Abstract
We present the latest version of STS-Tool, the modelling and analysis support tool for STS-ml, an actor- and goal-oriented security requirements modelling language for socio-technical systems. We show how the STS-Tool supports requirements analysts and security designers in (i) modelling socio-technical systems as a set of interacting actors, who have security needs over their interactions, and (ii) deriving security requirements for the system-to-be. The tool integrates a set of automated reasoning techniques that allow checking if a given STS-ml model is well-formed, verifying whether there are any conflicts among security requirements, and calculating the threat trace of events threatening actors’ assets. We first illustrate the modelling and reasoning activities supported by STS-ml, to then guide the design of a secure socio-technical system from the eGovernment domain through a series of exercises.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Bertino, E., Jajodia, S., Samarati, P.: A flexible authorization mechanism for relational data management systems. ACM Transactions on Information Systems 17(2), 101–140 (1999)
Dalpiaz, F., Giorgini, P., Mylopoulos, J.: Adaptive Socio-Technical Systems: A Requirements-driven Approach. Requirements Engineering 18(1), 1–24 (2013)
Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Proceedings of STAST 2011, pp. 1–8 (2011)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: Proc. of RE 2005, pp. 167–176 (2005)
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: Proc. of RE 2003, pp. 151–161 (2003)
Mouratidis, H., Giorgini, P.: Secure Tropos: A security-oriented extension of the tropos methodology. IJSEKE 17(2), 285–309 (2007)
Paja, E., Dalpiaz, F., Giorgini, P.: Managing security requirements conflicts in socio-technical systems. In: Ng, W., Storey, V.C., Trujillo, J.C. (eds.) ER 2013. LNCS, vol. 8217, pp. 270–283. Springer, Heidelberg (2013)
Singh, M.P.: An ontology for commitments in multiagent systems: Toward a unification of normative concepts. Artificial Intelligence and Law 7(1), 97–113 (1999)
Whitman, M.E., Mattord, H.J.: Principles of Information Security, 4th edn. Course Technology Press (2011)
Yu, E.: Modelling strategic relationships for process reengineering. PhD thesis, University of Toronto, Canada (1996)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this chapter
Cite this chapter
Paja, E., Dalpiaz, F., Giorgini, P. (2014). STS-Tool: Security Requirements Engineering for Socio-Technical Systems. In: Heisel, M., Joosen, W., Lopez, J., Martinelli, F. (eds) Engineering Secure Future Internet Services and Systems. Lecture Notes in Computer Science, vol 8431. Springer, Cham. https://doi.org/10.1007/978-3-319-07452-8_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-07452-8_3
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07451-1
Online ISBN: 978-3-319-07452-8
eBook Packages: Computer ScienceComputer Science (R0)