Smart Fuzzing of 5G Wireless Software Implementation

Huan Wu,Brian Fang,Fei Xie
2023-09-23
Abstract:In this paper, we introduce a comprehensive approach to bolstering the security, reliability, and comprehensibility of OpenAirInterface5G (OAI5G), an open-source software framework for the exploration, development, and testing of 5G wireless communication systems. Firstly, we employ AFL++, a powerful fuzzing tool, to fuzzy-test OAI5G with respect to its configuration files rigorously. This extensive testing process helps identify errors, defects, and security vulnerabilities that may evade conventional testing methods. Secondly, we harness the capabilities of Large Language Models such as Google Bard to automatically decipher and document the meanings of parameters within the OAI5G codebase that are used in fuzzing. This automated parameter interpretation streamlines subsequent analyses and facilitates more informed decision-making. Together, these two techniques contribute to fortifying the OAI5G system, making it more robust, secure, and understandable for developers and analysts alike.
Software Engineering
What problem does this paper attempt to address?
The problem this paper attempts to address is improving the security, reliability, and comprehensibility of the OpenAirInterface5G (OAI5G) system. OAI5G is an open-source software framework used for exploring, developing, and testing 5G wireless communication systems. As the complexity of the system increases, potential security vulnerabilities and defects also increase, which may affect the system's reliability, stability, and security. Therefore, effective testing methods are needed to proactively detect and correct these issues. Specifically, the paper proposes the following two core technologies to address these issues: 1. **Using AFL++ for Fuzz Testing**: - By using AFL++, a powerful fuzz testing tool, to rigorously fuzz test the configuration files of OAI5G. This method can help identify errors, defects, and security vulnerabilities that traditional testing methods might miss. - Fuzz testing can reveal security issues such as buffer overflows and memory leaks, and explore a wide range of input scenarios, including edge cases and unconventional configurations, thereby exposing potential issues under specific conditions. - AFL++ ensures comprehensive coverage of various possible scenarios and configurations by generating a large number of configuration inputs, enhancing the overall robustness of the OAI5G system. 2. **Using Large Language Models to Automatically Interpret Parameters**: - Utilizing large language models (LLMs) like Google Bard to automatically parse and document the meanings of parameters used in the OAI5G codebase. These parameters may be difficult to fully understand within the 5G network framework. - Through natural language understanding and advanced language capabilities, LLMs can interpret complex parameter meanings, improving the accessibility and understanding for OAI5G developers and researchers. - This automated parameter interpretation method simplifies the subsequent analysis process, enabling developers to make more informed decisions, discover optimization opportunities, and enhance the overall efficiency and reliability of the system. In summary, by combining fuzz testing and automated parameter interpretation technologies, the paper aims to enhance the security, reliability, and comprehensibility of the OAI5G system, making it more robust, secure, and user-friendly.