Disclosure Analysis of SQL Workflows

  • Marlon Dumas
  • Luciano García-BañuelosEmail author
  • Peeter Laud
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11086)


In the context of business process management, the implementation of data minimization requirements requires that analysts are able to assert what private data each worker is able to access, not only directly via the inputs of the tasks they perform in a business process, but also indirectly via the chain of tasks that lead to the production of these inputs. In this setting, this paper presents a technique which, given a workflow that transforms a set of input tables into a set of output tables via a set of inter-related SQL statements, determines what information from each input table is disclosed by each output table, and under what conditions this disclosure occurs. The result of this disclosure analysis is a summary representation of the possible computations leading from the inputs of the workflow to a given output thereof.



This research was funded by the Air Force Research laboratory (AFRL) and Defense Advanced Research Projects Agency (DARPA) under contract FA8750-16-C-0011. The views expressed are those of the author(s) and do not reflect the official policy or position of the Department of Defense or the U.S. Government.


  1. 1.
    Accorsi, R., Lehmann, A., Lohmann, N.: Information leak detection in business process models: theory, application, and tool support. Inf. Syst. 47, 244–257 (2015)CrossRefGoogle Scholar
  2. 2.
    Barthe, G., Köpf, B., Olmedo, F., Béguelin, S.Z.: Probabilistic relational reasoning for differential privacy. ACM Trans. Program. Lang. Syst. 35(3), 9 (2013)CrossRefGoogle Scholar
  3. 3.
    Colesky, M., Hoepman, J.-H., Hillen, C.: A critical analysis of privacy design strategies. In: IEEE Security and Privacy Workshops (SP), pp. 33–40. IEEE Computer Society (2016)Google Scholar
  4. 4.
    Dumas, M., García-Bañuelos, L., Laud, P.: Differential privacy analysis of data processing workflows. In: Kordy, B., Ekstedt, M., Kim, D.S. (eds.) GraMSec 2016. LNCS, vol. 9987, pp. 62–79. Springer, Cham (2016). Scholar
  5. 5.
    Gaboardi, M., Haeberlen, A., Hsu, J., Narayan, A., Pierce, B.C.: Linear dependent types for differential privacy. In: Proceedings of POPL 2013, pp. 357–370. ACM (2013)Google Scholar
  6. 6.
    Johnson, N., Near, J.P., Song, D.: Towards practical differential privacy for SQL queries. Proc. VLDB Endow. 11(5), 526–539 (2018)Google Scholar
  7. 7.
    McSherry, F.: Privacy integrated queries: an extensible platform for privacy-preserving data analysis. In: Proceedings of SIGMOD 2009, pp. 19–30. ACM (2009)Google Scholar
  8. 8.
    OMG: Business Process Model and Notation (BPMN), Version 2.0. Technical report, Object Management Group, January 2011Google Scholar
  9. 9.
    Perumal, S., Mahanti, A.: A graph-search based algorithm for verifying workflow graphs. In: Proceedings of DEXA 2005, pp. 992–996. IEEE Computer Society (2005)Google Scholar
  10. 10.
    Pettai, M., Laud, P.: Combining differential privacy and mutual information for analyzing leakages in workflows. In: Maffei, M., Ryan, M. (eds.) POST 2017. LNCS, vol. 10204, pp. 298–319. Springer, Heidelberg (2017). Scholar
  11. 11.
    Tšahhirov, I., Laud, P.: Application of dependency graphs to security protocol analysis. In: Barthe, G., Fournet, C. (eds.) TGC 2007. LNCS, vol. 4912, pp. 294–311. Springer, Heidelberg (2008). Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Marlon Dumas
    • 1
  • Luciano García-Bañuelos
    • 1
    Email author
  • Peeter Laud
    • 2
  1. 1.University of TartuTartuEstonia
  2. 2.CyberneticaTartuEstonia

Personalised recommendations