Title Security and Privacy Concerns in Cloud-based Scientific and Business Workflows A Systematic Review
2025-05-06
0
0
1.24MB
21 页
10玖币
侵权投诉
1
Security and Privacy Concerns in Cloud-based Scientific and
Business Workflows: A Systematic Review
Nafiseh Soveizi*, Fatih Turkmen*, Dimka Karastoyanova*
*University of Groningen, Groningen, The Netherlands
Abstract: Today, the number of data-intensive and compute-intensive applications like business
and scientific workflows has dramatically increased, which made cloud computing more
popular in the matter of delivering a large amount of computing resources on demand. On the
other hand, security is a critical issue affecting the wide adoption of cloud technologies,
especially for workflows that are mostly dealing with sensitive data and tasks. In this paper, we
carry out a review of the state-of-the-art on how security and privacy concerns in scientific and
business workflows in cloud environments are being addressed and identify the limitations and
gaps in the current body of knowledge in this area. In this extensive literature review, we first
present a classification of the state-of-the-art security solutions organized according to the
phases of the workflow life cycle they target. Based on our findings, we provide a detailed review
and classification of the most relevant available literature focusing on the execution, monitoring,
and adaptation phases of workflows. Finally, we present a list of open research issues related to
the security of the cloud-based workflows and discuss them.
Keywords:
Security, Scientific Workflows, Business Processes, Cloud Computing, Workflow
Adaptation, Life cycle;
1. Introduction
Workflows are commonly used application models that consist of a series of computational tasks logically connected
by data- and control-flow dependencies [1]. There are two main types of workflows: The first type – scientific workflows,
typically involve a large amount of data processing, analysis, and computing, requiring high computing and storage
capacities. The second type of workflow is business workflows, applied predominantly in (business) information systems.
Unlike scientific workflows, individual activities/tasks in business workflows usually require lower computing power and
fewer storage resources, although the number of concurrently running workflow instances is typically large and the
communication time between tasks needs to be kept as short as possible [2]. Both academia and industry have been active
in setting the foundations of workflow management (as a subfield of Business Process Management) as a discipline in the
last several decades by developing the workflow technology that allows for modelling, executing workflows, and thus
automating the enterprise processes.
Cloud computing [3] plays a key role in workflow management since it can deliver a large amount of computing
resources on-demand [2] for running data-intensive and compute-intensive applications. It also comes with the promise to
reduce the running costs and maximize the revenues while maintaining or even improving the Quality of Service (QoS).
Making use of cloud computing by Workflow Management Systems (WfMSs) can further increase the productivity of the
system. Seen from the point of view of cloud computing users, cloud workflows [4][5] provide an abstract definition of
complex applications, flexible configuration, and automated scalable operation, and also improve the QoS.
From the perspective of the providers of cloud computing services, cloud workflows enable the automatic scheduling
of tasks (the process of mapping tasks to cloud resources within the required QoS) and management of resources [6].
Despite all the above-mentioned advantages of cloud-based workflows, cloud security is a major area of concern [7][8]
that is restricting their use for certain applications, especially for the workflows dealing with sensitive data and tasks. In
fact, when a workflow or part of it is outsourced to the cloud, the WfMS loses control over tasks that can lead to increased
2
security risks and make them vulnerable to malicious attacks. These security challenges mostly stem from the shared nature
of cloud infrastructure in which computing/storage resources are shared with other users, and sensitive data are transferred
among cloud components such as Data Centers (DCs) over possibly untrusted network channels. In addition, the cloud is
honest-but-curious in the sense that the cloud service provider may faithfully follow the established protocols but at the
same time, it may be curious to deduce valuable information about the users’ data and the workflow logic. Since the
deduced information may be leaked or even sold to third parties by the malicious cloud providers [9], some users are
reluctant to use the cloud (deployment model).
In search for a solution to these concerns, there have been various studies on the topic of security properties of processes
and workflow management systems from different perspectives. To the best of our knowledge, there is no up-to-date
overview of the state of the art on the topic. To compensate for this gap in existing research, in this work we use the
methodologies for performing a literature mapping study and a systematic literature review to achieve two goals:
1) Systematic review of the state of the art in addressing and maintaining security properties of cloud-based workflows
throughout their complete life cycle, including a special focus on an additional life cycle phase accounting for runtime
adaptation.
