Privacy and Confidentiality Mechanisms for Process Mining
Process mining refers to a set of techniques for discovering, analyzing, and enhancing business processes based on process event logs (offline) or process event streams (online). Process event logs or streams might contain sensitive information of companies and organizations, for example, patient-related information in the medical domain or worker-related information in the manufacturing domain [MPO19]. Recently, first surveys and approaches have been proposed to address the issue of privacy and confidentiality in process mining, e.g., [Elko22]. One example is the concept of differential privacy applied to event logs [Mann19]. This master thesis aims at understanding privacy and confidentiality requirements in process mining, i.e., aims at answering the following questions i) which event log data is sensitive and should be protected? ii) how is sensitive data possibly exposed by process mining?, iii) which privacy-preserving mechanisms can be applied to event logs?, and iv) how can we measure privacy loss? For i) one process event log is to be selected from publicly available repositories such as the BPIC logs and one event log is to be created using the Cloud Process Execution Engine cpee.org tool chain. The event logs are then analyzed w.r.t. ii), i.e., different scenarios are elaborated how sensitive information is exposed. For iii) privacy-preserving mechanisms are to be harvested from literature and discussed in the context of event logs. Moreover, one of the mechanisms is selected, prototypically implemented, and applied to the two selected event logs. Together with iii), measures for privacy loss are identified (iv) and illustrated based on the event logs.
[Elko22] Gamal Elkoumy, Stephan A. Fahrenkrog-Petersen, Mohammadreza Fani Sani, Agnes Koschmider, Felix Mannhardt, Saskia Nuñez von Voigt, Majid Rafiei, Leopold von Waldthausen: Privacy and Confidentiality in Process Mining: Threats and Research Challenges. ACM Trans. Manag. Inf. Syst. 13(1): 11:1-11:17 (2022)
[Mann19] Felix Mannhardt, Agnes Koschmider, Nathalie Baracaldo, Matthias Weidlich, Judith Michael: Privacy-Preserving Process Mining - Differential Privacy for Event Logs. Bus. Inf. Syst. Eng. 61(5): 595-614 (2019)
[MPO19] Felix Mannhardt, Sobah Abbas Petersen, Manuel Fradinho Oliveira: Process Mining and Privacy in Smart Manufacturing. Inform. Spektrum 42(5): 336-339 (2019)
Contact: master.i17 [at] in.tum.de