Safeguarding confidentiality through usage control over the process mining lifecycle

Data represents a key resource for modern organizations, but its protection has become increasingly challenging. During collection, storage, processing, and dissemi nation, information is repeatedly exposed to potential breaches of confidentiality and misuse. Traditional security mechanisms, mainly focused on access control, prove insufficient once data is legitimately accessed, as they no longer regulate how information is subsequently used. This limitation becomes particularly critical in collaborative and data-driven contexts, where analytics and optimization tasks are increasingly outsourced to third parties. Although such collaborations foster inno vation and efficiency, they also introduce a significant trust gap, since data owners lose visibility and control over how their information is processed and reused beyond their domain. This tension is especially evident in process mining, a discipline that extracts insights from event data to analyze and optimize business processes. While process mining provides visibility into operational performance, the event logs on which it relies often contain highly sensitive or personal information. Conventional techniques such as anonymization, pseudonymization, and encryption only partially mitigate disclosure risks and often compromise data fidelity. Ensuring end-to-end protection therefore requires an approach that extends confidentiality, integrity, and accountability across the entire data lifecycle, from input to output. This vision aligns privacy regulations such as the General Data Protection Regulation (GDPR), which emphasize continuous control, traceability, and responsible data usage. This thesis investigates how Confidential Computing can be leveraged to enable end-to-end data protection and governance in the context of process analysis.