivo GPU Driver Fuzzing by Recalling In-Vivo Execution...

Joonkyo Jung (Department of Computer Science, Yonsei University), Jisoo Jang (Department of Computer Science, Yonsei University), Yongwan Jo (Department of Computer Science, Yonsei University), Jonas Vinck (DistriNet, KU Leuven), Alexios Voulimeneas (CYS, TU Delft), Stijn Volckaert (DistriNet, KU Leuven), Dokyung Song (Department of Computer Science, Yonsei University)

Read More

Can a Cybersecurity Question Answering Assistant Help Change User...

Lea Duesterwald (Carnegie Mellon University), Ian Yang (Carnegie Mellon University), Norman Sadeh (Carnegie Mellon University)

Read More

The Road to Trust: Building Enclaves within Confidential VMs

Wenhao Wang (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Linke Song (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Benshan Mei (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering, CAS), Shuang Liu (Ant Group), Shijun Zhao (Key Laboratory of Cyberspace Security Defense, Institute of Information Engineering,…

Read More