2) Identification of the gaps in the state of the art and subsequently the needs for future research.
Our study shows that most of the solutions for ensuring the security properties of cloud-based workflows focus on the
modelling aspects of workflows, mainly providing modelling concepts to express the security properties of workflows.
Solutions towards enforcing these properties are rare, narrow in scope, and in some cases implementation-specific. One
significant finding is that there is only very scarce research reported on the runtime adaptation of cloud-based business or
scientific workflows that is triggered upon and carried out as a reaction to security violations.
The rest of the paper is organized as follows: Section 2 introduces the basic concepts. In Section 0, we discuss the
existing literature about the security and privacy of cloud-based workflows. Section 4 presents the review process and data
collection. In Section 5, the main results of our study are presented. Section 6 illustrates the open issues and the challenges
that still need to be addressed in this topic. Finally, Section 7 concludes this paper.
2. Background: Scientific and Business Workflows, and the Similarities/Differences between
them
The Business Process Management (BPM) (that covers also the workflow management technology) and scientific
workflows are established research fields and up until recently have been regarded as separate fields of research. In the last
decade, there have been several attempts to apply approaches from the BPM field in the field of scientific workflows both
in terms of modelling approaches and principles, as well as in terms of using workflow management environments to run
scientific workflows for different application fields [10] [11]. At the same time, these works were based on the observations
that there are both similarities and differences between these seemingly disparate fields. In this section, we highlight these
differences and provide the necessary background information on the topic.
Based on the available literature, we can summarize the definitions of both terms as follows:
A scientific workflow describes a series of computations that enable the analysis of data in a structured and distributed
manner. It orchestrates and automates scientific applications in a way that reduces the complexity of managing scientific
experiments [12].
A business workflow is the automation of a business process, in whole or in part, during which documents, information,
or tasks are passed from one participant to another for action, according to a set of procedural rules [13].
The life cycles of workflows that both fields follow have a different focus as depicted in Figure 1. The two life cycles
clearly show that the two fields view the workflows from different perspectives: business workflows are viewed as a
software artifact that can be used by several user roles with focus on different aspects of the management of the artifacts,
whereas the scientific workflows revolve around one user role, namely the scientist, who is dealing with both management
of the software artifacts and their use. Note that we will mostly refer to the business process life cycle in our study, as it is
the more detailed one and hence provides a more detailed basis for the comparison of the existing works. Despite seemingly
different focus of the two fields, the literature shows [12][14][10][11][15][16] similarities as well, which were the reasons
for the recent technological advances mentioned above. Based on these similarities especially in the security concerns,
we investigate both types for workflows together in this survey. Table 1 and Table 2 summarize the similarities and
3
Criterion
Business workflows
Scientific workflows
Workflow definition and execution
Business processes typically define control and
data flow in a process model using a generic
(domain-independent) notation. They are executed
multiple times on a generic process execution
environment.
Scientific workflows are defined either using a
programming language or a domain-specific scientific
workflow language or notation. Execution is system-
specific too.
Data flow vs. control flow
Control-flow oriented, focus on tasks/activities
and their ordering.
Data-flow oriented, explicit focus on data and its
processing.
Life Cycle
- Explicitly defined life cycle where phases focus
on managing processes/workflows
- One model and many instances
- Different groups of users
(Fig 1. a)
- Life cycle phases focus on managing the scientific
computation from point of view of the user
- No explicit distinction between workflow models and
their instances
- Scientists are the only user group
(Fig 1. b)
Duration
- Short and long running processes
- Number of instances may be huge
- Short and long running computations
- Number of instances smaller
Flexibility (a.k.a. dynamicity)
Usually, workflows are pre-defined during the
modeling phase. Mostly academic research results
in process evolution and adaptation available.
Need a high degree of flexibility because they are
carried out in a trial-and-error manner.
Reproducibility
Less need for reproducibility
Need reproducibility
Fault Handling
Processes must be guaranteed to be complete and
if any fault occurs, it should be handled. Means are
available for fault and exception handling in the
existing technologies.
Conduct experiments that may or may not succeed.
However, technical faults (e.g. server unavailability,
network connection error) that may occur during the
execution should be handled. FH and EH on scientific
workflow level specific for the domain language, if at
all available.
Interaction with participants
Data can be processed by machines or humans.
In most cases, several users are involved.
