Python Notes for mca i year students osmania university.docx
In Processes We Trust: Privacy and Trust in Business Processes
1. Privacy and Trust in Business Processes: Challenges and Opportunities
In processes we trust
Marlon Dumas
marlon.dumas@ut.ee
SOAMED Workshop – Berlin 9-10 June 2016
2. What do you understand by…
Security?
Privacy?Trust?
2
4. • Security: Confidentiality, integrity and non-repudiation in the presence of
dishonest/malicious attackers
• Privacy: Confidentiality in the presence of honest-but-curious actors
SECURITY VS. PRIVACY
4
5. Topics in Business Process Security & Privacy
• Access control and release control in business processes
• Flow analysis to detect unauthorized data object access/disclosures
• Privacy-aware business process execution
• Collaborative process execution with untrusted parties
5
9. Analysis of Linked Datasets:
Multi-Party Computation (MPC)
10 million tax records
+
500 000 education records
Dan Bogdanov et al.: Students and Taxes: a Privacy-Preserving Study Using Secure
Computation. PoPETs 2016(3): 117-135 (2016)
9
10. Dan Bogdanov et al.: a Privacy-Preserving Study Using Secure Computation. PoPETs 2016(3): 117-135 (2016)
Data Analysis with MPC – Architecture
10
12. 12
Data analysis process with MPC (part 2)
Challenges
1. How can we make it easy for business users to model
and configure multi-party private data analysis
processes?
2. How to analyze such processes against compliance
requirements?
12
13. Scope of MPC
• Allows a computation to be performed across parties without them disclosing
anything but the output
• But the output is visible to the analyst…
• What if the analyst issues several (authorized) queries? What can they learn about individuals?
• Information release control
• K-anonymity, t-closeness
• Differential privacy
13
14. Differential Privacy (Dwork 2006)
K gives e-differential privacy if for all values of DB, DB’
differing in a single element, and all S in Range(K )
Pr[ K (DB) in S]
Pr[ K (DB’) in S]
≤ eε ~ (1+ε)
ratio bounded
Pr [t]
14
16. Dan Bogdanov et al.: a Privacy-Preserving Study Using Secure Computation. PoPETs 2016(3): 117-135 (2016)
Data Analysis with MPC – Architecture
Differentially
Private Release
Mechanism
Challenges
3. How to measure differential privacy of data analysis
processes that are repeatedly executed?
4. How to strike tradeoffs between differential privacy
and accuracy in data analysis processes?
17. Pleak.io – Vision
- Lets one model stakeholders and flows in extended BPMN (PA-BPMN)
- Finds data leaks taking into account Privacy-Enhancing Technologies used
- Secure multi-party computation
- Encrypted computation
- K-anonymity, differential privacy
- Quantifies leakages and accuracy loss.
- Suggests relevant privacy-enhancing technologies to reduce privacy leaks.
Part of DARPA’s Brandeis Program – NAPLES Project
21. Underpinning Theory – Generalized Sensitivity
Generalized distances – any partial order with addition and least element
- dX: X2
→ VX
f : X→Y has sensitivity cf : VX→VY
Differential privacy is a specific case of generalized sensitivity
Generalized sensitivity is composable, e.g. cf○g = cf cg
21
29. Distributed Ledger (e.g. Blockchain)
29
Source: FT Research
Distributed append-only database that ensures integrity and non-
repudiation in an untrusted setting
30. • Programs living on the blockchain (e.g. Ethereum) with their own memory and
code
• Invoked when certain transactions are sent to them
• Can store data, send transactions, interact with other contracts or with “agents”
Smart Contracts
30
31. Distributed Ledgers for Collaborative Processes
- Participants agree on a collaborative process and a model for it
31
33. Distributed Ledgers for Collaborative Processes
- Participants agree on a collaborative process and a model for it
- The model is translated to a smart contract(s) to be executed on the blockchain
- Smart contracts listen to process execution events and interact with agents or
other smart contracts in order to monitor and/or execute the process
33
34. 1. Audit trail: Record all events in the process, which can be used later to retrace
the execution of a given process instance.
2. Monitoring: Deploy a smart contract for every instance of the process to verify
and/or enforce the constraints captured in the process model.
3. Active coordination: Deploy a smart contract for every process instance, which
observes every event occurring in the process instance and triggers the next step
by notifying the agent(s) of the corresponding actors.
34
Distributed Ledgers for Collaborative Processes
35. Collaborative Process Coordination on Blockchain
35
Ingo Weber et al. (BPM’2016)
Challenges
1. How to make it possible for business users to model
and configure collaborative processes on dist. ledgers?
2. How to analyze these processes against security and
privacy requirements?
3. How to efficiently execute high-throughput collaborative
processes on distributed ledgers?
4. How to ensure privacy in these processes?
37. Reference(s)
[1] Dan Bogdanov et al.: Students and Taxes: a Privacy-Preserving Study Using
Secure Computation. PoPETs 2016(3):117-135, 2016
[2] Marlon Dumas, Luciano Garcia-Banuelos, Peeter Laud: Differential Privacy of
Data Processing Workflows. In Proc. of GraMSec’2016
[3] Ingo Weber, Xiwei Xu, Regis Riveret, Guido Governatori, Alexander
Ponomarev, Jan Mendling. Untrusted Business Process Monitoring and Execution
Using Blockchain. In Proc. of BPM’2016
37