隨著行動網路架構走向開放化、軟體化以及虛擬化，原先 RAN(Radio Access Network)當中的訊號處理功能高度仰賴硬體設計，但隨著虛擬化技術發展，一部分功能可以透過虛擬化形式運作在非特規伺服器當中，虛擬化的 RAN 架構逐漸成為主流。O-RAN 架構則在這之上更帶來了開放性，透過 O-RAN 聯盟制定的開放介面，能夠使不同網路設備商提供符合 O-RAN 標準的元件來在 RAN 內相互操作，並可藉由運作在 O-RAN 中的智慧控制器( RAN Intelligent Controller, RIC )中的應用程式，即RICAPP 來操作 O-RAN 中的網路功能來使整體 RAN 達到最佳化，而本研究著重於運作在近即時的 RIC 的應用程式—xApp。
對 O-RAN 軟體部署人員來說，裝載第三方開發者所貢獻的 xApp 映像檔具有安全隱憂，像是容器映像來源或者所使用映像是否潛藏後門等，由於現階段 O-RAN 對於 xApp 惡意行為定義的不足以及當前 O-RAN 軟體版本(E Release)尚未穩定，且目前並無對於 xApp 來源映像的安全檢查功能以及行為監控功能，因此本研究提出一個可擴充的 xApp 安全分析平台 xAppSec。 xAppSec 基於 xApp 的進駐與部署流程，並透過用於對映像中檔案系統進行操作的 VeinMind SDK 來開發針對 xApp 映像檔的安全掃描功能，主要功能分別：xApp 映像來源檢查、xApp 後門檢測以及 xApp 歷史命令安全檢查，使用者可根據掃描結果來決定是否安裝該 xApp。針對確定要安裝的 xApp，本平台將透過架設日誌監控軟體-EFK( Elasticsearch, Fluentd, Kibana)等服務來呈現不同 xApp 間的互動行為。本研究實現能夠在 xApp 生命週期當中進行映像安全檢查以及行為監控的平台，並具備可擴充性，以便後續增加平台功能。為了驗證此平台的可行性，本研究透過 OSC(O-RAN Software Community)所提供的 xApp 使用案例-異常偵測(Anomaly Detection)作為驗證情境，本研究結果顯示，xAppSec 可對 xApp 映像進行安全檢測並藉由提取日誌來成功觀察所部署之 xApp 行為。

The Open Radio Access Network (O-RAN) is an architecture that promotes
a virtualized and decoupled RAN, where virtualized components are connected via
open interfaces and optimized by the xApps hosted by the intelligent controllers
(RIC). The xApp runs on top of RIC components, it can operate the network
functions of the RIC for optimizing radio resource control through the libraries
and SDK provided by the RIC. To run a xApp, the xApp developer needs to package
the xApp code into a container image, create the xApp descriptor files, and then
submit the files to the xApp onboard service on Near-RT RIC, to handle the xApp
onboarding and deploying processes. However, for the operator, deploying the
third-party-provided xApp may be risky. The image of xApp may pull from an
untrusted registry or there may be potential backdoors existing in the container
image. Therefore, we propose an extensible security analysis platform for the ORAN xApp xAppSec.
xAppSec is based on the process of xApp onboarding and deployment in ORAN. It is composed of the security scanning function targeting xApp images, such
as image registry check, image backdoor scan, and image history command scan.
Users can decide whether to install the xApp based on the scanning result of
xAppSec. For the installed xApps, our platform captures, processes, and visualizes
the xApp logs through the monitoring software stack- EFK (Elasticsearch, Fluentd,
Kibana). Eventually, to verify the availability of this platform, we set the xApp use
case provided by OSC (O-RAN Software Community) “anomaly detection” as the
verification scenario. The result shows that xAppSec can perform security
scanning on the xApp image and successfully observe the behavior of the deployed
xApp by extracting logs.

