This paper presents a novel security modelling language and a set of original analysis techniques, for capturing and analysing security requirements for cloud computing environments. The novelty of the language lies in the integration of concepts from cloud computing, with concepts from security and goal-oriented requirements engineering to elicit, model and analyse security requirements for cloud infrastructures. We then propose three analysis techniques, which support an automated process where given a model of a cloud computing system, developed with the proposed language, will enhance the model with new security knowledge, for example threats and vulnerabilities, mitigation strategies and assets and actor responsibilities. This is, to the best of our knowledge, the first attempt in the literature to develop a language for cloud computing security modelling and analysis, based on such integration, and support it with a set of automated techniques that enhanced the stakeholder-created models with security knowledge. The proposed modelling language and techniques are illustrated through walking examples and a case study based on our work in the VisiOn European project.

中文翻译：

---

云计算环境的安全需求建模语言

本文提出了一种新颖的安全建模语言和一套原始的分析技术，用于捕获和分析云计算环境的安全要求。该语言的新颖之处在于将云计算中的概念与安全性和面向目标的需求工程中的概念集成在一起，以针对云基础架构得出，建模和分析安全性需求。然后，我们提出了三种分析技术，这些技术可支持自动化流程，在给定的情况下，使用给定的语言开发的云计算系统模型将以新的安全知识（例如威胁和漏洞，缓解策略以及资产和参与者责任）增强该模型。 。据我们所知，文献中的首次尝试是基于这种集成来开发用于云计算安全建模和分析的语言，并通过一套自动化技术为其提供支持，这些技术利用安全知识增强了由利益相关者创建的模型。通过示例和基于我们在VisiOn Europe项目中的工作的案例研究，说明了建议的建模语言和技术。