The PLEAK tool is designed to support the analysis of private data flows in enterprise business pro- cesses (BP) and programs. PLEAK can be used by BP analysts, developers and maintainers in order to understand the privacy implications of the business processes used or planned by their organizations or customers.
PLEAK will improve the general state of the art of privacy by simplifying the risk analysis and impact assessment of privacy leak in today’s systems. Most IT architects or analysts are not experts in information security and cannot judge the technical risks related to using security technologies. PLEAK provides them with a tool that they can use to describe their system by its private data elements, stake- holders, business processes and, optionally, data analysis algorithms. Once this is done, PLEAK will show how private data flows through a system, who does it leak to and to what extent does it leak. This will significantly expand the number of people who can argue that a system is built with insufficient privacy.
Furthermore, PLEAK will provide a library of Privacy Enhancing Technologies (PETs) that can be included in the models. Once the models contain the PETs, PLEAK’s analysis will take that into account and show reduced leakage accordingly. As every security technology has assumptions under which they work in, PLEAK will also collect these assumptions and present them so they can be validated. In addition to a cryptographic privacy analysis, PLEAK will also provide a differentially private analysis that will be more granular in analyzing the leakage of private data to possibly unauthorized par- ties. Furthermore, the NAPLES project will also strive towards the synthesis of better business processes by suggesting PETs.
A critical sub-goal of PLEAK is to be usable to a wide range of users. Thus, PLEAK is built on popular tools such as the BPMN (Business Process Model Notation) language. BPMN is popular among process and systems analysts and by extending it, we will immediately target a much wider range of users than we could address by building a custom language.