Currently, the securing of SOA-based applications is still a challenge. Although some related techniques have been proposed and presented in academia and industry, it is still difficult to check SOA quality in security aspect from an architecture view. In this thesis project, a method for security analysis in SOA is introduced and investigated. The method intends to be used for analyzing security of SOA-based systems on architecture level. To demonstrate the method, a prototype supporting the method is introduced and implemented. And the method and prototype are also evaluated respectively...