ProMTEE: Secrecy Preservation For Online Process Monitoring with TEEs.pdf
DavideBasile11
1 views
84 slides
Oct 10, 2025
Slide 1 of 84
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
About This Presentation
The online monitoring of collaborative business processes involves the integration of event data sourced from various information systems into a unified process state. The transmission of process records across organizational boundaries poses significant data secrecy and security challenges. In this...
Slide Content
SecrecyPreservationfor
Online Process
Monitoring with Trusted
ExecutionEnvironment
Davide Basile, Sapienza University of Rome, Italy
Claudio Di Ciccio, Utrecht University, Netherlands
Online Process
Monitoring with Trusted
ExecutionEnvironment
Davide Basile, Sapienza University of Rome, Italy
Claudio Di Ciccio, Utrecht University, Netherlands
2
Online processmonitoring
<event>
<string key=“case:concept:name" value="P_01_2025” />
<string key="concept:name" value="Get Order"/>
<date key="time:timestamp" value="2024 -01-15T09:30:00/>
</event>
<event>
<string key=“case:concept:name" value="P_01_2025”/>
<string key="concept:name" value=“Confirm Order"/>
<date key="time:timestamp" value="2024-01-15T10:15:00/>
</event>
Event stream
t t’
…
Runtime
insights
Online processmonitoring
<event>
<string key=“case:concept:name" value="P_01_2025” />
<string key="concept:name" value="Get Order"/>
<date key="time:timestamp" value="2024 -01-15T09:30:00/>
</event>
<event>
<string key=“case:concept:name" value="P_01_2025”/>
<string key="concept:name" value=“Confirm Order"/>
<date key="time:timestamp" value="2024-01-15T10:15:00/>
</event>
Event stream
t t’
…
Runtime
insights
3
Monitoring a collaborative scenario
Monitoring a collaborative scenario
4
Control flow tracking
Case PO24#1
Status: Running
Enabled:
,
Monitoring a collaborative scenario
Control flow tracking
Case PO24#1
Status: Running
Enabled:
,
Monitoring a collaborative scenario
5
Monitoring a collaborative scenario
Monitoring a collaborative scenario
6
A12B8L123A12B8L123
Compliance monitoring
Monitoring a collaborative scenario
Case PO24#1
Rule:
Status: Violated
A12B8L123A12B8L123
Compliance monitoring
Monitoring a collaborative scenario
Case PO24#1
Rule:
Status: Violated
7
Secrecyconcernsin processmonitoring
Secrecyconcernsin processmonitoring
8
Secrecyconcernsin processmonitoring
t
e
Secrecyconcernsin processmonitoring
t
e
9
Secrecyconcernsin processmonitoring
t’
e’
Secrecyconcernsin processmonitoring
t’
e’
10
Secrecyconcernsin processmonitoring
t’’
e’’
Secrecyconcernsin processmonitoring
t’’
e’’
11
Secrecyconcernsin processmonitoring
t’’’
e’’’
Secrecyconcernsin processmonitoring
t’’’
e’’’
12
Secrecyconcernsin processmonitoring
t’’’’
e’’’’
Secrecyconcernsin processmonitoring
t’’’’
e’’’’
13
Secrecyconcernsin processmonitoring
t’’’’’
e’’’’’
Secrecyconcernsin processmonitoring
t’’’’’
e’’’’’
14
Secrecyconcernsin processmonitoring
Secrecyconcernsin processmonitoring
15
Secrecyconcernsin processmonitoring
Secrecyconcernsin processmonitoring
16
Secrecyconcernsin processmonitoring
Secrecyconcernsin processmonitoring
17
Secrecyconcernsin processmonitoring
Secrecyconcernsin processmonitoring
18
Researchobjective
<event>
<string key=‘case:concept:name’ value=‘PO24#1’ >
<string key=‘concept:name’ value=‘Fill in Container’/>
<date key=‘time:timestamp’ value=‘2024-11-04T16:05:06’/>
<string key=‘Container ID’ value=‘TGHU75993’
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: Violated
Rule: Separationof duty (C3)
Researchobjective
<event>
<string key=‘case:concept:name’ value=‘PO24#1’ >
<string key=‘concept:name’ value=‘Fill in Container’/>
<date key=‘time:timestamp’ value=‘2024-11-04T16:05:06’/>
<string key=‘Container ID’ value=‘TGHU75993’
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: Violated
Rule: Separationof duty (C3)
19
Researchobjective
<event>
