Automated Generation of 5G Fine-Grained Threat Models: A Systematic Approach

Fifth-generation technology standard for broadband cellular networks, 5G, delivers a significant increase in data speeds and capacity, as well as new capabilities such as higher energy efficiency, lower latency, and the ability to connect a large number of devices. These advances come with a new set of security challenges, as 5G networks will be more complex and integrated with critical infrastructure than previous generations. In order to correctly address such challenges there is the need for fine-grained threat models, that collect a set of well-detailed threats, each of them clearly addressing a system component, taking into account how components are connected and interact with each other, the specific technology and/or the protocols are involved. A fine-grained threat model can be used to support the definition of a penetration testing plan or to identify and verify the effectiveness of technical countermeasures. This paper extends an existing automated threat modelling methodology focusing on 5G architecture and defines a process to build in a systematic way the catalogue of threats on which the technique relies. In order to obtain such results, we extended our modelling technique, in order to model 5G architectures, defined a process to extend our methodology to address additional domains and applied the approach to a concrete case study, applying our technique to a common 5G open-source architecture proposed by our industrial partner. The main contribution of this paper can be summarized as follows: 1) technique to systematically produce an extension of our modelling technique and a threat catalogue for a specific Domain; 2) 5G systems threat catalogue; 3) 5G systems graph-based modelling technique. As an additional result, we validated our approach, applying our technique in a real context and involving industrial experts for the evaluation of the generated fine-grained threat model.