Peeter Laud

Niels Voorneveld, Peeter Laud

We propose a method for reasoning about trust in multi-agent systems, specifying a language for describing communication protocols and making trust assumptions and derivations. This is given an interpretation in a modal logic for describing the beliefs and communications of agents in a network. We define how information in the network can be shared via forwarding, and how trust between agents can be generalized to trust across networks. We give specifications for the modal logic which can be readily adapted into a lambda calculus of proofs. We show that by nesting modalities, we can describe chains of communication between agents, and establish suitable notions of trust for such chains. We see how this can be applied to trust models in public key infrastructures, as well as other interaction protocols in distributed systems.

Aleksandr Lenin, Peeter Laud

In this paper we present the design of name based access control scheme which facilitates data confidentiality by applying end-to-end encryption to data published on NDN with flexible fine-grained access control, which allows to define an enforce access policies on published data. The scheme is based on ciphertext-policy attribute-based encryption (CP-ABE). We discuss the use of the scheme on the basis of two use-cases, and report overhead associated with it, based on our implementation.

Gamal Elkoumy, Stephan A. Fahrenkrog-Petersen, Marlon Dumas et al.

Process mining is a family of techniques for analysing business processes based on event logs extracted from information systems. Mainstream process mining tools are designed for intra-organizational settings, insofar as they assume that an event log is available for processing as a whole. The use of such tools for inter-organizational process analysis is hampered by the fact that such processes involve independent parties who are unwilling to, or sometimes legally prevented from, sharing detailed event logs with each other. In this setting, this paper proposes an approach for constructing and querying a common type of artifact used for process mining, namely the frequency and time-annotated Directly-Follows Graph (DFG), over multiple event logs belonging to different parties, in such a way that the parties do not share the event logs with each other. The proposal leverages an existing platform for secure multi-party computation, namely Sharemind. Since a direct implementation of DFG construction in Sharemind suffers from scalability issues, the paper proposes to rely on vectorization of event logs and to employ a divide-and-conquer scheme for parallel processing of sub-logs. The paper reports on an experimental evaluation that tests the scalability of the approach on real-life logs.

Peeter Laud, Alisa Pankova

There are numerous methods of achieving $ε$-differential privacy (DP). The question is what is the appropriate value of $ε$, since there is no common agreement on a "sufficiently small" $ε$, and its goodness depends on the query as well as the data. In this paper, we show how to compute $ε$ that corresponds to $δ$, defined as the adversary's advantage in probability of guessing some specific property of the output. The attacker's goal can be stated as Boolean expression over guessing particular attributes, possibly within some precision. The attributes combined in this way should be independent. We assume that both the input and the output distributions have corresponding probability density functions, or probability mass functions.

Aivo Toots, Reedik Tuuling, Maksym Yerokhin et al.

Pleak is a tool to capture and analyze privacy-enhanced business process models to characterize and quantify to what extent the outputs of a process leak information about its inputs. Pleak incorporates an extensible set of analysis plugins, which enable users to inspect potential leakages at multiple levels of detail.

Peeter Laud, Alisa Pankova, Martin Pettai

We introduce derivative sensitivity, an analogue to local sensitivity for continuous functions. We use this notion in an analysis that determines the amount of noise to be added to the result of a database query in order to obtain a certain level of differential privacy, and demonstrate that derivative sensitivity allows us to employ powerful mechanisms from calculus to perform the analysis for a variety of queries. We have implemented the analyzer and evaluated its efficiency and precision. We also show the flexibility of derivative sensitivity in specifying the quantitative privacy notion of the database, as desired by the data owner. Instead of only using the `number of changed rows' metric, our metrics can depend on the locations and amounts of changes in a much more nuanced manner. This will help to make sure that the distance is not larger than the data owner desires (which would undermine privacy), thereby encouraging the adoption of differentially private data analysis mechanisms.