STS-Tool: Specifying and Reasoning over Socio-Technical Security Requirements

STS-Tool is the modelling and analysis support tool for STSml, our proposed actorand goal-oriented security requirements modelling language for Socio-Technical Systems (STSs). STS-Tool allows designers to model an STS through high-level primitives, to express security constraints over the interactions between the actors in the STS, as well as to derive security requirements once the modelling is completed. The tool features a set of automated reasoning techniques for (i) checking if a given STS-ml model is well-formed, and (ii) determining if the specification of security requirements is consistent, that is, there are no conflicts among security requirements. We have implemented these techniques using disjuntive datalog programs. 1 The Socio-Technical Security modelling language The Socio-Technical Security modelling language (STS-ml) [1] is an i* based security requirements modelling language. STS-ml includes high-level organisational primivites such as actor, goal, delegation, etc. A distinguishing feature of STS-ml is the ability to relate security requirements to interactions: actors’ security needs constrain the interactions they enter into with other actors. Security requirements are mapped to social commitments [3]—contracts among actors—that actors in the STS shall comply with at runtime. STS-ml modelling uses three complementary views, in which the analyst examines different types of interactions among actors. The formal semantics of STS-ml [2] defines the behavior of STS-ml concepts and relationships, allowing to perform: (i) well-formedness analysis to determine if the model complies with well-formedness rules that are set to preserve the semantics of the STS-ml primitives (e.g., decompositions are not cyclic), and (ii) security analysis, i.e., if there are potential conflicts of security requirements. 2 STS-Tool STS-Tool is the modelling and analysis support tool for STS-ml. It is an Eclipse Rich Client Platform application written in Java, it is distributed as a compressed archive for multiple platforms (Win 32/64, Mac OS X, Linux), and it is Proceedings of the 6th International i* Workshop (iStar 2013), CEUR Vol-978