Organizations increasingly share process models discovered from event logs to support transparency, benchmarking, and process improvement. These models often generalize observed behavior but may include execution frequencies or probabilities to enhance interpretability. While this practice is common, it raises an important question: can publishing such enriched models unintentionally reveal confidential information about the underlying processes? This paper presents the first empirical study of control-flow reconstruction attacks on business process models. We define reconstruction attacks as "play-out" strategies that attempt to regenerate process executions from process trees, potentially exploiting frequency annotations. Several reconstruction strategies are proposed, ranging from uniform random traversal to frequency-informed probabilistic approaches. Using real-world datasets, we evaluate how accurately these strategies can reproduce the original control-flow based on measures such as trace similarity, event dependencies, and statistical characteristics of the event log. Our findings reveal that frequency-annotated models of structured processes are particularly vulnerable, enabling partial or even full reconstruction of process behavior. The results highlight that publishing process models, even without event logs, may pose significant confidentiality risks.
Kirchmann et al. (Thu,) studied this question.
Synapse has enriched 5 closely related papers on similar clinical questions. Consider them for comparative context: