In [1]:
import pandas as pd

In [2]:
threats_file = "../data/threats.csv"
risks_file = "../data/risks.csv"

threats_df = pd.read_csv(threats_file)
risks_df = (
    pd.read_csv(risks_file)
    # spec typos
    .replace({"T-ORAN-10": "T-O-RAN-10"})
    # drop Threat ID == 'T-TS-01'
    .query("`Risk ID` != 'T-TS-01'")
    .assign(Confidentiality=lambda x: x["CIA"].str.contains("C"))
    .assign(Integrity=lambda x: x["CIA"].str.contains("I"))
    .assign(Availability=lambda x: x["CIA"].str.contains("A"))
)

In [3]:
# Merge risks and threats dataframes on
# risks_df: Threat Key
# threats_df: Threat ID

df = pd.merge(
    risks_df, threats_df, left_on="Threat Key", right_on="Threat ID", how="left"
)

# Find the rows where the Threat Key is not found in the Threat ID
not_found = df[df["Threat ID"].isnull()]
not_found

# Drop unnecessary columns
df = df.drop(columns=["Threat ID", "Threat Key"], axis=1)

df

Unnamed: 0,Risk ID,Risk Description,Impact Description,CIA,Severity Level,Likelihood Level,Applied factors,Rationale,Considered Assumptions,Risk Score,Confidentiality,Integrity,Availability,Threat title,Threat agent,Vulnerability,Threatened Asset,Affected Components,Threat Type
0,T-O-RAN-01(NEAR RT RIC),An attacker exploits insecure designs or lack ...,Unauthenticated/unauthorized access of the O_R...,"C, I, A",High,High,"• Exposure (High): A1, O1, E2, xApps, rApps\n ...",O-Cloud security hardening requirements have n...,,High,True,True,True,An attacker exploits insecure designs or lack ...,All,· Outdated component from the lack of update o...,All,All,O-RAN specific
1,T-O-RAN-01 (Non RT RIC + SMO),An attacker exploits insecure designs or lack ...,Unauthenticated/unauthorized access of the O_R...,"C, I, A",High,High,"• Exposure (High): A1, O1, O2, rApps\n • Adver...",O-Cloud security hardening requirements have n...,,High,True,True,True,An attacker exploits insecure designs or lack ...,All,· Outdated component from the lack of update o...,All,All,O-RAN specific
2,T-O-RAN-01 (O-CU),An attacker exploits insecure designs or lack ...,Unauthenticated/unauthorized access of the O_R...,"C, I, A",High,High,"• Exposure (High): O1, E2, administration inte...",O-Cloud security hardening requirements have n...,,High,True,True,True,An attacker exploits insecure designs or lack ...,All,· Outdated component from the lack of update o...,All,All,O-RAN specific
3,T-O-RAN-01 (O-DU),An attacker exploits insecure designs or lack ...,Unauthenticated/unauthorized access of the O_R...,"C, I, A",High,High,"• Exposure (High): E2, O1, FH\n • Adverse impa...",O-Cloud security hardening requirements have n...,,High,True,True,True,An attacker exploits insecure designs or lack ...,All,· Outdated component from the lack of update o...,All,All,O-RAN specific
4,T-O-RAN-01 (O-RU),An attacker exploits insecure designs or lack ...,Unauthenticated/unauthorized access of the O_R...,"C, I, A",High,High,"• Exposure (High): FH, O1, physical\n • Advers...",O-Cloud security hardening requirements have n...,,High,True,True,True,An attacker exploits insecure designs or lack ...,All,· Outdated component from the lack of update o...,All,All,O-RAN specific
...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...,...
161,T-AIML-TL-04,A successful attack could:\n -infect the model...,"Tampering, Confidentiality",CI,High,Low,• Impact on confidentiality and integrity (Hig...,needs high sophistication to execute,,Medium,True,True,False,Backdoor for Tranfer Learning,All,Vulnerabilities in ML model transfer,"ASSET-D-10, ASSET-D-25, ASSET-D-26, ASSET-C-02...",Database holding data from xApp applications a...,General
162,T-AIML-EL-01,A successful attack could:\n - deduce the stru...,Confidentiality,C,High,Low,• Impact on confidentiality (High)\n • Threat ...,needs high sophistication to execute,,Medium,True,False,False,Model Extraction,All,Vulnerabilities in data sources,"ASSET-D-10, ASSET-D-26, ASSET-C-02, ASSET-C-11...",Database holding data from xApp applications a...,General
163,T-AIML-EL-02,A successful attack could:\n - make inferences...,Confidentiality,C,High,Low,• Impact on confidentiality (High)\n • Threat ...,needs high sophistication to execute,,Medium,True,False,False,Data Inference,All,Vulnerabilities in data sources,"ASSET-D-10, ASSET-C-02, ASSET-C-11, ASSET-C-29...",Database holding data from xApp applications a...,General
164,T-AIML-EL-03,A successful attack could:\n - maximize energy...,Denial of Service,A,High,Low,• Impact on availability (High)\n • Threat eve...,needs high sophistication to execute,,Medium,False,False,True,Denial of Service via Side Channels,All,Vulnerabilities in data sources,"ASSET-D-10, ASSET-D-26, ASSET-C-02, ASSET-C-11...",Database holding data from xApp applications a...,General


In [5]:
for i in df["Affected Components"]:
    print(i)

All
All
All
All
All
All
All
O-RU, airlink with UE, O-DU
rApps, xApps, O-RU, O-DU, O-CU, Near-RT RIC, Non-RT RIC
All
All
All
All
All
rApps, xApps, O-RU, O-DU, O-CU, Near-RT RIC, Non-RT RIC
rApps, xApps, O-RU, O-DU, O-CU, Near-RT RIC, Non-RT RIC
rApps, xApps, O-RU, O-DU, O-CU, Near-RT RIC, Non-RT RIC
rApps, xApps, O-RU, O-DU, O-CU, Near-RT RIC, Non-RT RIC
Near-RT RIC, Non-RT RIC, O-CU, O-DU, SMO
Near-RT RIC, Non-RT RIC, O-CU, O-DU, SMO
Near-RT RIC, Non-RT RIC, O-CU, O-DU, SMO
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-DU, O-RU
O-RU
O-RU
Near-RT RIC, xApps, E2 Functions, Y1 Functions
Near-RT RIC, UE, xApps
Near-RT RIC, UE, xApps
Near-RT RIC, UE, xApps
Near-RT RIC, UE, xApps
Near-RT RIC, UE, xApps
Near-RT RIC, UE, xApps
Near-RT RIC, xApps
Non-RT RIC, rApps
Non-RT RIC, rApps, UE
Non-RT RIC
O-CU, Near-RT RIC, xApps
O-CU, Near-RT RIC, xApps
O-CU, Near-RT RIC, xApps
O-CU, Near-RT RI