OZTrust: An O-RAN Zero-Trust Security System

The Open Radio Access Network (O-RAN) has gained significant attention as a future RAN framework. However, its architectural characteristics introduce unprecedented security challenges from expanded attack surface and increased risk for proprietary data theft and RAN control manipulation. Despite extensive security analysis from industry, concrete security solutions for the evolving O-RAN framework are still lacking in the literature. In this paper, we propose OZTrust, a Zero-Trust security system tailored for the O-RAN environment. OZTrust comprises two components: access control module and policy management module. The former performs per-packet tagging and verification for each xApp as dictated by its access control policy, while the latter automatically derives necessary access control policies by discovering xApp's communication patterns through distributed tracing. Our prototype-based evaluation demonstrates that OZTrust provides more fine-grained access control for xApps than existing Container Network Interfaces (CNIs) and outperforms its predecessor.