The vision, strategies, and goals of enterprises involve numerous security issues; these stem from legal and business concerns. In turn, these goals are realized by the enterprise, organized into business groups, departments, divisions, etc. For example, a financial organization, such as a bank, needs to provide a range of services to their customers including private banking, commercial banking, international banking, and investment services. These services are provided by sub-organizations in

more »

... the enterprise (i.e., the enterprise architecture); the sub-organizations are often partitioned along the business lines. For example, one sub-organization is responsible for private banking, another for commercial banking, etc. When providing financial services, there is a need to ensure that customer and account data are kept private, not corrupted, and safely backed up. Some of these needs may be realized in a collection of software applications. The problem of effectively designing secure software systems to meet an organization's needs is a critical part of their success. This paper focuses on the problem of how to bridge the gap between enterprise and software architectures for security using a set of UML based notations: the Business Modeling Extension for UML, standard UML use case diagrams, and the Formal Design Analysis Framework (FDAF). The Business Modeling Extension and standard UML are established approaches we adopt in this work. FDAF is an aspect-oriented approach that supports the design and analysis of nonfunctional properties for distributed, real-time systems at the software architecture level. An empirical study for an online banking system is used to illustrate the approach.