Security Analysis of Open Source GIS Server Components in Telecommunications Applications

Goran Stamenović1, Muzafer Saračević2, Faruk Selimović1 , Azra Ćatović 2
Belgrade Metropolitan University, Serbia
University of Novi Pazar, Serbia
goran.stamenovic@metropolitan.ac.rs
muzafer.saracevic@uninp.edu.rs
faruk.selimovic@metropolitan.ac.rs
a.catovic@uninp.edu.rs
DOI: 10.46793/BISEC25.201S

 
ABSTRACT: Telecommunications have become essential to our daily lives because ongoing technological progress has enabled innovative ways to communicate, access information and connect. The rapid advancement of telecommunications requires innovative methods for addressing challenges in network design and optimization. Geographic Information Systems (GIS) play a crucial role in telecommunication network planning and management by linking technological capabilities with their geographical contexts. Open-source geographic information systems offer organizations a budget friendly and adaptable solution to proprietary systems, fostering both innovative development and community driven software advancements. The open-source nature of GIS software creates significant security risks because it exposes critical telecommunications information to potential threats. This study examines how open-source Geographic Information Systems can improve the operational efficiency of telecommunications systems while addressing key aspects of data confidentiality and security. Within the context of telecommunication applications, this study conducts a methodical analysis of the security mechanisms present in open-source GIS server components, including GeoServer, MapGuide Open Source, Mapnik, MapServer and OpenLayers.

KEYWORDS: Security, Geographic Information Systems (GIS), Open-source GIS software, Telecommunications.

REFERENCES:

  1. Goodchild, M. F., Citizens as sensors: The world of volunteered geography, GeoJournal, 69 (4), 211–221. https://doi.org/10.1007/s10708-007-9111-y, (2007).
  2. Spinellis, D., & Giannikas, V., Organizational adoption of open source software. Journal of Systems and Software, 85(3), 666–682. https://doi.org/10.1016/j.jss.2011.09.037,(2012).
  3. Sandhya, M. C, Exploring Opportunities with Open Source GIS, International Journal of Engineering Research and, vol. V9, no. 05. ESRSA Publications Pvt. Ltd., doi: 10.17577/ijertv9is050545, (2020).
  4. Buczak, A. L., & Guven, E., A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), 1153–1176. https://doi.org/10.1109/COMST.2015.2494502, (2016).
  5. GeoServer. GeoServer 2.27.1 release notes. https://geoserver.org/release/2.27.1, (2025).
  6. Turton, I., Security in GeoServer: An overview. GeoServer Blog. https://geoserver.org/blog/security-overview/, (2023).
  7. National Institute of Standards and Technology (NIST), CVE-2023-XXXXX: GeoServer XXE vulnerability. National Vulnerability Database. https://nvd.nist.gov/, (2024).
  8. MapServer, MapServer 8.4.0 documentation. https://mapserver.org/, (2025).
  9. SecuriTeam, MapGuide OS vulnerability assessment report.  https://www.securiteam.com/, (2021).
  10. OWASP, Web application security risks and countermeasures. Open Web Application Security Project. https://owasp.org/, (2022).
  11. Mapnik, Mapnik 4.1.0 documentation. https://mapnik.org/2025).
  12. OpenLayers., OpenLayers 10.5.0 documentation. https://openlayers.org/, (2025).
  13. Hernández, F. et al., Geodata Breaches in Critical Infrastructure: Analysis of 2018–2020 Incidents. IEEE Transactions on Geoscience and Remote Sensing, 59(5), 4120–4131,(2021).
  14. Montesino, R., Fenz, S., & Baluja García, W., SIEM‑based framework for security controls automation. Information & Computer Security, 28(3), 320–341. doi 10.1108/IMCS‑08‑2020‑0087, (2020).
  15. Steiniger, S., & Bocher, E., An overview on current free and open source desktop GIS developments. International Journal of Geographical Information Science, 23(10), 1345–1370. https://doi.org/10.1080/13658810802634956, (2009).
  16. Gustavsson, T., Managing the Open Source Dependency, Computer, vol. 53, no. 2. Institute of Electrical and Electronics Engineers (IEEE), pp. 83–87, doi: 10.1109/mc.2019.2955869, (2020).
  17. Tankard, C., Advanced persistent threats and how to monitor and deter them. Network Security, 2011(8), 16–19. https://doi.org/10.1016/S1353-4858(11)70086-1, (2011).
  18. Stamenović, G., Saračević, M., Jukić, S., Kamberović, H., Implementation of Security Mechanisms in Open Source GIS Software in Telecommunications, The paper has been accepted for publication in Computer Science journal: http://journals.agh.edu.pl/csci, ISSN: 1508-2806; e-ISSN: 2300-7036, (2025).

IZVOR: Proceedings of the 16th International Conference on Business Information Security BISEC’2025