Privacy preserving business process matching

Business process matching is the activity of checking whether a given business process can interoperate with another one in a correct manner. In case the check fails, it is desirable to obtain information about how the first process can be corrected with as few modifications as possible to achieve interoperability. In case the two business processes belong to two separate enterprises that want to build a virtual enterprise, business process matching based on revealing the business processes poses a clear threat to privacy, as it may expose sensitive information about the inner operation of the enterprises. In this paper we propose a solution to this problem for business processes described by means of service automata. We propose a measure for similarity between service automata and use this measure to devise an algorithm that constructs the most similar automaton to the first one that can interoperate with the second one. To achieve privacy, we implement this algorithm in the programming language SecreC, executing on the Sharemind platform for secure multiparty computation. As a result, only the correction information is leaked to the first enterprise and no more.

[1]  R. Tibshirani,et al.  An introduction to the bootstrap , 1993 .

[2]  Niels Lohmann,et al.  Operating Guidelines for Finite-State Services , 2007, ICATPN.

[3]  Karsten Wolf,et al.  Does My Service Have Partners? , 2009, Trans. Petri Nets Other Model. Concurr..

[4]  Nobuko Yoshida,et al.  Multiparty asynchronous session types , 2008, POPL '08.

[5]  T. D. Fletcher,et al.  Web Services Choreography Description Language Version 1.0, W3C , 2004 .

[6]  Mathias Weske,et al.  BPEL4Chor: Extending BPEL for Modeling Choreographies , 2007, IEEE International Conference on Web Services (ICWS 2007).

[7]  Peeter Laud,et al.  Privacy-Preserving Minimum Spanning Trees through Oblivious Parallel RAM for Secure Multiparty Computation Peeter , 2014 .

[8]  Mehrdad Sabetzadeh,et al.  A relationship-based approach to model integration , 2011, Innovations in Systems and Software Engineering.

[9]  Davide Sangiorgi,et al.  A theory of bisimulation for the π-calculus , 2009, Acta Informatica.

[10]  Ivan Damgård,et al.  Universally Composable Efficient Multiparty Computation from Threshold Homomorphic Encryption , 2003, CRYPTO.

[11]  Christian Stahl,et al.  Deciding Substitutability of Services with Operating Guidelines , 2009, Trans. Petri Nets Other Model. Concurr..

[12]  August-Wilhelm Scheer,et al.  ARIS Architecture and Reference Models for Business Process Management , 2000, Business Process Management.

[13]  Dan Bogdanov,et al.  High-performance secure multi-party computation for data mining applications , 2012, International Journal of Information Security.

[14]  Wil M. P. van der Aalst,et al.  Multiparty Contracts: Agreeing and Implementing Interorganizational Processes , 2010, Comput. J..

[15]  Activité ad‐hoc Types de tâches Introduction to BPMN , 2004 .

[16]  Jan Willemson,et al.  Round-Efficient Oblivious Database Manipulation , 2011, ISC.

[17]  Karsten Wolf,et al.  An Algorithm for Matching Nondeterministic Services with Operating Guidelines , 2006 .

[18]  Octavian Catrina,et al.  Secure Computation with Fixed-Point Numbers , 2010, Financial Cryptography.

[19]  Dan Bogdanov,et al.  Sharemind: A Framework for Fast Privacy-Preserving Computations , 2008, ESORICS.

[20]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[21]  Karsten Wolf,et al.  Operating guidelines - an automata-theoretic foundation for the service-oriented architecture , 2005, Fifth International Conference on Quality Software (QSIC'05).

[22]  Niels Lohmann,et al.  Correctness of services and their composition , 2010 .

[23]  M. Hack,et al.  PETRI NET LANGUAGE , 1976 .

[24]  Peeter Laud,et al.  Private intersection of regular languages , 2014, 2014 Twelfth Annual International Conference on Privacy, Security and Trust.

[25]  Insup Lee,et al.  Simulation-Based Graph Similarity , 2006, TACAS.

[26]  Mehrdad Sabetzadeh,et al.  Matching and Merging of Statecharts Specifications , 2007, 29th International Conference on Software Engineering (ICSE'07).

[27]  Niels Lohmann,et al.  Correcting Deadlocking Service Choreographies Using a Simulation-Based Graph Edit Distance , 2008, BPM.