Security analysis of an operations support system

Thumbnail Image

Files

master_Bhorkar_Gaurav_2017.pdf (1.44 MB)

URL

Journal Title

Journal ISSN

Volume Title

Perustieteiden korkeakoulu | Master's thesis
Unless otherwise stated, all rights belong to the author. You may download, display and print this publication for Your own personal use. Commercial use is prohibited.

Authors

Date

2017-12-11

Department

Major/Subject

Mobile Computing, Services and Security

Mcode

SCI3045

Degree programme

Master’s Programme in Computer, Communication and Information Sciences

Language

en

Pages

81

Series

Abstract

Operations support systems (OSS) are used by Communications service providers (CSP) to configure and monitor their network infrastructure in order to fulfill, assure and bill services. With the industry moving towards cloud-based deployments, CSPs are apprehensive about their internal OSS applications being deployed on external infrastructure. Today's OSS systems are complex and have a large attack surface. Moreover, a literature review of OSS systems security does not reveal much information about the security analysis of OSS systems. Hence, a security analysis of OSS systems is needed. In this thesis, we study a common architecture of an OSS system for provisioning and activation (P&A) of telecommunications networks. We create a threat model of the P&A system. We create data flow diagrams to analyse the entry and exit points of the application and list different threats using the STRIDE methodology. We also describe various vulnerabilities based on the common architecture that OSS vendors must address. We describe mitigation for the threats and vulnerabilities found and mention dos and don'ts for OSS developers and deployment personnel. We also present the results of a survey we conducted to find out the current perception of security in the OSS industry. Finally, we conclude by stressing the importance of a layered security approach and recommend that the threat model and mitigation must be validated periodically. We also observe that it is challenging to create a common threat model for OSS systems because of the lack of an open architecture and the closed nature of OSS software.

Description

Supervisor

Aura, Tuomas

Thesis advisor

Laamanen, Henri

Keywords

security analysis, OSS, provisioning, BSS, telco

Other note

Citation

Permanent link to this item

https://urn.fi/URN:NBN:fi:aalto-201712188050

Collections

[dipl] Perustieteiden korkeakoulu / SCI