SecFlow: Adaptive Security-Aware Workflow Management System in Multi-Cloud Environments

• URL: http://arxiv.org/abs/2307.05137v1
• Date: Tue, 11 Jul 2023 09:27:07 GMT
• Title: SecFlow: Adaptive Security-Aware Workflow Management System in Multi-Cloud Environments
• Authors: Nafiseh Soveizi and Fatih Turkmen
• Abstract summary: We propose an architecture for a security-aware workflow management system (WfMS) SecFlow integrates key functional components such as secure model construction, security-aware service selection, security violation detection, and adaptive response mechanisms.
• Score: 2.12121796606941
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: In this paper, we propose an architecture for a security-aware workflow management system (WfMS) we call SecFlow in answer to the recent developments of combining workflow management systems with Cloud environments and the still lacking abilities of such systems to ensure the security and privacy of cloud-based workflows. The SecFlow architecture focuses on full workflow life cycle coverage as, in addition to the existing approaches to design security-aware processes, there is a need to fill in the gap of maintaining security properties of workflows during their execution phase. To address this gap, we derive the requirements for such a security-aware WfMS and design a system architecture that meets these requirements. SecFlow integrates key functional components such as secure model construction, security-aware service selection, security violation detection, and adaptive response mechanisms while considering all potential malicious parties in multi-tenant and cloud-based WfMS.

