Attack representation models (ARMs), such as an Attack Graph and Attack Tree, are widely used for security modeling and analysis. However, they suffer from a scalability problem if the size of a networked system becomes too large. Previous work focused on model simplifications (also known as pruning), but it may lose security information. To cope with the scalability problem without losing any security information, we propose to use a partition and merge approach (PMA) in an Infrastructure as a Service (IaaS) Cloud. The ARM is simplified into many sub-ARMs in the partition process, and the results obtained from them are combined in the merge process. We conduct a performance analysis using the PMA and we compare it against an exhaustive search method.