Control-flow Reconstruction Attacks on Business Process Models
This work addresses a security risk for businesses that publish process models, revealing that incremental improvements in attack strategies can extract sensitive data.
The paper tackles the problem of confidential information leakage from published business process models by empirically investigating control-flow reconstruction attacks, showing that attackers can reconstruct original process executions with high accuracy using annotated models.
Process models may be automatically generated from event logs that contain as-is data of a business process. While such models generalize over the control-flow of specific, recorded process executions, they are often also annotated with behavioural statistics, such as execution frequencies.Based thereon, once a model is published, certain insights about the original process executions may be reconstructed, so that an external party may extract confidential information about the business process. This work is the first to empirically investigate such reconstruction attempts based on process models. To this end, we propose different play-out strategies that reconstruct the control-flow from process trees, potentially exploiting frequency annotations. To assess the potential success of such reconstruction attacks on process models, and hence the risks imposed by publishing them, we compare the reconstructed process executions with those of the original log for several real-world datasets.