System vulnerabilities are often caused by the presence of conflicts within the organization where the system-to-be will eventually operate. In particular, conflicts of interest are very harmful since actors can exploit their positions/roles relative to the system for gaining personal advantage. Capturing and resolving such conflicts is a necessary condition for developing secure information systems. In this paper, we show how conflicts of interest can be formally detected during requirements analysis. This allows system designers to investigate the causes for which conflicts may occur in an organization. Thereby, they can better understand the organizational structure and so provide appropriate countermeasures to resolve or at least mitigate them. © 2006 IEEE.
Detecting Conflicts of Interest
Giorgini, Paolo;Massacci, Fabio;Mylopoulos, Ioannis;Zannone, Nicola
2006-01-01
Abstract
System vulnerabilities are often caused by the presence of conflicts within the organization where the system-to-be will eventually operate. In particular, conflicts of interest are very harmful since actors can exploit their positions/roles relative to the system for gaining personal advantage. Capturing and resolving such conflicts is a necessary condition for developing secure information systems. In this paper, we show how conflicts of interest can be formally detected during requirements analysis. This allows system designers to investigate the causes for which conflicts may occur in an organization. Thereby, they can better understand the organizational structure and so provide appropriate countermeasures to resolve or at least mitigate them. © 2006 IEEE.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
