The focus of Pleak is on analyzing the data processing, hence correctly handling data objects is crucial for the correct analysis. Pleak does not support full BPMN specification and the details of the supported syntax depend on the analyzers, however there are some overall guidelines and conventions used by the analyzers.
Pleak offers a range of analysis capabilities that each come with their own benefits as well as restrictions. Overall, the user can start with the visibility analysis offered by the disclosure tables that is available also for plain BPMN models. Then depending on the process it can either be enhanced with PETs (PE-BPMN stereotypes) or the operations of the tasks can be specified with the computation script. Specifying the computations allows qualitative leakage analysis with the leaks-when analyzers. Leaks-When analyzers summarize the data processing to highlight dependencies between generated data objects and the inputs of the process. Finally, if something is also known about the input data and the workflow computes an aggregation (can be also an intermediate step for guessing advantage with collaboration models) then sensitivity analyzers can be used to quantify the leakage.
The following table summarizes the analyzers, for more details see the page for the analyzer of interest.
|Simple and Extended Disclosure||Leakage Detection||BPMN Leaks-When||SQL Leaks-When||Global Sensitivity||Combined Sensitivity||Guessing Advantage|
|Model Type||Collaboration (multiple pools allowed)||Data processing workflow (single process)||Data processing workflow or Collaboration|
|Model restrictions||Only meaningful for multiple pools||Reasonable for models with branching||One start event only (over all the pools)||No branching||No branching||No branching, Final query has a numeric output (aggregation query)|
|PETs support||All stereotypes||Secret sharing, Encryption||Encryption, Secure Channel||Partial support thorugh extended disclosure report integration||Differential privacy||Differential privacy||Differential privacy|
|Script language||-||-||Pseudocode||Postgre SQL||Postgre SQL||Postgre SQL||Postgre SQL|
|Other possible inputs||-||-||-||Data sharing policy||-||Attacker's prior knowledge about the data|