There has been a growing interest in investigating methodologies to support the development of secure systems in the software engineering research community. Recently, much attention has been focused on the modelling and analysis of security properties for systems at the software architecture design level. The potential benefits of this architecture level work are substantial: security flaws can be detected and removed earlier in the software development life-cycle. This reduces development time, reduces development cost, and improves the quality of the resulting system. As a result of this attention, a wide variety of approaches have been proposed in the literature. At this point, a survey for researchers involved in the problem of systematically modelling and analyzing software architecture design that have security properties would be of value to the community. This paper presents such a survey; it includes a discussion of semi-formal, formal, integrated semi-formal and formal, and aspect-oriented approaches. Comparison criteria are defined including: the kinds of notations used to model the security properties (e.g., Petri nets, temporal logic, etc.), whether the approach supports the manual or automated analysis of security properties, the specific security property modelled (e.g., authentication, role-based access control, etc.), and the kind of example system that has been used to illustrate the approach (information, distributed, etc.).