Abstract
This paper describes how to model complex applications by modeling application requirements and designs separately from security requirements and designs using the UML notation. By careful separation of concerns, the security requirements are captured in security use cases and encapsulated in security objects separately from the application requirements and objects. The approach reduces system complexity caused by mixing security requirements with business application requirements with the goal of making complex systems more maintainable. Furthermore, the security use cases and objects can be reused by other software applications.