Security against the business partner
Proceedings of the 2008 ACM workshop on Secure web services
| Hi-index | 0.00 |
Benchmarking is the process of comparing one's own performance to the statistics of a group of competitors, named peer group. It is a common and important process in the business world for many important business metrics, called key performance indicators (KPI). Privacy is of the utmost importance, since these KPIs allow the inference of sensitive information. Therefore several secure multi- party computation (SMC) protocols for securely and pri- vately computing statistics of KPIs have recently been de- veloped. These protocols are the basic building block for a privacy-preserving benchmarking system, but in order to complete an enterprise system that offers a benchmarking service to its customers more problems need to be solved. This paper addresses two remaining problems: peer group formation and protocol orchestration. We first analyze how peer group participation impacts privacy and vice-versa. Given current network perfor- mance limitations we conclude that in order for KPIs to re- main private one subscriber can participate in at most one peer group. Peer group formation is the process of forming sensible peer groups out of the set of subscribers. A sensible peer group is one that is useful for benchmarking, i.e. a group of similar companies, under the constraint that one subscriber can participate in at most one peer group. We characterize subscribers by a set of discrete criteria and therefore view the automatic peer group formation as a data clustering problem. A data clustering algorithm customized for au- tomatic peer group formation is required to build clusters whose size does not fall below a minimum threshold. We present a high-performance modification of k-means clus- tering that takes the minimum cluster size as an additional parameter which might be of independent interest. In a sim- ulation we evaluate its practical applicability to automatic peer group formation. Our final approach is the first au- tomatic peer group formation algorithm for an enterprise benchmarking system. Polling-based protocol orchestration allows the sub- scribers to remain passive clients, i.e. require no inbound connection, e.g. through a company firewall. We show through simulation that such a polling-based orchestration can be expected to complete within one polling interval.