STS-tool: Security requirements engineering for socio-technical systems

Abstract

We present the latest version of STS-Tool, the modelling and analysis support tool for STS-ml, an actor- and goal-oriented security requirements modelling language for socio-technical systems.We show how the STS-Tool supports requirements analysts and security designers in (i) modelling socio-technical systems as a set of interacting actors, who have security needs over their interactions, and (ii) deriving security requirements for the system-to-be. The tool integrates a set of automated reasoning techniques that allow checking if a given STS-ml model is well-formed, verifying whether there are any conflicts among security requirements, and calculating the threat trace of events threatening actors’ assets. We first illustrate the modelling and reasoning activities supported by STS-ml, to then guide the design of a secure socio-technical system from the eGovernment domain through a series of exercises.