Protocols for confidential computing in business process monitoring

In the research domain of Business Process Management, collaborative processes, commonly found in healthcare, manufacturing, and supply chain management, involve multiple autonomous organizations that cooperate to achieve mutually shared operational objectives. The adoption of end-to-end process monitoring techniques in these contexts remains hindered by the primary requirement to protect the secrecy of sensitive execution data: the exposure of raw process records beyond organizational boundaries can lead to the disclosure of business-critical or personal information, generating privacy and compliance risks under regulations such as the GDPR. As a result, most organizations avoid data sharing and monitor only on their local fragments. This practice, however, may lead to potentially misleading or imprecise insights, as the resulting analytics may miss dependencies that emerge only when the process is observed comprehensively. Existing secrecy-preserving strategies, while effective in reducing disclosure risks, typically rely on data transformation or anonymization mechanisms that inevitably alter the original process execution information. Although these approaches enhance data protection, applying them to case-level monitoring can compromise the accuracy of the results, as the noise they introduce on the input data may lead to the observation of non-existent process behavior. Therefore, the main research question driving this thesis is: "How can independent organizations monitor collaborative business processes using original execution data while ensuring that input records remain undisclosed during their aggregation and processing?" To answer this question, we explore two complementary process monitoring settings: offline and online process monitoring. Offline monitoring focuses on the ex-post analysis of completed process instances whose execution history is recorded in event logs. In this case, the research challenge is to guarantee data secrecy during the offline analysis of unaltered event logs. This leads to the first sub question: "How can the secrecy of sensitive data within original event logs be preserved while applying offline monitoring during the aggregation and processing in inter-organizational settings?" Online process monitoring involves ongoing process executions, where process event streams should be analyzed in real-time. Here, our challenge shifts toward preserving the data secrecy of the original process event streams while ensuring timely updates of the process state. This motivates the second sub question: "How can the secrecy of sensitive data within original process event streams be preserved while monitoring processes online during the aggregation and processing in inter-organizational settings?" Driven by the above motivation and research questions, this thesis reports on solutions leveraging confidential computing as a means to enable secrecy-preserving process monitoring in collaborative environments. Confidential computing extends traditional data protection mechanisms by safeguarding information not only when stored or transmitted, but also while being processed. Its enabling technology, tee, can handle hardware-encrypted areas of the main memory that guarantee data confidentiality and code integrity during the execution of trusted applications. We leverage this paradigm to embed in TEE monitoring algorithms that can directly process original, unaltered event data, thus avoiding issues deriving from ex-ante noise introduction. By ensuring that process data remains encrypted and inaccessible outside the tee, we unlock joint analyses for multiple organizations on shared processes without exposing their sensitive information. To this end, we introduce CONFINE and ProMTEE, namely, two confidential computing protocols providing data secrecy guarantees in online and offline monitoring settings, respectively. In the research work inherent to CONFINE, we tackle data secrecy issues in offline monitoring, thereby enabling independent organizations to merge and process their unaltered event logs through trusted applications running within TEEs. With ProMTEE, we shift our focus toward the secrecy-related challenges arising within online process monitoring. We theorize and implement a solution involving trusted applications, named Process Vaults, which shield the runtime state of a process within the isolation layer of TEEs.