Process mining techniques enable organizations to gain insights into their business processes through the analysis of execution records (event logs) stored by information systems. While most process mining efforts focus on intra-organizational scenarios, many real-world business processes span multiple independent organizations. Inter-organizational process mining, though, faces significant challenges, particularly regarding confidentiality guarantees: The analysis of data can reveal information that the participating organizations may not consent to disclose to one another, or to a third party hosting process mining services. To overcome this issue, this paper presents CONFINE, an approach for secrecy-preserving inter-organizational process mining. CONFINE leverages Trusted Execution Environments (TEEs) to deploy trusted applications that are capable of securely mining multi-party event logs while preserving data secrecy. We propose an architecture supporting a four-stage protocol to secure data exchange and processing, allowing for protected transfer and aggregation of unaltered process data across organizational boundaries. To avoid out-of-memory errors due to the limited capacity of TEEs, our protocol employs a segmentation-based strategy, whereby event logs are transmitted to TEEs in smaller batches. We conduct a formal verification of correctness and a security analysis of the guarantees provided by the TEE core. We evaluate our implementation on real-world and synthetic data, showing that the proposed approach can handle realistic workloads. The results indicate logarithmic memory growth with respect to the event log size and linear growth with the number of provisioning organizations, highlighting scalability properties and opportunities for further optimization.

翻译：过程挖掘技术使组织能够通过分析信息系统存储的执行记录（事件日志）来洞察其业务流程。尽管大多数过程挖掘工作集中于组织内部场景，但现实中的许多业务流程跨越多个独立组织。然而，跨组织过程挖掘面临重大挑战，尤其在保密性保障方面：数据分析可能揭示参与组织不愿彼此披露或不愿向托管过程挖掘服务的第三方披露的信息。为解决这一问题，本文提出CONFINE——一种支持保密性的跨组织过程挖掘方法。CONFINE利用可信执行环境（TEE）部署可信应用程序，能够在保护数据机密性的前提下安全地挖掘多方事件日志。我们提出了一种支持四阶段协议的架构，以保障数据交换与处理的安全，实现未经篡改的过程数据在跨组织边界时的受保护传输与聚合。为避免因TEE容量有限导致的内存溢出错误，我们的协议采用基于分段的策略，将事件日志分批传输至TEE。我们对TEE核心提供的保障进行了正确性形式化验证与安全性分析，并在真实与合成数据上评估了实施方案，证明该方法能够处理实际工作负载。结果表明内存占用随事件日志规模呈对数增长，随供应组织数量呈线性增长，凸显了其可扩展性特质及进一步优化的潜力。