In most cases, data is processed only by machines, and
the scientists just manage and monitor the workflow
execution.
Criterion
Business and Scientific Workflows
Security
Both types of workflows need to satisfy the fundamental security principles of CIANA (Confidentiality, Integrity,
Availability, Non-Repudiation, and Authenticity) [17] during the whole workflow life cycle.
Robustness
The requirements like the ability to be error-resistant and recoverable are similar for both types of workflows.
Scalability
Both types of workflows require the ability to scale with the number of users, services, data resources, and involved
participants.
Figure 1: a) Business Workflow Life Cycle b) Scientific Workflow Life Cycle [10]
Table 2: The Differences between Business and Scientific Workflows
Table 1: The Similarities between Scientific and Business Workflows
4
the differences between scientific and business workflows respectively.
3. Related Surveys
Reviews are typically divided into two types: Systematic literature Review (SLR)[18] and Traditional Literature
Review (TLR)
1
[19][20]. SLRs usually try to answer well-defined questions by following a specific search strategy. On
the other hand, TLRs usually do not mention their search strategy for finding relevant publications, and therefore in TLRs,
searches may be ad-hoc and are thus not fully comprehensive.
There are very few literature reviews that can be related to the security and privacy of cloud-based workflows. In Table
3, we provide an overview of the relevant literature reviews.
The role of trust in service workflows has been examined and explored in [21]. The authors have defined trust as a
complement to conventional security services (e.g., authentication, authorization). Therefore, the main focus of this paper
is trust that can improve security in business workflows where security requirements are locally defined, globally
integrated, and distributedly enforced. Based on their findings, workflows need to be more flexible in terms of trust
mechanisms to enable an increase in the degree of automation.
The survey [6] that is closest in scope to our survey, provides an initial overview of cloud workflow security. It has mapped
the specification of QoS to the workflow life cycle phases as follows: The QoS specification is done in the workflow
modeling stage; QoS aware service selection happens in the instantiation stage of the workflow where the appropriate
software and hardware services are selected based on the requirements specified in the previous stage; and QoS consistency
modeling and QoS violation handling happen in the workflow execution stage. However, based on the publication year
(2014) of this paper and also the type of its review, it does not provide a comprehensive overview of the recent developments.
The TLR presented in [22] has surveyed the existing works by defining the factors needed in securing scientific
workflows during execution, identifying several domains in which security is essential and sources of security threats. The
paper only focuses on the scheduling phase of the scientific workflow.
In [23], the security concerns in resource scheduling have been investigated. The authors identified the different types
of security constraints and classified models into three categories: data security, data center security, and infrastructure
security. The focus of this paper is only on the scheduling phase. These literature reviews have different goals and/or do
not cover all phases of the workflow life cycle. Hence, we can conclude that there is a lack of a comprehensive study of
the security and privacy concerns of the cloud-based workflows during the whole workflow life cycle and their effect on
the WfMS architecture.
1
Narrative review
Paper
Type of review
Focus
Main findings
[21], 2012
TLR
Trust exhibited in service
workflows (trust is considered as
a complement to the
conventional security services)
Formal definitions of trust need more study to be usable as means for
decision making in dynamic distributed environments and as a result,
increase the degree of automation.
[6], 2014
TLR
An overview of cloud workflows
and security
There must be cloud-specific standards for securing the workflows in
the cloud.
[22], 2018
TLR
Security of the scientific
workflows during execution
There is a need of developing more models which will consider
different parameters such as (execution) environment, CPU
configuration settings, for more than one workflow.
[23], 2019, covers 2006-
2015
SLR
Security concerns in resource
scheduling
The main focus of their reviewed studies is limited to Integrity,
Availability, and Security.
Table 3: The summary of the Related Literature Reviews.
5
4. Research Methodology
As mentioned before, up to now and to the best of our knowledge, there is no comprehensive review that can discover
and evaluate the security and privacy concerns in cloud-based business or scientific workflows. To overcome this, we use
a combination of an SLR [24] and a Systematic Mapping Review (SMR) [25] to identify the current research challenges
and also existing gaps that can give an overview of research in the area. Since the articles are not evaluated in such detail
in practice according to the SMR protocol, more articles can be considered. For that reason, as a first step, we used SMR
to portray the relationship between literature and categories and identify gaps, and show in which topic areas there is a
shortage of publications [25]. Subsequently, we use the mapping as a road map for the next steps, namely an SLR, with
which we show further details about existing works on the identified research question. Our Review Methodology Structure
is presented in Figure 2.