[1] “Open, Programmable, and Virtualized 5G Networks: State-of-the-Art and the Road
Ahead | Elsevier Enhanced Reader.”
https://reader.elsevier.com/reader/sd/pii/S1389128620311786?token=EAC75FFC6E
94AFC650A457138B056FE5E582C9B0977DA73B57BC1509964A7895903CCC651182
8196CCF8A0230455284D&originRegion=us-east-1&originCreation=20220531044714
(accessed May 31, 2022).
[2] Faisal, “C-RAN Vs Cloud RAN Vs VRAN Vs O-RAN- A Simple Guide! -,” Apr. 17, 2021.
https://telcocloudbridge.com/blog/c-ran-vs-cloud-ran-vs-vran-vs-o-ran/ (accessed
May 31, 2022).
[3] “O-RAN ALLIANCE e.V.” https://www.o-ran.org/ (accessed May 31, 2022).
[4] A. S. Abdalla, P. S. Upadhyaya, V. K. Shah, and V. Marojevic, “Toward Next Generation
Open Radio Access Network--What O-RAN Can and Cannot Do!” arXiv, Mar. 25, 2022.
Accessed: May 31, 2022. [Online]. Available: http://arxiv.org/abs/2111.13754
[5] “Releases - Releases - Confluence.” https://wiki.o-ran-sc.org/display/REL/Releases
(accessed May 31, 2022).
[6] D. Mimran et al., “Evaluating the Security of Open Radio Access Networks,” arXiv,
arXiv:2201.06080, Jan. 2022. doi: 10.48550/arXiv.2201.06080.
[7] M. Polese, L. Bonati, S. D’Oro, S. Basagni, and T. Melodia, “Understanding O-RAN:
Architecture, Interfaces, Algorithms, Security, and Research Challenges.” arXiv, Feb. 02,
2022. Accessed: May 31, 2022. [Online]. Available: http://arxiv.org/abs/2202.01032
[8] “Introduction and guides - RIC Platform - Confluence.” https://wiki.o-ransc.org/display/RICP/Introduction+and+guides (accessed May 31, 2022).
[9] “Overview - O-RAN Application SDK - Confluence.” https://wiki.o-ransc.org/display/ORANSDK/Overview (accessed May 31, 2022).
[10] “xApp_Writer_s_Guide_v2.pdf.” O-RAN Software Community, Jun. 22, 2021.
Accessed: Mar. 14, 2022. [Online]. Available: https://wiki.o-ransc.org/display/RICP/Introduction+and+guides?preview=/17269011/35881843/xApp
_Writer_s_Guide_v2.pdf
[11] “Anomaly Detection Use Case - RIC Platform - Confluence.” https://wiki.o-ransc.org/display/RICP/Anomaly+Detection+Use+Case (accessed May 28, 2022).
[12] L. Baldesi, F. Restuccia, and T. Melodia, “ChARM: NextG Spectrum Sharing Through
Data-Driven Real-Time O-RAN Dynamic Control.” arXiv, Jan. 17, 2022. Accessed: May 31,
2022. [Online]. Available: http://arxiv.org/abs/2201.06326
[13] R. Smith, C. Freeberg, T. Machacek, and V. Ramaswamy, “An O-RAN Approach to
Spectrum Sharing Between Commercial 5G and Government Satellite Systems,” in
MILCOM 2021 - 2021 IEEE Military Communications Conference (MILCOM), Nov. 2021,
pp. 739–744. doi: 10.1109/MILCOM52596.2021.9653140.
