Modeling Security Requirements for Cloud-based System Development