<string key=‘case:concept:name’ value=‘PO24#1’ >
<string key=‘concept:name’ value=‘Fill in Container’/>
<date key=‘time:timestamp’ value=‘2024-11-04T16:05:06’/>
<string key=‘Container ID’ value=‘TGHU75993’
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: Violated
Rule: Separationof duty (C3)
Trust in event usage Output verifiability
Researchobjective
<event>
<string key=‘case:concept:name’ value=‘PO24#1’ >
<string key=‘concept:name’ value=‘Fill in Container’/>
<date key=‘time:timestamp’ value=‘2024-11-04T16:05:06’/>
<string key=‘Container ID’ value=‘TGHU75993’
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: Violated
Rule: Separationof duty (C3)
Trust in event usage Output verifiability
20
ProMTEEframework
ProMTEEarchitecture ProMTEEinteraction protocol
ProMTEEframework
ProMTEEarchitecture ProMTEEinteraction protocol
21
ProMTEEframework
ProMTEEarchitecture ProMTEEinteraction protocol
Control flow tracking Compliance monitoring
Applied to
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: Violated
Rule: Separationof duty (C3)
ProMTEEframework
ProMTEEarchitecture ProMTEEinteraction protocol
Control flow tracking Compliance monitoring
Applied to
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: Violated
Rule: Separationof duty (C3)
22
TrustedExecutionEnvironments
In-clearCPU-encrypted
TEE-enabled
CPU
DRAM
Trustedapp
TrustedExecutionEnvironments
In-clearCPU-encrypted
TEE-enabled
CPU
DRAM
Trustedapp
23
ProMTEE
Architecture
ProMTEE
Architecture
24
ProMTEEprocessstate
Accessiblesection
Secret section
ProMTEEprocessstate
Accessiblesection
Secret section
25
Accessiblesection
Monitoredprocessdimensions
Secret section
ProMTEEprocessstate
Accessiblesection
Monitoredprocessdimensions
Secret section
ProMTEEprocessstate
26
Accessiblesection
Monitoredprocessdimensions
Case P024#1
Status: Running
Enabled: Check Container (CC)
Secret section
Control flow field
ProMTEEprocessstate
Accessiblesection
Monitoredprocessdimensions
Case P024#1
Status: Running
Enabled: Check Container (CC)
Secret section
Control flow field
ProMTEEprocessstate
27
Accessiblesection
Control flow field Business rule field
Monitoredprocessdimensions
Case P024#1
Status: Running
Enabled: Check Container (CC)
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
Secret section
ProMTEEprocessstate
Accessiblesection
Control flow field Business rule field
Monitoredprocessdimensions
Case P024#1
Status: Running
Enabled: Check Container (CC)
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
Secret section
ProMTEEprocessstate
28
Accessiblesection
Secret section
Monitoredprocessdimensions
Case P024#1
Status: Running
Enabled: Check Container (CC)
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
Relevantevent data
<event>
<string key=‘case:concept:name’ value=‘PO24#1’/>
<string key=‘concept:name’ value=‘Fill in Container’/>
<date key=‘time:timestamp’ value=‘2024-11-04T16:05:06’/>
<string key=‘Container ID’ value=‘TGHU75993’
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Control flow field Business rule field
ProMTEEprocessstate
Accessiblesection
Secret section
Monitoredprocessdimensions
Case P024#1
Status: Running
Enabled: Check Container (CC)
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
Relevantevent data
<event>
<string key=‘case:concept:name’ value=‘PO24#1’/>
<string key=‘concept:name’ value=‘Fill in Container’/>
<date key=‘time:timestamp’ value=‘2024-11-04T16:05:06’/>
<string key=‘Container ID’ value=‘TGHU75993’
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Control flow field Business rule field
ProMTEEprocessstate
29
Functionalarchitectureand deployment
Event Stream Generator
<<device>>
Information System Machine
ProcessState Agent
<<device>>
Client Machine
<<data link>>
Event generation
Functionalarchitectureand deployment
Event Stream Generator
<<device>>
Information System Machine
ProcessState Agent
<<device>>
