Abstract
In this paper, we propose an architecture for a security-aware workflow management system (WfMS) we call SecFlow in answer to the recent developments of combining workflow management systems with Cloud environments and the still lacking abilities of such systems to ensure the security and privacy of cloud-based workflows. The SecFlow architecture focuses on full workflow life cycle coverage as, in addition to the existing approaches to design security-aware processes, there is a need to fill in the gap of maintaining security properties of workflows during their execution phase. To address this gap, we derive the requirements for such a security-aware WfMS and design a system architecture that meets these requirements. SecFlow integrates key functional components such as secure model construction, security-aware service selection, security violation detection, and adaptive response mechanisms while considering all potential malicious parties in multi-tenant and cloud-based WfMS.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
Our code will be available soon at https://github.com/nafisesoezy/SecFlow.
References
Dumas, M., La Rosa, M., Mendling, J., Reijers, H.A.: Fundamentals of Business Process Management, vol. 37, no. 6, p. 517 (2018)
Li, X., et al.: Design and development of an adaptive workflow enabled spatial-temporal analytics framework. In: ICPADS - International Conference on Parallel and Distributed Systems, pp. 862–867 (2012). ISSN: 1521-9097
Rodriguez, M.A., Buyya, R.: Scientific Workflow Management System for Clouds, 1st edn., pp. 367–387. Elsevier Inc. (2017)
Meidan, A., et al.: A survey on business processes management suites. Comput. Stand. Interfaces 51, 71–86 (2017)
Poola, D., et al.: A taxonomy and survey of fault-tolerant workflow management systems in cloud and distributed computing environments. In: Software Architecture for Big Data and The Cloud, pp. 285–320 (2017)
Soveizi, N., Turkmen, F., Karastoyanova, D.: Security and privacy concerns in cloud-based scientific and business workflows: a systematic review. Future Gener. Comput. Syst. 148, 184–200 (2023)
Varshney, S., Sandhu, R., Gupta, P.K.: QoS based resource provisioning in cloud computing environment: a technical survey. In: Singh, M., Gupta, P., Tyagi, V., Flusser, J., Ören, T., Kashyap, R. (eds.) ICACDS 2019. CCIS, vol. 1046, pp. 711–723. Springer, Singapore (2019). https://doi.org/10.1007/978-981-13-9942-8_66
OWASP. Threat modeling cheat sheet (2022). https://cheatsheetseries.owasp.org/cheatsheets/Threat%20Modeling%20Cheat%20Sheet.html
Minhaj Ahmad Khan: A survey of security issues for cloud computing. J. Netw. Comput. Appl. 71, 11–29 (2016)
Modi, C.N., Acha, K.: Virtualization layer security challenges and intrusion detection/prevention systems in cloud computing: a comprehensive review. J. Supercomput. 73(3), 1192–1234 (2017). https://doi.org/10.1007/s11227-016-1805-9
Alhenaki, L., et al.: A survey on the security of cloud computing. In: ICCAIS 2019, pp. 1–7 (2019)
Hwang, G.H., Kao, Y.C., Hsiao, Y.C.: Scalable and trustworthy cross-enterprise WfMSs by cloud collaboration. In: Proceedings of the IEEE International Congress on Big Data 2013, pp. 70–77 (2013)
Maroua, N., Adel, A., Belhassen, Z.: A new formal proxy-based approach for secure distributed business process on the cloud. In: Proceedings of the International Conference on AINA 2018, pp. 973–980 (2018). ISSN: 1550-445X
Salman, T., et al.: Machine learning for anomaly detection and categorization in multi-cloud environments. In: CSCloud 2017, pp. 97–103 (2017)
Bhardwaj, A., et al.: Distributed denial of service attacks in cloud: state-of-the-art of scientific and commercial solutions. Comput. Sci. Rev. 39, 100332 (2021)
Panda, D.R., Behera, S.K., Jena, D.: A survey on cloud computing security issues, attacks and countermeasures. In: Patnaik, S., Yang, X.S., Sethi, I. (eds.) Advances in Machine Learning and Computational Intelligence. AIS, pp. 513–524. Springer, Cham (2021). https://doi.org/10.1007/978-981-15-5243-4_47
Wang, Y., et al.: Scientific workflow execution system based on mimic defense in the cloud environment. Front. Inf. Technol. Electron. Eng. 19(12), 1522–1536 (2018). ISSN: 2095-9230
Mofrad, S., et al.: SecDATAVIEW: a secure big data workflow management system for heterogeneous computing environments. In: ACM International Conference Proceeding Series, pp. 390–403 (2019)
Kim, D., Vouk, M.A.: Securing scientific workflows. In: Proceedings of the IEEE QRS-C 2015, pp. 95–104 (2015)
Lins, F., Damasceno, J., Medeiros, R., Sousa, E., Rosa, N.: Automation of service-based security-aware business processes in the Cloud. Computing 98(9), 847–870 (2016). https://doi.org/10.1007/s00607-015-0476-3
Huang, H., et al.: Research on cloud workflow engine supporting three-level isolation and privacy protection, pp. 160–165 (2019)
Kashlev, A., Lu, S.: A system architecture for running big data workflows in the cloud. In: Proceedings of the International Conference on SCC, pp. 51–58 (2014)
jBPM: Business Process Management Suite. https://www.jbpm.org/
Ramadan, Q., Strüber, D., Salnitri, M., Jürjens, J., Riediger, V., Staab, S.: A semi-automated BPMN-based framework for detecting conflicts between security, data-minimization, and fairness requirements. Softw. Syst. Model. 19(5), 1191–1227 (2020). https://doi.org/10.1007/s10270-020-00781-x
CloudSim Plus Contributors. CloudSim Plus. GitHub repository. https://github.com/manoelcampos/cloudsim-plus
Acknowledgments
This work is partially funded by the HORIZON-KDT-JU-2022-1-IA project 101112089 AIMS5.0. The authors thank Dimka Karastoyanova for the input and contribution in most phases of this work.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Soveizi, N., Turkmen, F. (2024). SecFlow: Adaptive Security-Aware Workflow Management System in Multi-cloud Environments. In: Sales, T.P., de Kinderen, S., Proper, H.A., Pufahl, L., Karastoyanova, D., van Sinderen, M. (eds) Enterprise Design, Operations, and Computing. EDOC 2023 Workshops . EDOC 2023. Lecture Notes in Business Information Processing, vol 498. Springer, Cham. https://doi.org/10.1007/978-3-031-54712-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-031-54712-6_17
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-54711-9
Online ISBN: 978-3-031-54712-6
eBook Packages: Computer ScienceComputer Science (R0)