4.1. Research Questions
The research questions we define for our research are as follows:
RQ1: What is the state of the art in security and privacy in cloud-based business and scientific workflows in each stage
of their life cycle?
RQ2: Which security issues are addressed in which phase of the life cycle and what mechanisms are employed?
RQ3: Based on the research identified, what are the existing research gaps on which further research should focus?
4.2. Search Strategy
The search was performed in four scientific databases, namely Scopus, Web of Science, ACM Digital Library, and
IEEE Xplore. We also scanned the reference lists included in the papers in order to ensure that this review would be more
comprehensive. The search was limited to papers in English published between January 2010 and December 2021.
The initial search string used to find the related papers is as follows:
(("security" OR "privacy") AND ("scientific workflow" OR ” "business workflow"” OR "business process" OR "service
Composition" OR "orchestration") AND ("cloud"))
In order to cover all papers that are related to the same or similar concepts in the literature, especially in the business
context, we also used “business process", "service composition" , and "orchestration" in the search string.
4.3. Study Selection Criteria and Procedures
This section describes the inclusion/exclusion criteria that set the boundaries for the systematic review and also the
procedures for performing the selection.
Figure 2: Review Methodology Structure (based on [24])
摘要:
展开>>
收起<<
1SecurityandPrivacyConcernsinCloud-basedScientificandBusinessWorkflows:ASystematicReviewNafisehSoveizi*,FatihTurkmen*,DimkaKarastoyanova**UniversityofGroningen,Groningen,TheNetherlandsAbstract:Today,thenumberofdata-intensiveandcompute-intensiveapplicationslikebusinessandscientificworkflowshasdramati...
声明:本站为文档C2C交易模式,即用户上传的文档直接被用户下载,本站只是中间服务平台,本站所有文档下载所得的收益归上传人(含作者)所有。玖贝云文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。若文档所含内容侵犯了您的版权或隐私,请立即通知玖贝云文库,我们立即给予删除!
相关推荐
-
【词汇变形总汇】2025高考词汇变形总汇 - 教师版VIP免费
2024-12-06 3 -
【超简37页】新课标高考英语考纲3500词汇VIP免费
2024-12-06 4 -
《高考英语3500词详解》(WORD版)VIP免费
2024-12-06 13 -
《高考英语3500词详解》VIP免费
2024-12-06 11 -
高中英语-[教师版]80天通关高考3500词汇VIP免费
2024-12-06 12 -
高中人教选修7课文逐句翻译VIP免费
2024-12-06 7 -
高中人教选修7课文原文及翻译VIP免费
2024-12-06 13 -
高中人教必修4课文逐句翻译VIP免费
2024-12-06 8 -
高中人教必修4课文原文及翻译VIP免费
2024-12-06 13 -
高考英语核心高频688词汇VIP免费
2024-12-06 10
分类:图书资源
价格:10玖币
属性:21 页
大小:1.24MB
格式:PDF
时间:2025-05-06
作者详情
-
Voltage-Controlled High-Bandwidth Terahertz Oscillators Based On Antiferromagnets Mike A. Lund1Davi R. Rodrigues2Karin Everschor-Sitte3and Kjetil M. D. Hals1 1Department of Engineering Sciences University of Agder 4879 Grimstad Norway10 玖币0人下载
-
Voltage-controlled topological interface states for bending waves in soft dielectric phononic crystal plates10 玖币0人下载
相关内容
-
文科数学02-2024届新高三开学摸底考试卷(全国通用)(A4考试版)
分类:中学教育
时间:2025-05-11
标签:无
格式:DOCX
价格:10 玖币
-
文科数学02-2024届新高三开学摸底考试卷(全国通用)(A3考试版)
分类:中学教育
时间:2025-05-11
标签:无
格式:DOCX
价格:10 玖币
-
文科数学
分类:中学教育
时间:2025-05-11
标签:无
格式:PDF
价格:10 玖币
-
文科答题卡
分类:中学教育
时间:2025-05-11
标签:无
格式:PDF
价格:10 玖币
-
文科答案
分类:中学教育
时间:2025-05-11
标签:无
格式:PDF
价格:10 玖币
渝公网安备50010702506394
