In this paper, we propose an architecture for a security-aware workflow management system (WfMS) we call SecFlow in answer to the recent developments of combining workflow management systems with Cloud environments and the still lacking abilities of such systems to ensure the security and privacy of cloud-based workflows. The SecFlow architecture focuses on full workflow life cycle coverage as, in addition to the existing approaches to design security-aware processes, there is a need to fill in the gap of maintaining security properties of workflows during their execution phase. To address this gap, we derive the requirements for such a security-aware WfMS and design a system architecture that meets these requirements. SecFlow integrates key functional components such as secure model construction, security-aware service selection, security violation detection, and adaptive response mechanisms while considering all potential malicious parties in multi-tenant and cloud-based WfMS.

翻译：本文提出了一种名为SecFlow的安全感知工作流管理系统架构，以应对工作流管理系统与云环境结合的最新发展趋势，以及此类系统在保障基于云的工作流安全性与隐私性方面仍存在的不足。SecFlow架构专注于覆盖工作流的完整生命周期，因为除了现有的安全感知流程设计方法外，还需填补在执行阶段保持工作流安全属性的空白。为填补这一空白，我们推导出此类安全感知工作流管理系统的需求，并设计了满足这些需求的系统架构。SecFlow集成了关键功能组件，包括安全模型构建、安全感知服务选择、安全违规检测及自适应响应机制，同时考虑了多租户与基于云的工作流管理系统中所有潜在恶意方。