Open distributed systems such as service oriented architecture and cloud computing have emerged as promising platforms to deliver software as a service to users. However, for many security sensitive applications such as critical data processing, trust management poses significant challenges for migrating those critical applications into open distributed systems. In this paper, we present the design and implementation of a new secure dataflow processing system that aims at providing trustworthy continuous data processing in multi-party open distributed systems. We identify a set of major security attacks that can compromise the integrity of dataflow processing and provide effective protection mechanisms to counter those attacks. We have implemented a prototype of the secure dataflow processing framework and tested it on the PlanetLab testbed. Our experimental results show that our protection schemes are effective and impose low performance impact for dataflow processing in large-s...