Client Machine
<<data link>>
Event generation
30
Functionalarchitectureand deployment
Event Stream Generator
<<device>>
Information System Machine
ProcessState Agent
<<data link>>
Event generation
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessState
<<device>>
Monitor Machine
<<data link>>
Secure event transmission
ProcessVault
<<device>>
Client Machine
Functionalarchitectureand deployment
Event Stream Generator
<<device>>
Information System Machine
ProcessState Agent
<<data link>>
Event generation
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessState
<<device>>
Monitor Machine
<<data link>>
Secure event transmission
ProcessVault
<<device>>
Client Machine
31
Components of a ProcessVault
<<executionenvironment>>
TrustedExecutionEnvironment
Event Dispatcher
(Fixed)
ProcessState Manager
(Fixed)
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
ProcessVault
Components of a ProcessVault
<<executionenvironment>>
TrustedExecutionEnvironment
Event Dispatcher
(Fixed)
ProcessState Manager
(Fixed)
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
ProcessVault
32
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessState Manager
(Fixed)
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
ProcessVault
Process
State
Components of a ProcessVault
Event Dispatcher
(Fixed)
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessState Manager
(Fixed)
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
ProcessVault
Process
State
Components of a ProcessVault
Event Dispatcher
(Fixed)
33
<<executionenvironment>>
TrustedExecutionEnvironment
Event Dispatcher
(Fixed)
ProcessState Manager
(Fixed)
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
ProcessVault
ProcessTrackers
Process
State
Components of a ProcessVault
<<executionenvironment>>
TrustedExecutionEnvironment
Event Dispatcher
(Fixed)
ProcessState Manager
(Fixed)
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
ProcessVault
ProcessTrackers
Process
State
Components of a ProcessVault
34
Integration of state-of-the art algorithms
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst.Comput. 8(1), 21–66 (1998)
References
Maggi, F.M., Montali, M., van der Aalst, W.M.P.: An operational decision support framework for monitoring business constraints.
In: FASE 2012. vol. 7212, pp. 146–162 (2012)
Integration of state-of-the art algorithms
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst.Comput. 8(1), 21–66 (1998)
References
Maggi, F.M., Montali, M., van der Aalst, W.M.P.: An operational decision support framework for monitoring business constraints.
In: FASE 2012. vol. 7212, pp. 146–162 (2012)
35
Integration of state-of-the art algorithms
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
Workflow net firingmechanism
van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst.Comput. 8(1), 21–66 (1998)
References
Maggi, F.M., Montali, M., van der Aalst, W.M.P.: An operational decision support framework for monitoring business constraints.
In: FASE 2012. vol. 7212, pp. 146–162 (2012)
P
l
a
c
e
Transition Case
P
l
a
c
e
Marking
Input/Output
matrices
Integration of state-of-the art algorithms
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
Workflow net firingmechanism
van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst.Comput. 8(1), 21–66 (1998)
References
Maggi, F.M., Montali, M., van der Aalst, W.M.P.: An operational decision support framework for monitoring business constraints.
In: FASE 2012. vol. 7212, pp. 146–162 (2012)
P
l
a
c
e
Transition Case
P
l
a
c
e
Marking
Input/Output
matrices
36
Integration of state-of-the art algorithms
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
Workflow net firingmechanism
van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst.Comput. 8(1), 21–66 (1998)
References
Maggi, F.M., Montali, M., van der Aalst, W.M.P.: An operational decision support framework for monitoring business constraints.
