Abstract
System vulnerabilities are often caused by the presence
of conflicts within the organization where the system-to-be
will eventually operate. In particular, conflicts of interest
are very harmful since actors can exploit their positions/
roles relative to the system for gaining personal advantage.
Capturing and resolving such conflicts is a necessary
condition for developing secure information systems.
In this paper, we show how conflicts of interest can be
formally detected during requirements analysis. This allows
system designers to investigate the causes for which
conflicts may occur in an organization. Thereby, they can
better understand the organizational structure and so provide
appropriate countermeasures to resolve or at least mitigate
them.
Original language | English |
---|---|
Title of host publication | Proceedings 14th IEEE International Conference on Requirements Engineering (RE 2006), Minneapolis/St.Paul MN, USA, September 11-15, 2006) |
Publisher | IEEE Computer Society |
Pages | 308-311 |
ISBN (Print) | 0-7695-2555-5 |
DOIs | |
Publication status | Published - 2006 |