Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9)

F. Massacci, N. Zannone

Research output: Chapter in Book/Report/Conference proceedingChapterAcademic

2 Downloads (Pure)

Abstract

The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the policies and security mechanisms they support. In contrast, attackers bypass such security measures by exploiting weaknesses of the socio-technical system as a whole. Many weaknesses are due to the presence of conflicts in functional and security requirements at organizational level. In this paper we show how the Secure Tropos requirements engineering methodology can be used to model such conflicts in a concrete case study: the fraud at Allied Irish Bank. In particular, the paper analyzes the vulnerabilities affecting the organization and information system of Allied Irish Bank and its subsidiary First Maryland Bancorp, that were exploited by a currency trader in order to fraudulently cover $700 million losses.
Original languageEnglish
Title of host publicationSocial Modeling for Requirements Engineering
EditorsP. Giorgini, N. Maiden, J. Mylopoulos, E. Yu
Place of PublicationCambridge MA
PublisherMIT Press
Pages337-362
ISBN (Print)978-0-262-24055-0
Publication statusPublished - 2011

Fingerprint Dive into the research topics of 'Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9)'. Together they form a unique fingerprint.

  • Cite this

    Massacci, F., & Zannone, N. (2011). Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9). In P. Giorgini, N. Maiden, J. Mylopoulos, & E. Yu (Eds.), Social Modeling for Requirements Engineering (pp. 337-362). Cambridge MA: MIT Press.