in processes we trust: privacy and trust in business processes
TRANSCRIPT
![Page 1: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/1.jpg)
Privacy and Trust in Business Processes: Challenges and Opportunities
In processes we trust
Marlon Dumas
SOAMED Workshop – Berlin 9-10 June 2016
![Page 2: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/2.jpg)
What do you understand by…
Security?
Privacy?Trust?
2
![Page 3: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/3.jpg)
Trust
Confi
dent
ial
ity
Inte
gri
ty
Non
-Re
pudi
atio
n
Avai
labi
lity
Relia
bilit
y
Safe
ty
FunctionalityData
3
![Page 4: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/4.jpg)
• Security: Confidentiality, integrity and non-repudiation in the presence of dishonest/malicious attackers
• Privacy: Confidentiality in the presence of honest-but-curious actors
SECURITY VS. PRIVACY
4
![Page 5: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/5.jpg)
Topics in Business Process Security & Privacy
• Access control and release control in business processes• Flow analysis to detect unauthorized data object access/disclosures
• Privacy-aware business process execution
• Collaborative process execution with untrusted parties
5
![Page 6: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/6.jpg)
Privacy-Aware Business Processes
![Page 7: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/7.jpg)
Analysis of Linked Datasets: No privacy tech
![Page 8: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/8.jpg)
Analysis of Linked Datasets: k-anonymization
![Page 9: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/9.jpg)
Analysis of Linked Datasets:Multi-Party Computation (MPC)
10 million tax records
+
500 000 education records
Dan Bogdanov et al.: Students and Taxes: a Privacy-Preserving Study Using Secure Computation. PoPETs 2016(3): 117-135 (2016)
9
![Page 10: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/10.jpg)
Dan Bogdanov et al.: a Privacy-Preserving Study Using Secure Computation. PoPETs 2016(3): 117-135 (2016)
Data Analysis with MPC – Architecture
10
![Page 11: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/11.jpg)
Data analysis process with MPC (part 1)
11
![Page 12: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/12.jpg)
12
Data analysis process with MPC (part 2)
Challenges
1. How can we make it easy for business users to model and configure multi-party private data analysis processes?
2. How to analyze such processes against compliance requirements?
12
![Page 13: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/13.jpg)
Scope of MPC
• Allows a computation to be performed across parties without them disclosing anything but the output
• But the output is visible to the analyst…• What if the analyst issues several (authorized) queries? What can they learn about
individuals?
• Information release control• K-anonymity, t-closeness
• Differential privacy
13
![Page 14: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/14.jpg)
Differential Privacy (Dwork 2006)K gives e-differential privacy if for all values of DB, DB’
differing in a single element, and all S in Range(K )
Pr[ K (DB) in S]
Pr[ K (DB’) in S]≤ eε ~ (1+ε)
ratio bounded
Pr [t]
14
![Page 15: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/15.jpg)
Differential Privacy
Source: Gerome Miklau and Michael Hay
Accuracy loss!
15
![Page 16: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/16.jpg)
Dan Bogdanov et al.: a Privacy-Preserving Study Using Secure Computation. PoPETs 2016(3): 117-135 (2016)
Data Analysis with MPC – Architecture
Differentially Private Release Mechanism
Challenges
3. How to measure differential privacy of data analysis processes that are repeatedly executed?
4. How to strike tradeoffs between differential privacy and accuracy in data analysis processes?
![Page 17: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/17.jpg)
Pleak.io – Vision
- Lets one model stakeholders and flows in extended BPMN (PA-BPMN)- Finds data leaks taking into account Privacy-Enhancing Technologies used
- Secure multi-party computation- Encrypted computation- K-anonymity, differential privacy
- Quantifies leakages and accuracy loss.- Suggests relevant privacy-enhancing technologies to reduce privacy leaks.
