Modelling Security Requirements in Socio-Technical Systems with STS-Tool

Security Requirements Engineering (SRE) deals with the specification of security requirements for the system-to-be starting with the analysis of security issues as soon as in the early requirements phase. STS-ml is an actor- and goal-oriented requirements modelling language for Socio-Technical Systems (STSs), which represents the security needs the stakeholders express as constraints over the interactions between actors. In this paper, we present STS-Tool, the security requirements engineering tool that supports STS-ml. STS-Tool allows for modelling a socio-technical system at a high level of abstraction, expressing constraints (security needs) over the interactions between the actors in the STS, and deriving security requirements in terms of social commitments (promises with contractual validity). It offers multi-view modelling, allowing designers to focus on a different perspective at a time, while promoting modularity.