System vulnerabilities are often caused by the presence of conflicts within the organization where the system-to-be will eventually operate. In particular, conflicts of interest are very harmful since actors can exploit their positions/ roles relative to the system for gaining personal advantage. Capturing and resolving such conflicts is a necessary condition for developing secure information systems. In this paper, we show how conflicts of interest can be formally detected during requirements analysis. This allows system designers to investigate the causes for which conflicts may occur in an organization. Thereby, they can better understand the organizational structure and so provide appropriate countermeasures to resolve or at least mitigate them.
|Title of host publication||Proceedings 14th IEEE International Conference on Requirements Engineering (RE 2006), Minneapolis/St.Paul MN, USA, September 11-15, 2006)|
|Publisher||IEEE Computer Society|
|Publication status||Published - 2006|