SecureUML is a UML-based modeling language for model-driven development of secure, distributed systems. It is based on role-based access control (RBAC) with additional support for specifying authorization constraints. The language allows information related to access control to be specified in the overall design of an application, enabling automatic generation of complete access control infrastructures. SecureUML improves productivity in the development of secure systems and enhances the quality of the resulting systems. Security is a critical aspect in the development of large-scale distributed systems, but it is often neglected in software development processes. Security features are typically added ad-hoc or integrated later during system administration. This leads to low-level post-hoc integration, which negatively affects the quality of applications. SecureUML provides a methodology for modeling access control policies and integrating them into a model-driven software development process. It enables security requirements to be formulated and integrated into system designs at a high level of abstraction, allowing the development of security-aware applications. Model information can be used to detect and correct design errors or verify the correctness of the mapping between requirements and their realization in a design. Access control infrastructures can be generated from SecureUML models, preventing errors during the realization of access control policies and enabling technology-independent development of secure systems. SecureUML is part of ongoing research to develop a complete model-driven approach for secure e-commerce systems. While SecureUML currently focuses on access control, future research will extend the language to cover other security aspects, such as digital signatures. UML is a prerequisite for SecureUML, as it provides an extensible syntax, sufficiently precise semantics, and CASE tool support. SecureUML enables even developers without a strong security background to develop secure systems. It combines the simplicity of a graphical notation for RBAC with the power of logical constraints on models. Simple policies can be expressed using role-based permissions, while more complex requirements can be specified by adding authorization constraints. Authorization constraints are defined using the Object Constraint Language (OCL). As a proof of concept, a prototypical generator for the component architecture Enterprise JavaBeans (EJB) has been implemented.SecureUML is a UML-based modeling language for model-driven development of secure, distributed systems. It is based on role-based access control (RBAC) with additional support for specifying authorization constraints. The language allows information related to access control to be specified in the overall design of an application, enabling automatic generation of complete access control infrastructures. SecureUML improves productivity in the development of secure systems and enhances the quality of the resulting systems. Security is a critical aspect in the development of large-scale distributed systems, but it is often neglected in software development processes. Security features are typically added ad-hoc or integrated later during system administration. This leads to low-level post-hoc integration, which negatively affects the quality of applications. SecureUML provides a methodology for modeling access control policies and integrating them into a model-driven software development process. It enables security requirements to be formulated and integrated into system designs at a high level of abstraction, allowing the development of security-aware applications. Model information can be used to detect and correct design errors or verify the correctness of the mapping between requirements and their realization in a design. Access control infrastructures can be generated from SecureUML models, preventing errors during the realization of access control policies and enabling technology-independent development of secure systems. SecureUML is part of ongoing research to develop a complete model-driven approach for secure e-commerce systems. While SecureUML currently focuses on access control, future research will extend the language to cover other security aspects, such as digital signatures. UML is a prerequisite for SecureUML, as it provides an extensible syntax, sufficiently precise semantics, and CASE tool support. SecureUML enables even developers without a strong security background to develop secure systems. It combines the simplicity of a graphical notation for RBAC with the power of logical constraints on models. Simple policies can be expressed using role-based permissions, while more complex requirements can be specified by adding authorization constraints. Authorization constraints are defined using the Object Constraint Language (OCL). As a proof of concept, a prototypical generator for the component architecture Enterprise JavaBeans (EJB) has been implemented.