STS-Tool: Socio-Technical Security Requirements through Social Commitments

Security Requirements Engineering (SRE) deals with the elicitation and analysis of security needs to specify security requirements for the system-to-be. In previous work, we have presented STS-ml, a security requirements modelling language for Socio-Technical Systems (STSs) that elicits security needs, using a goal-oriented approach, and derives the security requirements specification based on these needs. Particularly, STS-ml relates security to the interaction among actors in the STS. In this paper, we present STS-Tool, the modelling and analysis support tool for STS-ml. STS-Tool allows designers to model a STS at a high-level of abstraction, while expressing security needs over the interactions between the actors in the STS, and derive security requirements in terms of social commitments promises with contractual validity once the modelling is done.