[14] “ETSI TS 138 401 V16.3.0 5G; NG-RAN; Architecture description (3GPP TS
38.401 version 16.3.0 Release 16).” 3GPP. Accessed: May 31, 2022. [Online]. Available:
https://www.etsi.org/deliver/etsi_ts/138400_138499/138401/16.03.00_60/ts_13840
1v160300p.pdf
[15] “O-RAN.WG6.CAD-v02.02 ‘Cloud Architecture and Deployment Scenarios for O-RAN
Virtualized RAN.’” O-RAN Alliance. Accessed: May 31, 2022. [Online]. Available:
https://www.o-ran.org/specifications
[16] “A1 interface: Application protocol 3.01,” O-RAN.WG2.A1APv03.01 Technical
Specification.” O-RAN Alliance. Accessed: Jun. 10, 2022. [Online]. Available:
https://www.o-ran.org/specifications
[17] “3GPP, ‘System architecture for the 5G system (5GS),’ 3rd Generation Partnership
Project (3GPP), Technical Specification (TS) 23.501, 3 2020, version 16.4.0.” Accessed:
Mar. 14, 2022. [Online]. Available: http: //www.3gpp.org/DynaReport/23501.htm
[18] “A1 interface: Type definitions 2.0,” O-RAN.WG2.A1TD-v02.00 Technical
Specification.” 202107. Accessed: Mar. 14, 2022. [Online]. Available: https://www.oran.org/specifications
[19] “O-RAN.WG10.O1-Interface.0-v05.00.” O-RAN Alliance. Accessed: Mar. 14, 2022.
[Online]. Available: https://www.o-ran.org/specifications
[20] “F Release - Releases - Confluence.” https://wiki.o-ransc.org/display/REL/F+Release (accessed May 31, 2022).
[21] “O-RAN.WG1.O-RAN-Architecture-Description-v04.00.” O-RAN Alliance. Accessed:
Jun. 29, 2021. [Online]. Available: https://www.o-ran.org/specifications
[22] “導入 O-RAN 網路系統 工研院開發 5G 小型基地台 -技術探索-工研院資訊與通
訊研究所.”
https://ictjournal.itri.org.tw/content/Messagess/contents.aspx?PView=1&KeyWord=&
SiteID=654246032665636316&MmmID=654304432061644411&SSize=10&MSID=1
071255233364531754 (accessed May 31, 2022).
[23] “ETSI GS NFV 006 V2.1.1 Network Functions Virtualisation (NFV) Release 2;
Management and Orchestration; Architectural Framework Specification.” etsi.org,
20220610. [Online]. Available:
https://www.etsi.org/deliver/etsi_gs/nfv/001_099/006/02.01.01_60/gs_nfv006v0201
01p.pdf
[24] “什麼是 Elasticsearch？– Amazon Web Services.”
https://aws.amazon.com/tw/opensearch-service/the-elk-stack/what-is-elasticsearch/
(accessed May 31, 2022).
[25] “Releases · elastic/elasticsearch,” GitHub.
https://github.com/elastic/elasticsearch/releases (accessed Jul. 12, 2022).
[26] “基本概念 | Mastering Elasticsearch 中文版.”
https://wizardforcel.gitbooks.io/mastering-elasticsearch/content/chapter1/121_README.html (accessed May 31, 2022).
[27] T.-Y. Lin, “Elasticsearch (一) - 基本概念,” Tienyu Note, Aug. 05, 2020.
https://tienyulin.github.io/elasticsearch-concept/ (accessed May 31, 2022).
[28] “Elastic Stack 第十四重 - iT 邦幫忙::一起幫忙解決難題，拯救 IT 人的一天.”
https://ithelp.ithome.com.tw/articles/10246071 (accessed May 31, 2022).
[29] “Kibana 原理和使用的详解（十五）_nandao158 的博客-CSDN 博客_kibana 原理.”
https://blog.csdn.net/nandao158/article/details/109024478 (accessed May 31, 2022).
[30] Li C.-S., “Fluentd 基礎使用方式,” Xeno Universe - The Dark Forest, Dec. 22, 2019.
https://blog.yeshuanova.com/2019/12/fluentd_basic/ (accessed May 31, 2022).
[31] “Fluentd | Open Source Data Collector | Unified Logging Layer.”
https://www.fluentd.org/ (accessed May 31, 2022).
[32] F. Project, “What is Fluentd? | Fluentd.” https://www.fluentd.org/architecture
(accessed May 31, 2022).
