Modelling and Reasoning about Security Requirements in Socio-Technical Systems

Elda Paja, Fabiano Dalpiaz, Paolo Giorgini

    Research output: Contribution to journalArticleAcademicpeer-review

    Abstract

    Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on untrusted third parties, etc. Thus, the design of a secure software system shall begin with a thorough analysis of its socio-technical context, thereby considering not only technical attacks, but also social and organisational ones.

    In this paper, we propose the STS approach for modelling and reasoning about security requirements. In STS, security requirements are specified, via the STS-ml requirements modelling language, as contracts that constrain the interactions among the actors in the socio-technical system. The requirements models of STS-ml have a formal semantics which enables automated reasoning for detecting possible conflicts among security requirements as well as conflicts between security requirements and actors' business policies. We apply STS to a case study about e-Government, and report on promising scalability results of our implementation.
    Original languageEnglish
    Pages (from-to)123-143
    Number of pages21
    JournalData and Knowledge Engineering
    Volume98
    DOIs
    Publication statusPublished - 2015

    Fingerprint

    Dive into the research topics of 'Modelling and Reasoning about Security Requirements in Socio-Technical Systems'. Together they form a unique fingerprint.

    Cite this