SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Alessandro Palma; Nikolaos Papadakis; Georgios Bouloukakis; Joaquin Garcia-Alfaro; Mattia Sospetti; Kostas Magoutis

doi:10.1145/3672608.3707797

SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Alessandro Palma
, Nikolaos Papadakis
, Georgios Bouloukakis
, Joaquin Garcia-Alfaro
, Mattia Sospetti
, Kostas Magoutis

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

Résumé

Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

langue originale	Anglais
titre	40th Annual ACM Symposium on Applied Computing, SAC 2025
Editeur	Association for Computing Machinery
Pages	480-489
Nombre de pages	10
ISBN (Electronique)	9798400706295
Les DOIs	https://doi.org/10.1145/3672608.3707797
état	Publié - 14 mai 2025
Evénement	40th Annual ACM Symposium on Applied Computing, SAC 2025 - Catania, Italie Durée: 31 mars 2025 → 4 avr. 2025

Série de publications

Nom	Proceedings of the ACM Symposium on Applied Computing

Une conférence

Une conférence	40th Annual ACM Symposium on Applied Computing, SAC 2025
Pays/Territoire	Italie
La ville	Catania
période	31/03/25 → 4/04/25

Accès au document

10.1145/3672608.3707797

Autres fichiers et liens

Lien vers la publication dans Scopus

Contient cette citation

Palma, A., Papadakis, N., Bouloukakis, G., Garcia-Alfaro, J., Sospetti, M., & Magoutis, K. (2025). SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs. Dans 40th Annual ACM Symposium on Applied Computing, SAC 2025 (p. 480-489). (Proceedings of the ACM Symposium on Applied Computing). Association for Computing Machinery. https://doi.org/10.1145/3672608.3707797

@inproceedings{04bf6badd8ae4fa99884ac09e0d33e02,

title = "SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs",

abstract = "Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.",

keywords = "attack graph, federated data spaces, security by design, trust management",

author = "Alessandro Palma and Nikolaos Papadakis and Georgios Bouloukakis and Joaquin Garcia-Alfaro and Mattia Sospetti and Kostas Magoutis",

note = "Publisher Copyright: Copyright {\textcopyright} 2025 held by the owner/author(s).; 40th Annual ACM Symposium on Applied Computing, SAC 2025 ; Conference date: 31-03-2025 Through 04-04-2025",

year = "2025",

month = may,

day = "14",

doi = "10.1145/3672608.3707797",

language = "English",

series = "Proceedings of the ACM Symposium on Applied Computing",

publisher = "Association for Computing Machinery",

pages = "480--489",

booktitle = "40th Annual ACM Symposium on Applied Computing, SAC 2025",

}

Palma, A, Papadakis, N, Bouloukakis, G, Garcia-Alfaro, J, Sospetti, M & Magoutis, K 2025, SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs. Dans 40th Annual ACM Symposium on Applied Computing, SAC 2025. Proceedings of the ACM Symposium on Applied Computing, Association for Computing Machinery, p. 480-489, 40th Annual ACM Symposium on Applied Computing, SAC 2025, Catania, Italie, 31/03/25. https://doi.org/10.1145/3672608.3707797

SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs. / Palma, Alessandro; Papadakis, Nikolaos; Bouloukakis, Georgios et al.
40th Annual ACM Symposium on Applied Computing, SAC 2025. Association for Computing Machinery, 2025. p. 480-489 (Proceedings of the ACM Symposium on Applied Computing).

Résultats de recherche: Le chapitre dans un livre, un rapport, une anthologie ou une collection › Contribution à une conférence › Revue par des pairs

TY - GEN

T1 - SHIELD

T2 - 40th Annual ACM Symposium on Applied Computing, SAC 2025

AU - Palma, Alessandro

AU - Papadakis, Nikolaos

AU - Bouloukakis, Georgios

AU - Garcia-Alfaro, Joaquin

AU - Sospetti, Mattia

AU - Magoutis, Kostas

PY - 2025/5/14

Y1 - 2025/5/14

N2 - Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

AB - Federated data spaces allow organizations to share and control their own data across various domains, but their exposure to cyber attacks has increased due to a surge in newly discovered vulnerabilities. Existing solutions to secure them focus on messaging protocol protection (e.g., using cryptographic means), but this is not sufficient. Attackers may exploit additional vulnerabilities to cause significant issues (e.g., disrupting the availability of services). To this end, we propose SHIELD, a security-by-design approach for federated data spaces, which leverages attack graphs and trust computation to mitigate the risks of cyber attacks. Mitigation is accomplished by proactively assessing the data spaces' weaknesses and implementing security messaging measures to prevent detrimental attacks. A prototype implementation of SHIELD using publish/subscribe as a messaging mechanism is experimentally evaluated over a real architecture in a V2X (Vehicle-to-Everything) scenario.

KW - attack graph

KW - federated data spaces

KW - security by design

KW - trust management

UR - https://www.scopus.com/pages/publications/105006412773

U2 - 10.1145/3672608.3707797

DO - 10.1145/3672608.3707797

M3 - Conference contribution

AN - SCOPUS:105006412773

T3 - Proceedings of the ACM Symposium on Applied Computing

SP - 480

EP - 489

BT - 40th Annual ACM Symposium on Applied Computing, SAC 2025

PB - Association for Computing Machinery

Y2 - 31 March 2025 through 4 April 2025

ER -

SHIELD: Assessing Security-by-Design in Federated Data Spaces Using Attack Graphs

Résumé

Série de publications

Une conférence

Accès au document

Autres fichiers et liens

Empreinte digitale

Contient cette citation