Abstract The problem of effectively designing and analyzing software to realize non-functional requirements is an important research topic. The significant benefits of such work include detecting and removing defects earlier, reducing development time and cost while improving the system’s quality. The Formal Design Analysis Framework (FDAF) is an aspect-oriented approach that supports the design and analysis of multiple non-functional properties for distributed, real-time systems. In this paper, a security attribute, data origin authentication, is defined as a reusable aspect based on its security pattern definition. The FDAF provides a UML extension to weave the security aspect into a UML architecture design. This is accomplished by abstracting Aspect-Oriented Programming concepts join point and advice up to the design level. The FDAF supports the automated translation of a UML architecture design into Rapide [D.C. Luckham, J.J. Kenney, L.M. Augustin, J. Vera, D. Bryan, W. Mann, Specification and analysis of system architecture using Rapide, IEEE Transactions on Software Engineering 21 (4) (1995) 336–354], a formal architecture description language, allowing the simulation of a system’s response time. Thus, the response time of a design with and without the security aspect can be respectively analyzed, and the performance cost of this aspect can be predicted. One of the translation algorithms, which have been implemented in the FDAF tool support, and its proof are presented. The FDAF approach is illustrated using a Domain Name System example.