Establish the model of security-critical distributed applications. Identify two strategies to improve the system security. Propose a security metric to quantify security quality of distributed applications. Design a GA based heuristic to address the design and optimization problem. Evaluate the proposed algorithm by extensive experiments and a real-life application.