Security is an integral part of most distributed modern software systems, but is still not considered as an explicit part in the development process. Security mechanisms and policies are generally added to existing systems as an afterthought, with all the problems of unsatisfied security requirements, integration difficulties and mismatches between running system and the design models. We propose to integrate the design of application-oriented access control policies early into the system’s development process. The standard language for modeling the design of systems the Unified Modeling Language (UML), is used to specify access control policies. Within the integration we will develop extensions of the UML model support the automatic generation and verification of a access control policy to configure a distributed component- based for view-based access control.
