Multi-level privacy analysis of business processes: the Pleak toolset

Privacy regulations, such as GDPR, impose strict requirements to organizations that store and process private data. Privacy-enhancing technologies (PETs), such as secure multi-party computation and differential privacy, provide mechanisms to perform computations over private data and to protect the disclosure of private data and derivatives thereof. When PETs are used to protect individual computations or disclosures, their privacy properties and their effect on the utility of the disclosed data can be straightforwardly asserted. However, when multiple PETs are used as part of a complex and possibly inter-organizational business process, it becomes non-trivial for analysts to fully grasp the guarantees that the combined set of PETs provide overall. This article presents a multi-level approach to analyze privacy properties of business processes that rely on PETs to protect private data. The approach is embodied in an open-source toolset, Pleak , that allows analysts to capture privacy-enhanced business process models and to characterize and quantify to what extent the outputs of a process leak information about its inputs. Pleak incorporates an extensible set of analysis plugins, which enable users to inspect potential leakages at multiple levels of detail.