In this paper, we propose an architecture for a security-aware workflow
management system (WfMS) we call SecFlow in answer to the recent developments
of combining workflow management systems with Cloud environments and the still
lacking abilities of such systems to ensure the security and privacy of
cloud-based workflows. The SecFlow architecture focuses on full workflow life
cycle coverage as, in addition to the existing approaches to design
security-aware processes, there is a need to fill in the gap of maintaining
security properties of workflows during their execution phase. To address this
gap, we derive the requirements for such a security-aware WfMS and design a
system architecture that meets these requirements. SecFlow integrates key
functional components such as secure model construction, security-aware service
selection, security violation detection, and adaptive response mechanisms while
considering all potential malicious parties in multi-tenant and cloud-based
WfMS.Comment: 16 pages, 6 figure