SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Alessandro Palma; Nikolaos Papadakis; Georgios Bouloukakis; Joaquin Garcia-Alfaro; Mattia Sospetti; Kostas Magoutis

doi:10.1145/3672608.3707797

SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Alessandro Palma
, Nikolaos Papadakis
, Georgios Bouloukakis
, Joaquin Garcia-Alfaro
, Mattia Sospetti
, Kostas Magoutis

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

Original language	English
Title of host publication	40th Annual ACM Symposium on Applied Computing, SAC 2025
Publisher	Association for Computing Machinery
Pages	480-489
Number of pages	10
ISBN (Electronic)	9798400706295
DOIs	https://doi.org/10.1145/3672608.3707797
Publication status	Published - 14 May 2025
Event	40th Annual ACM Symposium on Applied Computing, SAC 2025 - Catania, Italy Duration: 31 Mar 2025 → 4 Apr 2025

Publication series

Name	Proceedings of the ACM Symposium on Applied Computing

Conference

Conference	40th Annual ACM Symposium on Applied Computing, SAC 2025
Country/Territory	Italy
City	Catania
Period	31/03/25 → 4/04/25

Keywords

attack graph
federated data spaces
security by design
trust management

Access to Document

10.1145/3672608.3707797

Cite this

Palma, A., Papadakis, N., Bouloukakis, G., Garcia-Alfaro, J., Sospetti, M., & Magoutis, K. (2025). SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs. In 40th Annual ACM Symposium on Applied Computing, SAC 2025 (pp. 480-489). (Proceedings of the ACM Symposium on Applied Computing). Association for Computing Machinery. https://doi.org/10.1145/3672608.3707797

@inproceedings{04bf6badd8ae4fa99884ac09e0d33e02,

title = "SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs",

abstract = "Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.",

keywords = "attack graph, federated data spaces, security by design, trust management",

author = "Alessandro Palma and Nikolaos Papadakis and Georgios Bouloukakis and Joaquin Garcia-Alfaro and Mattia Sospetti and Kostas Magoutis",

note = "Publisher Copyright: Copyright {\textcopyright} 2025 held by the owner/author(s).; 40th Annual ACM Symposium on Applied Computing, SAC 2025 ; Conference date: 31-03-2025 Through 04-04-2025",

year = "2025",

month = may,

day = "14",

doi = "10.1145/3672608.3707797",

language = "English",

series = "Proceedings of the ACM Symposium on Applied Computing",

publisher = "Association for Computing Machinery",

pages = "480--489",

booktitle = "40th Annual ACM Symposium on Applied Computing, SAC 2025",

}

Palma, A, Papadakis, N, Bouloukakis, G, Garcia-Alfaro, J, Sospetti, M & Magoutis, K 2025, SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs. in 40th Annual ACM Symposium on Applied Computing, SAC 2025. Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery, pp. 480-489, 40th Annual ACM Symposium on Applied Computing, SAC 2025, Catania, Italy, 31/03/25. https://doi.org/10.1145/3672608.3707797

SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs. / Palma, Alessandro; Papadakis, Nikolaos; Bouloukakis, Georgios et al.
40th Annual ACM Symposium on Applied Computing, SAC 2025. Association for Computing Machinery, 2025. p. 480-489 (Proceedings of the ACM Symposium on Applied Computing).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - SHIELD

T2 - 40th Annual ACM Symposium on Applied Computing, SAC 2025

AU - Palma, Alessandro

AU - Papadakis, Nikolaos

AU - Bouloukakis, Georgios

AU - Garcia-Alfaro, Joaquin

AU - Sospetti, Mattia

AU - Magoutis, Kostas

PY - 2025/5/14

Y1 - 2025/5/14

N2 - Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

AB - Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

KW - attack graph

KW - federated data spaces

KW - security by design

KW - trust management

UR - https://www.scopus.com/pages/publications/105006412773

U2 - 10.1145/3672608.3707797

DO - 10.1145/3672608.3707797

M3 - Conference contribution

AN - SCOPUS:105006412773

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 480

EP - 489

BT - 40th Annual ACM Symposium on Applied Computing, SAC 2025

PB - Association for Computing Machinery

Y2 - 31 March 2025 through 4 April 2025

ER -

SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this