A security requirements modelling language for cloud computing environments

Haralambos Mouratidis, Shaun Shei, Aidan Delaney

    Research output: Contribution to journalArticlepeer-review


    This paper presents a novel security modelling language and a set of original analysis techniques, for capturing and analysing security requirements for cloud computing environments. The novelty of the language lies in the integration of concepts from cloud computing, with concepts from security and goal-oriented requirements engineering to elicit, model and analyse security requirements for cloud infrastructures. We then propose three analysis techniques, which support an automated process where given a model of a cloud computing system, developed with the proposed language, will enhance the model with new security knowledge, for example threats and vulnerabilities, mitigation strategies and assets and actor responsibilities. This is, to the best of our knowledge, the first attempt in the literature to develop a language for cloud computing security modelling and analysis, based on such integration, and support it with a set of automated techniques that enhanced the stakeholder-created models with security knowledge. The proposed modelling language and techniques are illustrated through walking examples and a case study based on our work in the VisiOn European project.

    Original languageEnglish
    Pages (from-to)1-25
    JournalSoftware and Systems Modeling
    Publication statusPublished - 25 Sept 2019

    Bibliographical note

    This is a post-peer-review, pre-copyedit version of an article published in Software and Systems Modeling. The final authenticated version is available online at: http://dx.doi.org/0.1007/s10270-019-00747-8


    • Cloud computing security
    • Cloud threat analysis
    • Secure Tropos
    • Security modelling language


    Dive into the research topics of 'A security requirements modelling language for cloud computing environments'. Together they form a unique fingerprint.

    Cite this