ORCA -- An Automated Threat Analysis Pipeline for O-RAN Continuous Development
Felix Klement, Alessandro Brighente, Michele Polese, Mauro Conti, Stefan Katzenbeisser
TL;DR
ORCA addresses the growing security challenge of open, software-driven O-RAN by delivering an automated threat-analysis pipeline that maps vulnerability descriptions to standardized threat patterns and produces quantitative scores for threats and components. It combines NLP-based threat enrichment with MITRE ATT&CK and CAPEC mappings, using SBERT embeddings and cosine similarity to enable iterative, reproducible assessments within CI/CD workflows. The framework is instantiated as ORCA — Open-RAN Continuous Security Analysis — and demonstrated with a telecom-focused threat model, leveraging FiGHT data and 5G addenda to improve relevance. Results show stable scoring across parameter settings, evidence-based threat prioritization via heatmaps, and a clear path toward integrating automated security testing into live O-RAN deployments.
Abstract
The Open-Radio Access Network (O-RAN) integrates numerous software components in a cloud-like deployment, opening the radio access network to previously unconsidered security threats. With the ever-evolving threat landscape, integrating security practices through a DevSecOps approach is essential for fast and secure releases. Current vulnerability assessment practices often rely on manual, labor-intensive, and subjective investigations, leading to inconsistencies in the threat analysis. To mitigate these issues, we establish an automated pipeline that leverages Natural Language Processing (NLP) to minimize human intervention and associated biases. By mapping real-world vulnerabilities to predefined threat lists with a standardized input format, our approach is the first to enable iterative, quantitative, and efficient assessments, generating reliable threat scores for both individual vulnerabilities and entire system components within O-RAN. We illustrate the effectiveness of our framework through an example implementation for O-RAN, showcasing how continuous security testing can integrate into automated testing pipelines to address the unique security challenges of this paradigm shift in telecommunications.
