Rupam Patir (University at Buffalo), Qiqing Huang (University at Buffalo), Keyan Guo (University at Buffalo), Wanda Guo (Texas A&M University), Guofei Gu (Texas A&M University), Haipeng Cai (University at Buffalo), Hongxin Hu (University at Buffalo)

The rapid evolution of software systems in 5G networks has heightened the need for robust security measures. Traditional code analysis methods often fail to detect vulnerabilities specific to 5G, particularly vulnerabilities stemming from complex protocol interactions. In this work, we explore the potential of LLM-assisted techniques in vulnerability detection and repair in open-source 5G implementations. We introduce a novel framework leveraging Chain-of-Thought (CoT) prompting in two phases: first, vulnerability detection based on 5G Vulnerability Properties (VPs); second, vulnerability repair guided by 5G Secure Coding Practices (SCPs). We conducted a case study on an open-source 5G User Equipment (UE) implementation that illustrates how our framework leverages vulnerability properties and SCPs to identify and remediate vulnerabilities. Our testing results indicate successful detection and repair, demonstrating the practicality and effectiveness of our approach. While challenges persist, including the identification of 5G-specific security properties and SCPs and the complexity of their integration, this study provides a foundation for advancing automated LLM-assisted solutions to strengthen the security of open-source 5G systems.

View More Papers

mmProcess: Phase-Based Speech Reconstruction from mmWave Radar

Hyeongjun Choi, Young Eun Kwon, Ji Won Yoon (Korea University)

Read More

Rediscovering Method Confusion in Proposed Security Fixes for Bluetooth

Maximilian von Tschirschnitz (Technical University of Munich), Ludwig Peuckert (Technical University of Munich), Moritz Buhl (Technical University of Munich), Jens Grossklags (Technical University of Munich)

Read More

Recurrent Private Set Intersection for Unbalanced Databases with Cuckoo...

Eduardo Chielle (New York University Abu Dhabi), Michail Maniatakos (New York University Abu Dhabi)

Read More

The Philosopher’s Stone: Trojaning Plugins of Large Language Models

Tian Dong (Shanghai Jiao Tong University), Minhui Xue (CSIRO's Data61), Guoxing Chen (Shanghai Jiao Tong University), Rayne Holland (CSIRO's Data61), Yan Meng (Shanghai Jiao Tong University), Shaofeng Li (Southeast University), Zhen Liu (Shanghai Jiao Tong University), Haojin Zhu (Shanghai Jiao Tong University)

Read More