Security is a requisite and vital concern that should be addressed in e-commerce systems. Traditionally, to add security properties to the application, developers had to specify when, where and how to apply what security policies manually. Such a process is often complicate and error-prone. This paper describes an aspect oriented approach to separating security and application concerns at the architecture level. In the approach, security and application concerns are specified in security aspect models and a base model separately. By specifying the crosscutting relationship between them, the two kinds of models are combined together through weaving. The weaving is based on process algebras and is automatic. Separating security aspects at the early stage of software development can promote maintainability and traceability of the system.