In recent years Cloud computing became one of the most successful computing paradigms. It changed the way we consume IT by unlocking novel uses of software and hardware resulting in a growing rate of outsourcing IT by hardware and software infrastructures.
However, as a recent study of the Ponemon Institute from 2011 shows, security is still a requirement neglected most of the time. This is also confirmed by a 2013 Cloud Security Alliance report, listing the top nine threats to Cloud computing, among them well-known threats like data breaches, account hijacking or insecure application interfaces. This variety of threats results from Cloud computing's openness and diversity of usage. Thus, security is a core requirement to Cloud services. Besides, assuring the security of a Cloud computing environment is not a onetime task, it is a task to be performed during the complete lifespan of the Cloud. This is motivated by the fact that Clouds undergo daily changes in terms of newly deployed applications and offered services. Tracking such changes at a central point is crucial for assuring security. This tracking of changes is essential for the involved parties, i.e. service providers and service consumers, to accurately test either their cloud infrastructure in case of service providers or their process integration in case of service consumers. Model-based approaches are particularly promising as they are capable of involving different technologies and a high degree of evolution. However, so far, this potential has not been unlocked. Additionally, at the time, due to unspecified negative security requirements of Cloud applications, properly evaluating its security is a precarious task.