A Security Requirements Modelling Language to Secure Cloud Computing Environments

  • Shaun SheiEmail author
  • Haralambos Mouratidis
  • Aidan Delaney
Conference paper
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 287)


This paper presents a cloud-enhanced modelling language for capturing and describing cloud computing environments, enabling developers to model and reason about security issues in cloud systems from a security requirements engineering perspective. Our work builds upon concepts from the Secure Tropos methodology, where in this paper we introduce novel cloud computing concepts, relationships and properties in order to carry out analysis and produce cloud security requirements. We illustrate our concepts through a case study of a cloud-based career office system from the University of the Aegean. Finally we discuss how our cloud modelling language enriches cloud models with security concepts, guiding developers of cloud systems in understanding cloud vulnerabilities and mitigation strategies through semi-automated security analysis.


Cloud modelling language Meta-model Cloud security requirements Security requirements engineering 


  1. 1.
    Mell, P., Grance, T.: The NIST definition of cloud computing (2011)Google Scholar
  2. 2.
    Almorsy, M., Grundy, J., Mller, I.: An analysis of the cloud computing security problem. In: Proceedings of APSEC 2010 Cloud Workshop, November 2010Google Scholar
  3. 3.
    Li, Y., Cuppens-Boulahia, N., Crom, J.-M., Cuppens, F., Frey, V.: Expression and enforcement of security policy for virtual resource allocation in IaaS cloud. In: Hoepman, J.-H., Katzenbeisser, S. (eds.) SEC 2016. IAICT, vol. 471, pp. 105–118. Springer, Cham (2016). doi: 10.1007/978-3-319-33630-5_8 CrossRefGoogle Scholar
  4. 4.
    Ristenpart, T., Tromer, E., Shacham, H., Savage, S.: Exploring information leakage in third-party compute clouds. In: Proceeding of 16th ACM Conference on Computer and Communications Security, pp. 199–212. ACM (2009)Google Scholar
  5. 5.
    Shei, S., Kalloniatis, C., Mouratidis, H., Delaney, A.: Modelling secure cloud computing systems from a security requirements perspective. In: Katsikas, S., Lambrinoudakis, C., Furnell, S. (eds.) TrustBus 2016. LNCS, vol. 9830, pp. 48–62. Springer, Cham (2016). doi: 10.1007/978-3-319-44341-6_4 CrossRefGoogle Scholar
  6. 6.
    Mouratidis, H., Giorgini, P.: Secure Tropos: a security-oriented extension of the tropos methodology. Int. J. Software Eng. Knowl. Eng. 17(02), 285–309 (2007)CrossRefGoogle Scholar
  7. 7.
    Kissel, R., Stine, K., Scholl, M., Rossman, H., Fahlsing, J., Gulick, J.: Security considerations in the system development lifecycle (NIST 800–64 rev. 2) (2008)Google Scholar
  8. 8.
    Argyropoulos, N., Shei, S., Kalloniatis, C., Mouratidis, H., et al.: A semi-automatic approach for eliciting cloud security and privacy requirements. In: Proceeding of 50th Hawaii International Conference on System Sciences (2017)Google Scholar
  9. 9.
    Modi, C., Patel, D., Borisaniya, B., Patel, A., Rajarajan, M.: A survey on security issues and solutions at different layers of Cloud computing. J. Supercomputing 63(2), 561–592 (2013)CrossRefGoogle Scholar
  10. 10.
    Yu, E.S.: Social modeling and i\(^*\). In: Borgida, A.T., Chaudhri, V.K., Giorgini, P., Yu, E.S. (eds.) Conceptual Modeling: Foundations and Applications. LNCS, vol. 5600, pp. 99–121. Springer, Heidelberg (2009). doi: 10.1007/978-3-642-02463-4_7 CrossRefGoogle Scholar
  11. 11.
    Beckers, K., Côté, I., Fabender, S., Heisel, M., Hofbauer, S.: A pattern-based method for establishing a cloud-specific information security management system. Requirements Eng. 18(4), 343–395 (2013)CrossRefGoogle Scholar
  12. 12.
    Li, T., Horkoff, J., Beckers, K., Paja, E., Mylopoulos, J.: A holistic approach to security attack modeling and analysis. In: Proceeding of the Eighth International i* Workshop (2015)Google Scholar
  13. 13.
    Iankoulova, I., Daneva, M.: Cloud computing security requirements: a systematic review. In: Sixth International Conference on Research Challenges in Information Science (RCIS), pp. 1–7. IEEE (2012)Google Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Shaun Shei
    • 1
    Email author
  • Haralambos Mouratidis
    • 1
  • Aidan Delaney
    • 1
  1. 1.School of Computing, Engineering and Mathematics, Secure and Dependable Software Systems (SenSe) Research ClusterUniversity of BrightonBrightonUK

Personalised recommendations