[33] “Fluentd vs Logstash: A Comparison of Log Collectors | Logz.io.”
https://logz.io/blog/fluentd-logstash/ (accessed May 31, 2022).
[34] “O-RAN.SFG.Security Testing Specification-v0.1.0.” O-RAN Alliance. Accessed: Jun.
15, 2022. [Online]. Available: https://www.o-ran.org/specifications
[35] A. Dutta and E. Hammad, “5G Security Challenges and Opportunities: A System
Approach,” in 2020 IEEE 3rd 5G World Forum (5GWF), Sep. 2020, pp. 109–114. doi:
10.1109/5GWF49715.2020.9221122.
[36] “O-RAN.SFG.Threat-Model-v02.00.” O-RAN Alliance. Accessed: Mar. 26, 2022.
[Online]. Available: https://www.o-ran.org/specifications
[37] “容器安全开源检测工具--问脉 VeinMind（镜像后门、恶意样本、敏感信息、弱口
令等）,” SegmentFault 思否. https://segmentfault.com/a/1190000041493883
(accessed Jun. 02, 2022).
[38] libVeinMind: 问脉容器安全 SDK. Chaitin Tech, 2022. Accessed: Jun. 02, 2022.
[Online]. Available: https://github.com/chaitin/libveinmind
[39] Fluentd Daemonset for Kubernetes. Fluentd: Unified Logging Layer, 2022. Accessed:
Jun. 02, 2022. [Online]. Available: https://github.com/fluent/fluentd-kubernetesdaemonset
[40] “How To Setup EFK Stack On Kubernetes: Step By Step Guides,” Dec. 09, 2021.
https://devopscube.com/setup-efk-stack-on-kubernetes/ (accessed Jun. 02, 2022).
[41] “A new era for cluster coordination in Elasticsearch | Elastic Blog.”
https://www.elastic.co/blog/a-new-era-for-cluster-coordination-in-elasticsearch
(accessed Jun. 02, 2022).
[42] “Node | Elasticsearch Guide [8.2] | Elastic.”
https://www.elastic.co/guide/en/elasticsearch/reference/current/modulesnode.html#split-brain (accessed Jun. 02, 2022).
[43] “Discovery and cluster formation | Elasticsearch Guide [8.2] | Elastic.”
https://www.elastic.co/guide/en/elasticsearch/reference/current/modulesdiscovery.html (accessed Jun. 02, 2022).
[44] “Advanced configuration | Elasticsearch Guide [8.2] | Elastic.”
https://www.elastic.co/guide/en/elasticsearch/reference/current/advancedconfiguration.html#set-jvm-heap-size (accessed Jun. 02, 2022).
[45] “Virtual memory | Elasticsearch Guide [8.2] | Elastic.”
https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-mapcount.html (accessed Jun. 02, 2022).
[46] “Store | Elasticsearch Guide [8.2] | Elastic.”
https://www.elastic.co/guide/en/elasticsearch/reference/current/index-modulesstore.html#mmapfs (accessed Jun. 02, 2022).
[47] “Linux ulimit 命令 | 菜鸟教程.” https://www.runoob.com/linux/linux-commulimit.html (accessed Jun. 02, 2022).
[48] “DNS for Services and Pods,” Kubernetes.
https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/ (accessed
Jun. 02, 2022).
[49] “Kubernetes best practices: terminating with grace | Google Cloud Blog.”
https://cloud.google.com/blog/products/containers-kubernetes/kubernetes-bestpractices-terminating-with-grace (accessed Jun. 02, 2022).
[50] “ssh backdoor · 安全手册.”
https://_thorns.gitbooks.io/sec/content/sshbackdoor_md.html (accessed Jun. 02,
2022).
[51] “Linux UserSpace Back-Door、SSH/PAM Backdoor/Rootkit、SSH Session Hijacking
技术研究 - 郑瀚 Andrew.Hann - 博客园.”
https://www.cnblogs.com/LittleHann/p/4596223.html#_lab2_2_2 (accessed Jun. 02,
2022).