In: FASE 2012. vol. 7212, pp. 146–162 (2012)
Reactivereasoner
Declarative
predicates
event.concept:name== "Retrieve goods"
event.product_units" < 1000
β
α
γ
P
l
a
c
e
Transition Case
P
l
a
c
e
Rule C1
Rule C2
Rule C3
Finite
state
machines
Marking
Input/Output
matrices
Integration of state-of-the art algorithms
Control Flow Tracker
(Process-based)
Compliance Rule Tracker
(Process-based)
Workflow net firingmechanism
van der Aalst, W.M.P.: The application of petri nets to workflow management. J. Circuits Syst.Comput. 8(1), 21–66 (1998)
References
Maggi, F.M., Montali, M., van der Aalst, W.M.P.: An operational decision support framework for monitoring business constraints.
In: FASE 2012. vol. 7212, pp. 146–162 (2012)
Reactivereasoner
Declarative
predicates
event.concept:name== "Retrieve goods"
event.product_units" < 1000
β
α
γ
P
l
a
c
e
Transition Case
P
l
a
c
e
Rule C1
Rule C2
Rule C3
Finite
state
machines
Marking
Input/Output
matrices
The ProMTEE
protocol
37
protocol
37
38
Phasesof the ProMTEEprotocol
Phasesof the ProMTEEprotocol
39
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
40
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Input:
Control flow specification
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Input:
Control flow specification
ProMTEEprotocol
41
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Input:
Business rule specification
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Input:
Business rule specification
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Input:
42
Extractionmanifest
ProMTEEprotocol
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Input:
42
Extractionmanifest
ProMTEEprotocol
43
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Control flow specification
<<executionenvironment>>
Operating System
ProcessVaultCompiler
Input
Business rule specification
Extractionmanifest
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
Control flow specification
<<executionenvironment>>
Operating System
ProcessVaultCompiler
Input
Business rule specification
Extractionmanifest
ProMTEEprotocol
ProcessVaultCompiler
44
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
<<executionenvironment>>
Operating System
Extractroutinglogic
Extract
business rule
logic
ProMTEEprotocol
44
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
<<executionenvironment>>
Operating System
Extractroutinglogic
Extract
business rule
logic
ProMTEEprotocol
45
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
<<executionenvironment>>
Operating System
ProcessVaultCompiler
Control Flow
Tracker
Compliance
Rule Tracker
Generate source code
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
<<executionenvironment>>
Operating System
ProcessVaultCompiler
Control Flow
Tracker
Compliance
Rule Tracker
Generate source code
ProMTEEprotocol
46
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
<<executionenvironment>>
Operating System
ProcessVaultCompiler
Event Dispatcher
ProcessState Manager
ProcessVault
Control Flow
Tracker
Compliance
Rule Tracker
<<executionenvironment>>
TrustedExecutionEnvironment
LaunchTrustedApp
TrustedApp measurement
a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4
ProMTEEprotocol
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<device>>
Monitor Machine
<<executionenvironment>>
Operating System
ProcessVaultCompiler
Event Dispatcher
ProcessState Manager
ProcessVault
Control Flow
Tracker
Compliance
Rule Tracker
<<executionenvironment>>
TrustedExecutionEnvironment
LaunchTrustedApp
TrustedApp measurement
a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4
ProMTEEprotocol
48
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProcessState Agent
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
(Event Dispatcher)
ProMTEEprotocol
Trustedsubscription
Secure event transmission
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProcessState Agent
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
(Event Dispatcher)
ProMTEEprotocol
Trustedsubscription
Secure event transmission
49
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProcessState Agent
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
(Event Dispatcher)
ProMTEEprotocol
Trustedsubscription
Custom data
Provisioning key (random)
Organization identityproof
Measurement
CPU-signed
a7b8c9d0e1f2a3b4c5
d6e7f8a9b0c1d2e3f4