Part of DARPA’s Brandeis Program – NAPLES Project
![Page 18: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/18.jpg)
18
Pleak.io – Architecture
![Page 19: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/19.jpg)
Sample Scenario in PA-BPMN
19
dp-flow
dp-task
![Page 20: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/20.jpg)
Privacy AnalysisDifferential Privacy Disclosure
20
![Page 21: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/21.jpg)
Underpinning Theory – Generalized Sensitivity
Generalized distances – any partial order with addition and least element- dX: X2 → VX
f : X→Y has sensitivity cf : VX→VY
Differential privacy is a specific case of generalized sensitivity
Generalized sensitivity is composable, e.g. cf○g = cf cg
21
![Page 22: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/22.jpg)
Abstract Model:Data Processing Workflow
22
![Page 23: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/23.jpg)
Differential Privacy Disclosure of Outputs w.r.t. Data Sources
23
![Page 24: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/24.jpg)
Differential Privacy Disclosure of Outputs w.r.t. Data Sources
24
![Page 25: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/25.jpg)
Differential Privacy Disclosure of Outputs w.r.t. Data Sources
25
![Page 26: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/26.jpg)
Differential Privacy Disclosure of a Data Source to a Party
r
26
![Page 27: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/27.jpg)
(ships, disaster) -> { avail_food = 0; avail_ships = []; for (ship in ships) do { fuzzed_loc = ship.loc() + Lap2(3); if (dist(fuzzed_loc, disaster.loc()) / ship.speed() <= 2 && ship.cargo_type() == "food" && !ship.contains(dangerous_materials) ) { avail_food += ship.cargo(); avail_ships.append({ship.name(), fuzzed_loc}); } } avail_food += Lap(2); return (avail_food, avail_ships);}
![Page 28: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/28.jpg)
Collaborative processes with untrusted parties
![Page 29: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/29.jpg)
Distributed Ledger (e.g. Blockchain)
29Source: FT Research
Distributed append-only database that ensures integrity and non-repudiation in an untrusted setting
![Page 30: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/30.jpg)
• Programs living on the blockchain (e.g. Ethereum) with their own memory and code
• Invoked when certain transactions are sent to them
• Can store data, send transactions, interact with other contracts or with “agents”
Smart Contracts
30
![Page 31: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/31.jpg)
Distributed Ledgers for Collaborative Processes
- Participants agree on a collaborative process and a model for it
31
![Page 32: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/32.jpg)
3232
![Page 33: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/33.jpg)
Distributed Ledgers for Collaborative Processes
- Participants agree on a collaborative process and a model for it
- The model is translated to a smart contract(s) to be executed on the blockchain
- Smart contracts listen to process execution events and interact with agents or other smart contracts in order to monitor and/or execute the process
33
![Page 34: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/34.jpg)
1. Audit trail: Record all events in the process, which can be used later to retrace the execution of a given process instance.
2. Monitoring: Deploy a smart contract for every instance of the process to verify and/or enforce the constraints captured in the process model.
3. Active coordination: Deploy a smart contract for every process instance, which observes every event occurring in the process instance and triggers the next step by notifying the agent(s) of the corresponding actors.
34
Distributed Ledgers for Collaborative Processes
![Page 35: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/35.jpg)
Collaborative Process Coordination on Blockchain
35
Ingo Weber et al. (BPM’2016)
Challenges
1. How to make it possible for business users to model and configure collaborative processes on dist. ledgers?
2. How to analyze these processes against security and privacy requirements?
3. How to efficiently execute high-throughput collaborative processes on distributed ledgers?
4. How to ensure privacy in these processes?
![Page 36: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/36.jpg)
Join us…
![Page 37: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/37.jpg)
Reference(s)
[1] Dan Bogdanov et al.: Students and Taxes: a Privacy-Preserving Study Using Secure Computation. PoPETs 2016(3):117-135, 2016
[2] Marlon Dumas, Luciano Garcia-Banuelos, Peeter Laud: Differential Privacy of Data Processing Workflows. In Proc. of GraMSec’2016
[3] Ingo Weber, Xiwei Xu, Regis Riveret, Guido Governatori, Alexander Ponomarev, Jan Mendling. Untrusted Business Process Monitoring and Execution Using Blockchain. In Proc. of BPM’2016
37
![Page 38: In Processes We Trust: Privacy and Trust in Business Processes](https://reader035.vdocuments.mx/reader035/viewer/2022081514/58aa8c121a28ab2e448b663f/html5/thumbnails/38.jpg)
Research funded by DARPA (Brandeis program 2015-2019)
Thanks!