Related papers

• ARGO-SLSA: Software Supply Chain Security in Argo Workflows [0.0]
  Argonatives is an engine for managing software artifacts in an automated fashion. It does not include built-in functionality for frameworks like Supply-chain Levels for Software Artifacts (SLSA) This paper proposes a provenance controller built on top of Argos to enhance artifact security.
  arXiv  Detail & Related papers  (2025-03-25T21:32:23Z)
• Workflow for Safe-AI [0.0]
  Development and deployment of safe and dependable AI models is crucial in applications where functional safety is a key concern. This work proposes a transparent, complete, yet flexible and lightweight workflow that highlights both reliability and qualifiability.
  arXiv  Detail & Related papers  (2025-03-18T07:45:18Z)
• Flow: Modularized Agentic Workflow Automation [53.073598156915615]
  Multi-agent frameworks powered by large language models (LLMs) have demonstrated great success in automated planning and task execution. However, the effective adjustment of agentic during execution has not been well studied. In this paper, we define an activity-on-vertex (AOV) graph, which allows continuous workflow refinement by agents. Our proposed multi-agent framework achieves efficient concurrent execution of subtasks, effective goal achievement, and enhanced error tolerance.
  arXiv  Detail & Related papers  (2025-01-14T04:35:37Z)
• Benchmarking Agentic Workflow Generation [80.74757493266057]
  We introduce WorFBench, a unified workflow generation benchmark with multi-faceted scenarios and intricate graph workflow structures. We also present WorFEval, a systemic evaluation protocol utilizing subsequence and subgraph matching algorithms. We observe that the generated can enhance downstream tasks, enabling them to achieve superior performance with less time during inference.
  arXiv  Detail & Related papers  (2024-10-10T12:41:19Z)
• SeBS-Flow: Benchmarking Serverless Cloud Function Workflows [51.4200085836966]
  We propose the first serverless workflow benchmarking suite SeBS-Flow. SeBS-Flow includes six real-world application benchmarks and four microbenchmarks representing different computational patterns. We conduct comprehensive evaluations on three major cloud platforms, assessing performance, cost, scalability, and runtime deviations.
  arXiv  Detail & Related papers  (2024-10-04T14:52:18Z)
• Towards Secure Management of Edge-Cloud IoT Microservices using Policy as Code [6.200058263544999]
  IoT application providers increasingly use MicroService Architecture (MSA) to develop applications that convert IoT data into valuable information. The proposed framework contains a "control plane" to intelligently and dynamically utilise and configure cloud-native (i.e., container orchestrators and service mesh) technologies to enforce security policies. We implement a prototype of the proposed framework using open-source cloud-native technologies such as Docker, Istio, and Open Policy Agent to validate the framework.
  arXiv  Detail & Related papers  (2024-06-27T01:03:23Z)
• Securing the Open RAN Infrastructure: Exploring Vulnerabilities in Kubernetes Deployments [60.51751612363882]
  We investigate the security implications of and software-based Open Radio Access Network (RAN) systems. We highlight the presence of potential vulnerabilities and misconfigurations in the infrastructure supporting the Near Real-Time RAN Controller (RIC) cluster.
  arXiv  Detail & Related papers  (2024-05-03T07:18:45Z)
• Enhancing Energy Sector Resilience: Integrating Security by Design Principles [20.817229569050532]
  Security by design (Sbd) is a concept for developing and maintaining systems that are impervious to security attacks. This document presents the security requirements for the implementation of the SbD in industrial control systems.
  arXiv  Detail & Related papers  (2024-02-18T11:04:22Z)
• DASICS: Enhancing Memory Protection with Dynamic Compartmentalization [7.802648283305372]
  We present the DASICS (Dynamic in-Address-Space Isolation by Code Segments) secure processor design. It offers dynamic and flexible security protection across multiple privilege levels, addressing data flow protection, control flow protection, and secure system calls. We have implemented hardware FPGA prototypes and software QEMU simulator prototypes based on DASICS, along with necessary modifications to system software for adaptability.
  arXiv  Detail & Related papers  (2023-10-10T09:05:29Z)
• Enhancing Workflow Security in Multi-Cloud Environments through Monitoring and Adaptation upon Cloud Service and Network Security Violations [2.5835347022640254]
  We propose an approach that focuses on monitoring cloud services and networks to detect security violations during workflow executions. Our approach is evaluated based on the performance of the detection procedure and the impact of the selected adaptations on the workflow.
  arXiv  Detail & Related papers  (2023-10-03T08:33:46Z)
• Project Florida: Federated Learning Made Easy [4.829821142951709]
  We present Project Florida, a system architecture and software development kit (SDK) enabling deployment of large-scale Federated Learning (FL) solutions. FL is an approach to machine learning based on a strong data sovereignty principle, i.e., that privacy and security of data is best enabled by storing it at its origin. Project Florida aims to simplify the task of deploying cross-device FL solutions by providing cloud-hosted infrastructure and accompanying task management interfaces.
  arXiv  Detail & Related papers  (2023-07-21T20:56:20Z)
• Leveraging Traceability to Integrate Safety Analysis Artifacts into the Software Development Process [51.42800587382228]
  Safety assurance cases (SACs) can be challenging to maintain during system evolution. We propose a solution that leverages software traceability to connect relevant system artifacts to safety analysis models. We elicit design rationales for system changes to help safety stakeholders analyze the impact of system changes on safety.
  arXiv  Detail & Related papers  (2023-07-14T16:03:27Z)
• Recursively Feasible Probabilistic Safe Online Learning with Control Barrier Functions [60.26921219698514]
  We introduce a model-uncertainty-aware reformulation of CBF-based safety-critical controllers. We then present the pointwise feasibility conditions of the resulting safety controller. We use these conditions to devise an event-triggered online data collection strategy.
  arXiv  Detail & Related papers  (2022-08-23T05:02:09Z)
• Safe RAN control: A Symbolic Reinforcement Learning Approach [62.997667081978825]
  We present a Symbolic Reinforcement Learning (SRL) based architecture for safety control of Radio Access Network (RAN) applications. We provide a purely automated procedure in which a user can specify high-level logical safety specifications for a given cellular network topology. We introduce a user interface (UI) developed to help a user set intent specifications to the system, and inspect the difference in agent proposed actions.
  arXiv  Detail & Related papers  (2021-06-03T16:45:40Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.