Secure event transmission
Periodic
TEE attestationevidences
Subscribed
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProcessState Agent
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
(Event Dispatcher)
ProMTEEprotocol
Trustedsubscription
Custom data
Provisioning key (random)
Organization identityproof
Measurement
CPU-signed
a7b8c9d0e1f2a3b4c5
d6e7f8a9b0c1d2e3f4
Secure event transmission
Periodic
TEE attestationevidences
Subscribed
50
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProcessState Agent
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
(Event Dispatcher)
ProMTEEprotocol
Trustedsubscription
Custom data
Provisioning key (random)
Organization identityproof
Measurement
CPU-signed
a7b8c9d0e1f2a3b4c5
d6e7f8a9b0c1d2e3f4
Secure event transmission
Processevent stream
Subscribed
Periodic
TEE attestationevidences
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProcessState Agent
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
(Event Dispatcher)
ProMTEEprotocol
Trustedsubscription
Custom data
Provisioning key (random)
Organization identityproof
Measurement
CPU-signed
a7b8c9d0e1f2a3b4c5
d6e7f8a9b0c1d2e3f4
Secure event transmission
Processevent stream
Subscribed
Periodic
TEE attestationevidences
51
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Event Dispatcher
Event Stream Generator
ProcessState Agent
Subscribed
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Event Dispatcher
Event Stream Generator
ProcessState Agent
Subscribed
52
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
53
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
2. Encryptevent with the
last provisioning key
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
2. Encryptevent with the
last provisioning key
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
54
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
3 . Transmit
encryptedevent
n/
2. Encryptevent with the
last provisioning key
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
3 . Transmit
encryptedevent
n/
2. Encryptevent with the
last provisioning key
55
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
3 . Transmit
encryptedevent
n/
4. Decryptevent
with provisioning key
Decryption
43 61 73 65
3a 20 43 61
73 65 41 0a
2. Encryptevent with the
last provisioning key
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
3 . Transmit
encryptedevent
n/
4. Decryptevent
with provisioning key
Decryption
43 61 73 65
3a 20 43 61
73 65 41 0a
2. Encryptevent with the
last provisioning key
56
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
3 . Transmit
encryptedevent
Decryption
43 61 73 65
3a 20 43 61
73 65 41 0a
Extraction
Extraction
manifest
5. Extractevent
n/
2. Encryptevent with the
last provisioning key
4. Decryptevent
with provisioning key
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
Event Stream Generator
ProcessState Agent
1. Forwardevent
Encryption
Provisioning Key
eTRzcO7/
ytjXqHTA
CBewLIXZ
ncb+4fk3
n
3 . Transmit
encryptedevent
Decryption
43 61 73 65
3a 20 43 61
73 65 41 0a
Extraction
Extraction
manifest
5. Extractevent
n/
2. Encryptevent with the
last provisioning key
4. Decryptevent
with provisioning key
57
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
ProcessState Manager
FIFO queue
6. Pushevent
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
ProcessState Manager
FIFO queue
6. Pushevent
58
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
ProcessState Manager
FIFO queue
6. Pushevent
7. Pop event
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
n
Subscribed
ProMTEEprotocol
Event Dispatcher
ProcessState Manager
FIFO queue
6. Pushevent
7. Pop event
59
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Secret Section
Enabled: FillIn Container
Case P024#1
Accessiblesection
Event e
ProcessStatePs
ExtractionmanifestEm
Status: -
Rule: Separationof duty (C3)
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Secret Section
Enabled: FillIn Container
Case P024#1
Accessiblesection
Event e
ProcessStatePs
ExtractionmanifestEm
Status: -
Rule: Separationof duty (C3)
60
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Secret Section
Accessiblesection
h
ProcessStatePs
e
=hash(
(=2f7e19af922e44056e0b33
4afc63ced4046c332bc02
94e3fe9aa3cd55305c3b7
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Status: -
