The paper introduces SecureUML, a modeling language based on the Unified Modeling Language (UML) designed for the model-driven development of secure, distributed systems. The approach leverages role-based access control (RBAC) with additional support for specifying authorization constraints using the Object Constraint Language (OCL). This methodology aims to improve the integration of security into system design, enhancing productivity and the quality of secure distributed systems. By formulating security requirements at a high level of abstraction, SecureUML enables the development of security-aware applications and facilitates the generation of complete access control infrastructures. The language is extended to cover other security aspects like digital signatures in future research. The paper also highlights the advantages of using UML for secure system design, including its extensible syntax, precise semantics, and CASE tool support. A prototype generator for Enterprise JavaBeans (EJB) has been implemented to demonstrate the concept.The paper introduces SecureUML, a modeling language based on the Unified Modeling Language (UML) designed for the model-driven development of secure, distributed systems. The approach leverages role-based access control (RBAC) with additional support for specifying authorization constraints using the Object Constraint Language (OCL). This methodology aims to improve the integration of security into system design, enhancing productivity and the quality of secure distributed systems. By formulating security requirements at a high level of abstraction, SecureUML enables the development of security-aware applications and facilitates the generation of complete access control infrastructures. The language is extended to cover other security aspects like digital signatures in future research. The paper also highlights the advantages of using UML for secure system design, including its extensible syntax, precise semantics, and CASE tool support. A prototype generator for Enterprise JavaBeans (EJB) has been implemented to demonstrate the concept.