Privacy-Preserving Alpha Algorithm for Software Analysis

Validation in a big software system can be managed by analysis of its behaviour through occasionally collected event logs. Process mining is a technique to perform software validation by discovering process models from event logs or by checking the conformance of the logs to a process model. A well-known algorithm in process mining to discover process models is alpha algorithm. However, while utilising alpha algorithm is useful for software validation, the existence of some sensitive information in the log files may become a threat for the privacy of users. In this work, we propose a protocol for privacy-preserving alpha algorithm on encrypted data. Our protocol aims to generate process models for a software without leaking any information about its users. It achieves same computational complexity with the original algorithm despite the additional computation overhead.

[1]  Miguel Castro,et al.  Better bug reporting with better privacy , 2008, ASPLOS 2008.

[2]  Chen Fu,et al.  Is Data Privacy Always Good for Software Testing? , 2010, 2010 IEEE 21st International Symposium on Software Reliability Engineering.

[3]  Boyang Li Enhancing Utility and Privacy of Data for Software Testing , 2014, 2014 IEEE Seventh International Conference on Software Testing, Verification and Validation Workshops.

[4]  Tomas Toft,et al.  Secure Equality and Greater-Than Tests with Sublinear Online Complexity , 2013, ICALP.

[5]  Tomas Toft Sub-linear, Secure Comparison with Two Non-colluding Parties , 2011, Public Key Cryptography.

[6]  Ricardo Seguel,et al.  Process Mining Manifesto , 2011, Business Process Management Workshops.

[7]  Wil M. P. van der Aalst,et al.  Workflow mining: discovering process models from event logs , 2004, IEEE Transactions on Knowledge and Data Engineering.

[8]  Byung-Gon Chun,et al.  TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones , 2010, OSDI.

[9]  Dawn Xiaodong Song,et al.  TaintEraser: protecting sensitive data leaks using application-level taint tracking , 2011, OPSR.

[10]  Michael Naehrig,et al.  Improved Security for a Ring-Based Fully Homomorphic Encryption Scheme , 2013, IMACC.

[11]  David Lo,et al.  kbe-anonymity: test data anonymization for evolving programs , 2012, 2012 Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering.

[12]  Peter M. Broadwell,et al.  Scrash: A System for Generating Secure Crash Information , 2003, USENIX Security Symposium.

[13]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.