Security Requirements Engineering with STS-Tool

  • Elda Paja
  • Mauro Poggianella
  • Fabiano Dalpiaz
  • Pierluigi Roberti
  • Paolo Giorgini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8900)


In this chapter, we present STS-Tool, the modelling and analysis support tool for STS-ml, an actor- and goal-oriented security requirements modelling language for socio-technical systems. STS-Tool is a standalone application written in Java and based on the Eclipse RCP Framework. It supports modelling a socio-technical system in terms of high-level primitives such as actor, goal delegation, and document exchange; to express security constraints over the interactions between the actors; and to derive security requirements once the modelling is done. It also supports analysing the created STS-ml models in terms of (i) well-formedness, (ii) violation of security requirements, and (iii) threats impact over actors’ assets. We also present the architecture of STS-Tool together with its main features and provide technical details of the modelling and analysis capabilities.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dalpiaz, F., Paja, E., Giorgini, P.: Security requirements engineering via commitments. In: Proceedings of STAST 2011, pp. 1–8 (2011)Google Scholar
  2. 2.
    The Eclipse Foundation. Eclipse modeling framework project (emf). Lastchecked (March 2014)Google Scholar
  3. 3.
    The Eclipse Foundation. Gef (mvc). Lastchecked (March 2014)Google Scholar
  4. 4.
    Northover, S., Wilson, M.: Swt: the standard widget toolkit, vol. 1. Addison-Wesley Professional (2004)Google Scholar
  5. 5.
    Paja, E., Dalpiaz, F., Giorgini, P.: Managing security requirements conflicts in socio-technical systems. In: Proceedings of ER (2013) (to appear)Google Scholar
  6. 6.
    Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P., Giorgini, P.: STS-Tool: socio-technical security requirements through social commitments. In: Proceedings of RE 2012, pp. 331–332 (2012)Google Scholar
  7. 7.
    Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P., Giorgini, P.: STS-Tool: Using commitments to specify socio-technical security requirements. In: Proceedings of ER 2012 Workshops, pp. 396–399 (2012)Google Scholar
  8. 8.
    Paja, E., Dalpiaz, F., Poggianella, M., Roberti, P., Giorgini, P.: Specifying and reasoning over socio-technical security requirements with sts-tool. In: Proceedings of the 32nd International Conference on Conceptual Modeling, ER Workshops, pp. 504–507 (2013)Google Scholar
  9. 9.
    Singh, M.P.: An ontology for commitments in multiagent systems: Toward a unification of normative concepts. Artificial Intelligence and Law 7(1), 97–113 (1999)CrossRefGoogle Scholar
  10. 10.
    Trösterer, S., Beck, E., Dalpiaz, F., Paja, E., Giorgini, P., Tscheligi, M.: Formative user-centered evaluation of security modeling: Results from a case study. International Journal of Secure Software Engineering 3(1), 1–19 (2012)CrossRefGoogle Scholar
  11. 11.
    Vogel, L.: Building eclipse rcp applications based on eclipse 4 (2013), Revision history: Revision 0.1 - 6.9 February 14, 2009-July 4, 2013Google Scholar
  12. 12.
    Vogel, L.: Eclipse jface tree - tutorial (2013) Revision history: Revision 0.1-0.1-3.3 August 22, 2010-October 15, 2013Google Scholar
  13. 13.
    Xenos, S.: Inside the workbench a guide to the workbench internals (October 2005) (Lastchecked: March, 2014)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Elda Paja
    • 1
  • Mauro Poggianella
    • 1
  • Fabiano Dalpiaz
    • 2
  • Pierluigi Roberti
    • 1
  • Paolo Giorgini
    • 1
  1. 1.Department of Information Engineering and Computer ScienceUniversity of TrentoPovoItaly
  2. 2.Department of Information and Computing SciencesUtrecht UniversityUtrechtThe Netherlands

Personalised recommendations