Detecting conflicts between functional and security requirements with Secure Tropos: John Rusnak and the Allied Irish Bank (Chapter 9)

The last years have seen a growing concern on the security of information systems and, consequently, a call to arms for including security aspects during the entire development process. Unfortunately, most proposals treat security in system-oriented terms and model information systems through the policies and security mechanisms they support. In contrast, attackers bypass such security measures by exploiting weaknesses of the socio-technical system as a whole. Many weaknesses are due to the presence of conflicts in functional and security requirements at organizational level. In this paper we show how the Secure Tropos requirements engineering methodology can be used to model such conflicts in a concrete case study: the fraud at Allied Irish Bank. In particular, the paper analyzes the vulnerabilities affecting the organization and information system of Allied Irish Bank and its subsidiary First Maryland Bancorp, that were exploited by a currency trader in order to fraudulently cover $700 million losses.