Rule: Separationof duty (C3)
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Secret Section
Accessiblesection
h
ProcessStatePs
e
=hash(
(=2f7e19af922e44056e0b33
4afc63ced4046c332bc02
94e3fe9aa3cd55305c3b7
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Status: -
Rule: Separationof duty (C3)
61
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Secret Section
Accessiblesection
ProcessStatePs
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Status: -
Rule: Separationof duty (C3)
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Secret Section
Accessiblesection
ProcessStatePs
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Status: -
Rule: Separationof duty (C3)
62
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Secret Section
Accessiblesection
ProcessStatePs
Compliance Rule Tracker
Upds
Ps Ps’
update
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Status: TemporarilySatisfied
Rule: Separationof duty (C3)
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Secret Section
Accessiblesection
ProcessStatePs
Compliance Rule Tracker
Upds
Ps Ps’
update
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Status: TemporarilySatisfied
Rule: Separationof duty (C3)
63
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
evd=
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
evd=
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
64
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
<<executionenvironment>>
OS
ProcessVaultInspector
2024-11-04
T16:05:06
2f7e19af922e44
056e0b334afc6
3ced4046c332
bc0294e3fe9aa
3cd55305c3b7
upd now h
e
evd
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
Case P024#1
Status: Running
Enabled: FillIn Container
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
<<executionenvironment>>
TrustedExecutionEnvironment
ProcessVault
<<executionenvironment>>
OS
ProcessVaultInspector
2024-11-04
T16:05:06
2f7e19af922e44
056e0b334afc6
3ced4046c332
bc0294e3fe9aa
3cd55305c3b7
upd now h
e
evd
65
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Rule: Separationof duty (C3)
Status: TemporarilySatisfied
66
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
Fillin Container Check Container
<event>
<string key=‘case:concept:name’ value=‘PO24#1’/>
<string key=‘concept:name’ value=‘Fill in Container’/>
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Case P024#1
Status: Running
Case P024#1
Rule: Separationof duty (C3)
Enabled: Check Container Status: TemporarilySatisfied
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
Control Flow Field Business Rule Field
Secret Section
Accessiblesection
ProcessStatePs
Fillin Container Check Container
<event>
<string key=‘case:concept:name’ value=‘PO24#1’/>
<string key=‘concept:name’ value=‘Fill in Container’/>
<string key=‘Logistics Operator’ value= ‘A12B8L123’/>
</event>
Case P024#1
Status: Running
Case P024#1
Rule: Separationof duty (C3)
Enabled: Check Container Status: TemporarilySatisfied
67
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
<<executionenvironment>>
OS
ProcessVaultInspector
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: TemporarilySatisfied
Rule: Separationof duty (C3)
Accessiblesection
Timestamp: 2024-11-04 T16:05:06
Event hash: 2f7e19af922e4193hd
Evidence: xvxnewosh2i793qdw
Timestamp: 2024-11-04 T16:05:06
Event hash:2f7e19af922e4193hd
Evidence: dwijwdwdpijdda12ds
<<device>>
Monitor Machine
<<device>>
Client Machine
ProcessState Agent
Data access
State inspection
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
<<executionenvironment>>
OS
ProcessVaultInspector
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: TemporarilySatisfied
Rule: Separationof duty (C3)
Accessiblesection
Timestamp: 2024-11-04 T16:05:06
Event hash: 2f7e19af922e4193hd
Evidence: xvxnewosh2i793qdw
Timestamp: 2024-11-04 T16:05:06
Event hash:2f7e19af922e4193hd
Evidence: dwijwdwdpijdda12ds
<<device>>
Monitor Machine
<<device>>
Client Machine
ProcessState Agent
Data access
State inspection
68
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
<<executionenvironment>>
OS
ProcessVaultInspector
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: TemporarilySatisfied
Rule: Separationof duty (C3)
Accessiblesection
Timestamp: 2024-11-04 T16:05:06
Event hash: 2f7e19af922e4193hd
Evidence: xvxnewosh2i793qdw
Timestamp: 2024-11-04 T16:05:06
