Model-driven engineering (MDE) promises to automate the cloud application management phases, including deployment and adaptive provisioning. However, most MDE approaches neglect the security aspect even if it is considered the number one factor for not migrating to the cloud. As such, this paper proposes a security meta-model that a cloud-based MDE approach can exploit to become security-aware. This meta-model captures both high- and low-level security requirements and capabilities to drive application deployment as well security-oriented scalability rules to guide application re-configuration. It is also coupled with OCL constraints enforcing the security domain semantics. A method for creating re-usable security elements facilitating rapid security model specification conforming to the meta-model is also proposed, to reduce the designer's modelling effort.