[52] “Linux 获取文件属性 stat()、fstat()、lstat()函数实例学习_海月汐辰的博客-CSDN
博客_lstat 返回值.” https://blog.csdn.net/qq_37858386/article/details/78702435
(accessed Jun. 02, 2022).
[53] “OCI Distribution Specification v1.0 - Open Container Initiative.”
https://opencontainers.org/posts/announcements/2021-05-04-oci-dist-spec-v1/
(accessed Jun. 02, 2022).
[54] OCI Image Format Specification. Open Container Initiative, 2022. Accessed: Jun. 02,
2022. [Online]. Available: https://github.com/opencontainers/imagespec/blob/7b36cea86235157d78528944cb94c3323ee0905c/manifest.md
[55] “Dockerfile reference,” Docker Documentation, Jun. 01, 2022.
https://docs.docker.com/engine/reference/builder/ (accessed Jun. 02, 2022).
[56] “Shared Memory & Docker.” https://datawookie.dev/blog/2021/11/sharedmemory-docker/ (accessed Jun. 02, 2022).
[57] “NVD - CVE-2019-12779.” https://nvd.nist.gov/vuln/detail/CVE-2019-12779
(accessed Jun. 02, 2022).
[58] “Compromising read-only containers with fileless malware – Sysdig.”
https://sysdig.com/blog/containers-read-only-fileless-malware/ (accessed Jun. 02,
2022).
[59] “List of All Plugins | Fluentd.” https://www.fluentd.org/plugins/all#filter (accessed
Jun. 02, 2022).
[60] Exception detector plugin for ϐluentd¶ ↑. Google Cloud Platform, 2022. Accessed:
Jun. 02, 2022. [Online]. Available: https://github.com/GoogleCloudPlatform/fluentplugin-detect-exceptions
[61] “Parser Plugins.” https://docs.fluentd.org/parser (accessed Jun. 02, 2022).
[62] “elasticsearch.” https://docs.fluentd.org/output/elasticsearch (accessed Jun. 02,
2022).
[63] “Kubernetes 集群的日志 EFK 解决方案_mb5ff40d0fc970b 的技术博客_51CTO 博
客.” https://blog.51cto.com/u_15076236/3368476 (accessed Jun. 02, 2022).
[64] “file.” https://docs.fluentd.org/buffer/file (accessed Jun. 02, 2022).
[65] “Proxmox - Powerful open-source server solutions.”
https://www.proxmox.com/en/ (accessed Jul. 12, 2022).
[66] “Near Realtime RIC Installation - Getting Started - Confluence.” https://wiki.o-ransc.org/display/GS/Near+Realtime+RIC+Installation (accessed May 28, 2022).
[67] “Traffic Steering Use Case xApps - RIC Applications - Confluence.” https://wiki.oransc.org/display/RICA/Traffic+Steering+Use+Case+xApps?preview=/20873287/20873
289/OSC%20AT%26T%20Traffic%20Steering%20xApp%20and%20Namespace%20D
esign%203.26.2020.pptx (accessed May 28, 2022).
[68] “Release criteria checklist - Release E - RIC Platform - Confluence.” https://wiki.oran-sc.org/display/RICP/Release+criteria+checklist+-+Release+E (accessed Jun. 05,
2022).
[69] Ishaan, “What are RSRP, RSSI, RSRQ, SINR When Measuring Signal Strength ?,” Sep.
08, 2021. https://lokalguide.xyz/what-are-rsrp-rssi-rsrq-sinr-when-measuring-signalstrength/ (accessed May 28, 2022).
[70] “OSC F Release PlanV2.pptx.”
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fwiki.o-ransc.org%2Fdownload%2Fattachments%2F44140583%2FOSC%2520F%2520Release%2
520PlanV2.pptx%3Fapi%3Dv2&wdOrigin=BROWSELINK (accessed May 30, 2022)