Event hash:2f7e19af922e4193hd
Evidence: dwijwdwdpijdda12ds
<<device>>
Monitor Machine
<<device>>
Client Machine
ProcessState Agent
Data access
State inspection
Bootstrapping
Trusted
subscription
Secure event
transmission
State update
21 3 4
ProMTEEprotocol
<<executionenvironment>>
OS
ProcessVaultInspector
Control Flow Field Business Rule Field
Case P024#1
Status: Running
Enabled: Check Container
Case P024#1
Status: TemporarilySatisfied
Rule: Separationof duty (C3)
Accessiblesection
Timestamp: 2024-11-04 T16:05:06
Event hash: 2f7e19af922e4193hd
Evidence: xvxnewosh2i793qdw
Timestamp: 2024-11-04 T16:05:06
Event hash:2f7e19af922e4193hd
Evidence: dwijwdwdpijdda12ds
<<device>>
Monitor Machine
<<device>>
Client Machine
ProcessState Agent
Data access
State inspection
Evaluation
69
69
70
Evaluation
Security assesment
Threatanalysis
Performance analysis
Memory usage Responsiveness
(in the paper) (nextslides)
Evaluation
Security assesment
Threatanalysis
Performance analysis
Memory usage Responsiveness
(in the paper) (nextslides)
71
Implementationdetails
ProcessVaultimplementedasan
Intel SGX trustedapplication
CPU: Intel Xeon Gold 5415+
We bootstrap our Process Vault
prototype using a Python encoding
of the Process Vault Compiler
Repository DOI: 10.5281/zenodo.15545155
Implementationdetails
ProcessVaultimplementedasan
Intel SGX trustedapplication
CPU: Intel Xeon Gold 5415+
We bootstrap our Process Vault
prototype using a Python encoding
of the Process Vault Compiler
Repository DOI: 10.5281/zenodo.15545155
72
Experimentalsetting
Event log Type Cases Events Activities Businesrules
Supply Chain (SC)
Sepsis
BPIC12
Road Traffic Fines (RTF)
Synthetic
Real-world
Real-world
Real-world
2 000
1 050
13 087
150 370
40 740
15 214
262 200
561 470
19
16
36
11
5
2
16
8
Experimentalsetting
Event log Type Cases Events Activities Businesrules
Supply Chain (SC)
Sepsis
BPIC12
Road Traffic Fines (RTF)
Synthetic
Real-world
Real-world
Real-world
2 000
1 050
13 087
150 370
40 740
15 214
262 200
561 470
19
16
36
11
5
2
16
8
74
Memory usage
In-clearCPU-encrypted
TEE-enabled
CPU
DRAM
Trustedapp
Limited space
Memory usage
In-clearCPU-encrypted
TEE-enabled
CPU
DRAM
Trustedapp
Limited space
75
Responsiveness
ൗ
�
�
Wemodel the event
fetchingand processing
withinthe ProcessVault
asan M/M/1 queue
Arrivalrate
Service rate
Occupationrate Expectedlag
eeee
1234
Event
Dispatcher
ProcessState
Manager
�−�
−1
Responsiveness
ൗ
�
�
Wemodel the event
fetchingand processing
withinthe ProcessVault
asan M/M/1 queue
Arrivalrate
Service rate
Occupationrate Expectedlag
eeee
1234
Event
Dispatcher
ProcessState
Manager
�−�
−1
76
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
77
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
78
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
79
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
80
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
Responsiveness
ൗ
�
�
Occupationrate Expectedlag
�−�
−1
Future work
81
81
82
Future work
Extension to the cross-instancedimension
The samelogisticsoperator must
appearin atleast3 process
instanceswithinthe sameday
Cross-instancebusiness rule
Future work
Extension to the cross-instancedimension
The samelogisticsoperator must
appearin atleast3 process
instanceswithinthe sameday
Cross-instancebusiness rule
83
Future work
Correctnesscheck with partiallyor
totallyundisclosedspecifications
Future work
Correctnesscheck with partiallyor
totallyundisclosedspecifications
84
Future work
Consistencyacrossmultiple ProcessVaults
ProcessVault
ProcessVault
ProcessVault
Future work
Consistencyacrossmultiple ProcessVaults
ProcessVault
ProcessVault
ProcessVault
85
More in the paper
More in the paper
86
SecrecyPreservationfor Online Process
Monitoring with TrustedExecution
Environment
ProMTEErepository
Claudio Di Ciccio, Utrecht University, Netherlands
Davide Basile, Sapienza University of Rome, Italy
[email protected]
[email protected]
SecrecyPreservationfor Online Process
Monitoring with TrustedExecution
Environment
ProMTEErepository
Claudio Di Ciccio, Utrecht University, Netherlands
Davide Basile, Sapienza University of Rome, Italy
[email protected]
[email protected]
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 1
- Slides 84
- Favorites 1
- Age 53 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views