Modelling and reasoning about security requirements in socio-technical systems

摘要

Modern software systems operate within the context of larger socio-technical systems, wherein they interact—by exchanging data and outsourcing tasks—with other technical components, humans, and organisations. When interacting, these components (actors) operate autonomously; as such, they may disclose confidential information without being authorised, wreck the integrity of private data, rely on untrusted third parties, etc. Thus, the design of a secure software system shall begin with a thorough analysis of its socio-technical context, thereby considering not only technical attacks, but also social and organisational ones.In this paper, we propose the STS approach for modelling and reasoning about security requirements. In STS, security requirements are specified, via the STS-ml requirements modelling language, as contracts that constrain the interactions among the actors in the socio-technical system. The requirements models of STS-ml have a formal semantics which enables automated reasoning for detecting possible conflicts among security requirements as well as conflicts between security requirements and actors' business policies. We apply STS to a case study about e-Government, and report on promising scalability results of our implementation.